Loading ...

Analysis Report https://docs.google.com/forms?usp=mail_form_link

Overview

General Information

Joe Sandbox Version:25.0.0 Tiger's Eye
Analysis ID:109762
Start date:11.02.2019
Start time:17:23:21
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 43s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://docs.google.com/forms?usp=mail_form_link
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean1.win@3/135@9/3
Cookbook Comments:
  • Adjust boot time
  • Browsing link: https://support.google.com/accounts?p=signin_privatebrowsing&hl=de
  • Browsing link: https://support.google.com/accounts?hl=de
  • Browsing link: https://accounts.google.com/tos?loc=ch&hl=de&privacy=true
  • Browsing link: https://accounts.google.com/tos?loc=ch&hl=de
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, RuntimeBroker.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe, svchost.exe
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold10 - 100Report FP / FNfalseclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold40 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Service DiscoveryApplication Deployment SoftwareData from Local SystemData Encrypted1Standard Non-Application Layer Protocol2
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol2

Signature Overview

Click to jump to signature section


Phishing:

barindex
Found iframesShow sources
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dmail_form_link&followup=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dmail_form_link&ltmpl=forms&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=460129170&timestamp=1549934658275
Unusual large HTML pageShow sources
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dmail_form_link&followup=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dmail_form_link&ltmpl=forms&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Total size: 1173339
META author tag missingShow sources
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dmail_form_link&followup=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dmail_form_link&ltmpl=forms&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="author".. found
META copyright tag missingShow sources
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dmail_form_link&followup=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dmail_form_link&ltmpl=forms&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="copyright".. found

Networking:

barindex
Found strings which match to known social media urlsShow sources
Source: BH0hS5mrtcY[1].htm.2.drString found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=BH0hS5mrtcY"> equals www.youtube.com (Youtube)
Source: P31DFowd2Lw[1].htm.2.drString found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=P31DFowd2Lw"> equals www.youtube.com (Youtube)
Source: TgeYH-tayyU[1].htm.2.drString found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=TgeYH-tayyU"> equals www.youtube.com (Youtube)
Source: VNxLua4c7FY[1].htm.2.drString found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=VNxLua4c7FY"> equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: "</h2><p>",Z1=""+BZ(_.I({name:_.M("affiliates")},{style:g}),K),$1=(0,_.P)(Z1),a2="Diese Datenschutzerkl\u00e4rung gilt f\u00fcr alle Dienste, die von Google LLC und seinen "+("<a "+_.R($1)+">verbundenen Unternehmen</a> angeboten werden, einschlie\u00dflich YouTube, Android und Dienste, die auf Websites Dritter bereitgestellt werden, wie Werbedienste. Diese Datenschutzerkl\u00e4rung gilt nicht f\u00fcr Dienste, f\u00fcr die gesonderte Datenschutzrichtlinien gelten und die die vorliegende Datenschutzerkl\u00e4rung nicht beinhalten."); equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: "</p><ul><li>"+(0,_.F)("Personalisierte Suche:")+" ",RC='href="'+_.Q(_.T(_.TW({url:(0,_.O)("https://www.google.com/history/optout?utm_source=pp")},K)))+'" '+CZ(),SC=(0,_.P)(RC),TC="<a "+_.R(SC)+">Hier k\u00f6nnen Sie ausw\u00e4hlen</a>, ob Ihnen anhand Ihrer Suchaktivit\u00e4ten relevantere Ergebnisse und Empfehlungen bereitgestellt werden sollen.";var UC=(0,_.F)(TC);var VC=QC+UC+"</li><li>"+(0,_.F)("YouTube-Einstellungen:")+" ",WC='href="'+_.Q(_.T(_.TW({url:(0,_.O)("https://www.youtube.com/feed/history/search_history?utm_source=pp")}, equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: "L99kA9f72A4";break;case "it":sd+="fQaiDJhICa4";break;case "de":sd+="P31DFowd2Lw";break;case "ko":sd+="nTN9HQgnlh8";break;case "nl":sd+="1LMk791j64M";break;case "ja":sd+="cVX10SMzNaM";break;default:sd+="ggoJFaE71W8"}var Yn=pg+=JZ({id:_.M(sd),style:g},K),Zn="<p>"+(0,_.F)("Wir entwickeln eine Vielzahl von Diensten, die Millionen von Menschen Tag f\u00fcr Tag helfen, die Welt ganz neu zu entdecken und mit ihr zu interagieren. Zu unseren Diensten z\u00e4hlen:")+"</p><ul><li>"+(0,_.F)("Google-Apps, -Websites und -Ger\u00e4te, wie die Google-Suche, YouTube und Google Home")+ equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.drString found in binary or memory: $k.prototype.show=function(a){this.H.appendChild(a);this.o.style.top=window.pageYOffset+(window.innerHeight-this.o.offsetHeight)/2+"px";E(this.R,"lb-show",!0);E(this.o,"lb-show",!0)};$k.prototype.Pa=function(){E(this.o,"lb-show",!1);E(this.R,"lb-show",!1);this.H.textContent=""};window.sc_initLightbox=function(){var a=new $k;window.sc_showLightbox=a.show.bind(a)};</script> <script nonce="7ViYeUkI+IMyXGrr7Gcy">window['sc_initLightbox']();</script> <script data-id="video" nonce="7ViYeUkI+IMyXGrr7Gcy">var tr=Jb(zb(new wb(xb,"//www.youtube.com/player_api"))),ur=[],vr=!1;function wr(){if(!vr){window.onYouTubeIframeAPIReady=xr;var a=Ae("SCRIPT");Cc(a,tr);document.head.appendChild(a);vr=!0}} equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: ("<a "+_.R(Ph)+">"+("von personalisierten Suchergebnissen</a>. Beispielsweise erhalten Sie im "+("<a "+_.R(eq)+">Sicherheitscheck</a> Sicherheitstipps, die auf Ihre pers\u00f6nliche Nutzung von Google-Produkten zugeschnitten sind. Google Play nutzt Daten, etwa \u00fcber Apps, die Sie installiert haben, und Videos, die Sie sich auf YouTube angesehen haben, um neue Apps zu empfehlen, die Ihnen gefallen k\u00f6nnten.")));var gq=(0,_.F)(fq);var hq=bq+gq+"</p><p>",iq=""+BZ(_.I({name:_.M("personalized-ads")}, equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: ("<a "+_.R(sD)+">Standorteinstellungen anpassen</a>.");var uD=(0,_.F)(tD);Jq=zC+(qD+uD+"</li></ul>");var vD=be+=_.bZ({content:(0,_.N)(Jq)}),qv=""+_.VV({id:_.M("infosharing")})+HZ({name:"fa9e0e90d1e7ec399dad9f3257a9bb63",first:!0,style:g},K)+"<h1>"+_.G(_.pZ())+"</h1><h2>"+(0,_.F)("Datenweitergabe durch Sie")+"</h2><p>"+(0,_.F)("In vielen unserer Dienste k\u00f6nnen Sie Daten mit anderen Personen teilen. Sie bestimmen in diesem Fall, wie dabei vorgegangen werden soll. Beispielsweise k\u00f6nnen Sie entscheiden, welche Ihrer Videos auf YouTube \u00f6ffentlich geteilt werden und welche vertraulich bleiben sollen. Bedenken Sie, dass, wenn Sie Daten \u00f6ffentlich teilen, Suchmaschinen, einschlie\u00dflich der Google-Suche, m\u00f6glicherweise auf diese Daten zugreifen k\u00f6nnen.")+ equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: (0,_.P)(Fq),Hq=""+BZ(_.I({name:_.M("other-sites")},zg),K),Iq=(0,_.P)(Hq),xC="Unter Umst\u00e4nden werden die durch uns erhobenen Daten zu den oben beschriebenen Zwecken "+("<a "+_.R(Gq)+">"+("dienst- und ger\u00e4te\u00fcbergreifend kombiniert</a>. Wenn Sie sich beispielsweise Videos von Gitarrenspielern auf YouTube ansehen, kann eine Werbeanzeige f\u00fcr Gitarrenunterricht auf einer Website geschaltet werden, auf der unsere Anzeigenprodukte verwendet werden. Je nach Ihren Kontoeinstellungen k\u00f6nnten "+ equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: (_.J(K.Gb,"es-419")?"intl/es-419/":"")+'legal/privacy.html">Fiber</a>')+"</li><li>"+(0,_.F)('<a href="https://fi.google.com/about/tos/#project-fi-privacy-notice">Google Fi</a>')+"</li><li>"+(0,_.F)('<a href="https://www.google.com/work/apps/terms/education_privacy.html">G Suite for Education</a>')+"</li><li>"+(0,_.F)('<a href="https://kids.youtube.com/privacynotice">YouTube Kids</a>')+"</li><li>"+(0,_.F)('<a href="https://families.google.com/familylink/privacy/child-policy/">Mit Family Link verwaltete Google-Konten f\u00fcr Kinder unter 13 Jahren (in einigen L\u00e4ndern gilt ein anderes Mindestalter f\u00fcr Google-Konten)</a>')+ equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: (g.vn(b,"www.youtube.com"),c=b.toString()):c=UJ(c);b=new g.YJ(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: www-embed-player[1].js.2.drString found in binary or memory: ;function Ci(a){if("1"!==cb(me(),"args","privembed")){a&&ne();try{Bi().then(function(a){a=qe(a);a.bsq=Di++;Re("//www.youtube.com/ad_data_204",{va:!1,B:a,withCredentials:!0})},function(){}),T(Ci,18E5)}catch(b){R(b)}}} equals www.youtube.com (Youtube)
Source: ServiceLogin[1].htm.2.drString found in binary or memory: </content></div></div><div class="CeEBt Ce1Y1c eU809d" role="presentation"><div class="TquXA"></div></div></div><div class="OA0qNb ncFHed" jsaction="click:dPTK6c(wQNmvb); mousedown:uYU8jb(wQNmvb); mouseup:LVEdXd(wQNmvb); mouseover:nfXz1e(wQNmvb); touchstart:Rh2fre(wQNmvb); touchmove:hvFWtf(wQNmvb); touchend:MkF9r(wQNmvb|preventMouseEvents=true)" role="presentation" jsname="V68bde" style="display:none;"></div></div></div><ul class="Bgzgmd"><li><a href="https://support.google.com/accounts?hl=de" target="_blank">Hilfe</a><li><a href="https://accounts.google.com/TOS?loc=CH&amp;hl=de&amp;privacy=true" target="_blank">Datenschutz</a><li><a href="https://accounts.google.com/TOS?loc=CH&amp;hl=de" target="_blank">Nutzungsbedingungen</a></ul></footer></div><div class="VmOpGe" aria-hidden="true"></div></div><div data-check-connection="%.@.null,null,&quot;youtube&quot;,[[&quot;https://accounts.youtube.com/accounts/CheckConnection?pmpo\u003dhttps%3A%2F%2Faccounts.google.com\u0026v\u003d460129170&quot;,&quot;youtube&quot;]
Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbe34e5ff,0x01d4c271</date><accdate>0xbe34e5ff,0x01d4c271</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbe34e5ff,0x01d4c271</date><accdate>0xbe34e5ff,0x01d4c271</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbe7c7f96,0x01d4c271</date><accdate>0xbe7c7f96,0x01d4c271</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbe7c7f96,0x01d4c271</date><accdate>0xbe7c7f96,0x01d4c271</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbe7f426d,0x01d4c271</date><accdate>0xbe7f426d,0x01d4c271</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbe7f426d,0x01d4c271</date><accdate>0xbe7fce47,0x01d4c271</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: BH0hS5mrtcY[1].htm.2.drString found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">Ein Fehler ist aufgetreten.</h1><div class="submessage"><a href="http://www.youtube.com/watch?v=BH0hS5mrtcY" target="_blank">Schau dir dieses Video auf www.youtube.com</a> an oder aktiviere JavaScript, falls es in deinem Browser deaktiviert sein sollte.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: P31DFowd2Lw[1].htm.2.drString found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">Ein Fehler ist aufgetreten.</h1><div class="submessage"><a href="http://www.youtube.com/watch?v=P31DFowd2Lw" target="_blank">Schau dir dieses Video auf www.youtube.com</a> an oder aktiviere JavaScript, falls es in deinem Browser deaktiviert sein sollte.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: TgeYH-tayyU[1].htm.2.drString found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">Ein Fehler ist aufgetreten.</h1><div class="submessage"><a href="http://www.youtube.com/watch?v=TgeYH-tayyU" target="_blank">Schau dir dieses Video auf www.youtube.com</a> an oder aktiviere JavaScript, falls es in deinem Browser deaktiviert sein sollte.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: VNxLua4c7FY[1].htm.2.drString found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">Ein Fehler ist aufgetreten.</h1><div class="submessage"><a href="http://www.youtube.com/watch?v=VNxLua4c7FY" target="_blank">Schau dir dieses Video auf www.youtube.com</a> an oder aktiviere JavaScript, falls es in deinem Browser deaktiviert sein sollte.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: Cu=function(a,b){var c={action:"condor-brand-precap",event:b,ei:"[EID]",cpn:"[CPN]",content_v:"[CONTENT_V]",ad_cpn:"[AD_CPN]",ad_v:"[AD_V]",ad_id:"[AD_ID]",ad_len:"[AD_LEN]"};c=null!=c?c:{};var d=new g.tn("//www.youtube.com/gen_204");g.un(d,"https");c=Gn(c);yn(d,c);d=d.toString();d=g.Rn(d,a.wa.Qa);vo(d)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: FN.prototype.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=IN(this);d&&"www.youtube.com"==c?d="https://youtu.be/"+a:g.DN(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,RF&&(a=fF())&&(b.ebc=a));return g.lh(d,b)}; equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: G_=function(){var a=_.od(_.kd(new _.jd(_.hd,"https://www.youtube.com/iframe_api"))),b={},c=b.document||document,d=_.nd(a),e=document.createElement("SCRIPT"),f={rn:e,Pg:void 0},g=new _.Ve(D_,f),h=null,m=null!=b.timeout?b.timeout:5E3;0<m&&(h=window.setTimeout(function(){C_(e,!0);g.Ub(new E_(1,"Timeout reached for loading script "+d))},m),f.Pg=h);e.onload=e.onreadystatechange=function(){e.readyState&&"loaded"!=e.readyState&&"complete"!=e.readyState||(C_(e,b.Xv||!1,h),g.Sa(null))};e.onerror=function(){C_(e, equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: HN=function(a){a=zN(a.D);return"www.youtube-nocookie.com"==a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: IN=function(a){return"gaming"==a.playerStyle?"gaming.youtube.com":HN(a)}; equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: K)))+'" '+CZ(),XC=(0,_.P)(WC),ok='href="'+_.Q(_.T(_.TW({url:(0,_.O)("https://www.youtube.com/feed/history?utm_source=pp")},K)))+'" '+CZ(),YC=(0,_.P)(ok),ZC="Hier k\u00f6nnen Sie Ihren "+("<a "+_.R(XC)+">"+("YouTube-Suchverlauf</a> und Ihren "+("<a "+_.R(YC)+">YouTube-Wiedergabeverlauf</a> pausieren und l\u00f6schen.")));var $C=(0,_.F)(ZC);var aD=VC+$C+"</li><li>"+(0,_.F)("Einstellungen f\u00fcr Werbung:")+" ",bD='href="'+_.Q(_.T(_.TW({url:(0,_.O)("https://adssettings.google.com/?utm_source=pp")}, equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: Md:"googlehome"},b)+"</li></ul>");var up=(0,_.F)(ce);e=tp+up}break;case "other-sites":switch(d){case 1:var vp=e;var wp=(0,_.F)("Ihre Aktivit\u00e4ten auf anderen Websites und in Apps");e=vp+wp;break;case 2:var xp=e,Gd="",yp=""+_.WW(b),zp=(0,_.P)(yp);Gd+="<p>";var Ap="Diese Aktivit\u00e4ten k\u00f6nnten durch die Nutzung von Google-Diensten entstehen. Beispiele daf\u00fcr sind die Synchronisierung Ihres Kontos mit Chrome oder Besuche von Websites und Apps von Google-Partnern. Viele Websites und Apps arbeiten bei der Verbesserung ihrer Inhalte und Dienste mit Google zusammen. Beispielsweise k\u00f6nnen Websites unsere Werbedienste wie AdSense oder Analysetools wie Google Analytics verwenden oder andere Inhalte wie Videos von YouTube einbetten. Von diesen Produkten k\u00f6nnen Daten \u00fcber Ihre Aktivit\u00e4ten an Google weitergegeben werden. Je nach "+ equals www.youtube.com (Youtube)
Source: BH0hS5mrtcY[1].htm.2.drString found in binary or memory: Mio. Abonnenten","avg_rating":3.25,"showinfo":"0","is_html5_mobile_device":false,"iurlhq":"https:\/\/i.ytimg.com\/vi\/BH0hS5mrtcY\/hqdefault.jpg","loaderUrl":"https:\/\/policies.google.com\/","expanded_title":"Google","subtitle":"28.510 Aufrufe","enablecastapi":"1","allow_ratings":0,"channel_path":"\/channel\/UCK8sQmJBp8GCxrOtXWBpyEA","host_language":"de","iurl":"https:\/\/i.ytimg.com\/vi\/BH0hS5mrtcY\/hqdefault.jpg","cos":"Windows","xhr_apiary_host":"youtubei.youtube.com","rel":"0","apiary_host_firstparty":"","player_error_log_fraction":"1.0","eventid":"xKFhXKrzKcOdV67VsogO"},"html5":true,"url":"","attrs":{"id":"video-player","width":"100%","height":"100%"},"assets":{"css":"\/yts\/cssbin\/player-vflT28b6F\/www-player.css","js":"\/yts\/jsbin\/player-vfl8uqMkZ\/de_DE\/base.js"},"sts":17933}});writeEmbed();</script> <script > equals www.youtube.com (Youtube)
Source: TgeYH-tayyU[1].htm.2.drString found in binary or memory: Mio. Abonnenten","cos":"Windows","cbrver":"11.0","apiary_host_firstparty":"","enablecastapi":"1","iurlmq":"https:\/\/i.ytimg.com\/vi\/TgeYH-tayyU\/mqdefault.jpg","short_view_count_text":"31.365 Aufrufe","cc_load_policy":"1","iurlsd":"https:\/\/i.ytimg.com\/vi\/TgeYH-tayyU\/sddefault.jpg","co_rel":"1","cver":"20190207","xhr_apiary_host":"youtubei.youtube.com","title":"Datenschutzeinstellungen | Google-Datenschutzerkl equals www.youtube.com (Youtube)
Source: P31DFowd2Lw[1].htm.2.drString found in binary or memory: Mio. Abonnenten\"}]}}},\"channelThumbnailEndpoint\":{\"channelThumbnailEndpoint\":{\"urlEndpoint\":{\"urlEndpoint\":{\"url\":\"\/channel\/UCK8sQmJBp8GCxrOtXWBpyEA\"}}}}}}}}}","vss_host":"s.youtube.com","embed_config":"{}","el":"embedded","fexp":"23710476,23722411,23729702,23735279,23736685,23744176,23749324,23750564,23751767,23752869,23755828,23755886,23755898,23757484,23758087,23759539,23760559,23760717,23761607,23762649,23764064,23777631,23778941,23780479,23783369,23783454,23785796,23787228,23787845,23788655,23788655,23789247,23790233,23790384,23790939,23792677,9405988,9445373,9449243,9474241,9475680","co_rel":"1","innertube_api_version":"v1","iurlhq":"https:\/\/i.ytimg.com\/vi\/P31DFowd2Lw\/hqdefault.jpg","cosver":"10.0","cos":"Windows","player_error_log_fraction":"1.0","subscribed":false,"short_view_count_text":"131.790 Aufrufe","ucid":"UCK8sQmJBp8GCxrOtXWBpyEA","expanded_title":"Google","ssl":"1","innertube_context_client_version":"20190207","gapi_hint_params":"m;\/_\/scs\/abc-static\/_\/js\/k=gapi.gapi.e
Source: base[1].js.2.drString found in binary or memory: PJ=function(a){var b=void 0===b?!1:b;return LJ(Hka.test(a),a,b,"Google/YouTube Brand Lift URL")}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: Pha=function(a){var b=a.va().N;if(null!=b){b=b.videoId;var c=a.Wa.Hj;if(g.D(g.F(b)))b=null;else{c=new g.tn((null!=c?c:"//www.youtube.com/")+"watch");var d=c.o;d.set("v",b);yn(c,d);c.J="action=share";b=c.toString()}null!=b&&(uo(b),a.UF())}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: Rla=function(a,b,c){for(var d in b)for(var e=g.q(b[d]),f=e.next();!f.done;f=e.next()){f=f.value;if(!f.Yc)return;for(var k in f.Yc){if(!nO[k])return;for(var l=g.q(nO[k]),m=l.next();!m.done;m=l.next())m=m.value,a.A[m]=a.A[m]||new VN(k,m,f.Yc[k],a.D),a.C[k]=a.C[k]||{},a.C[k][f.mimeType]=!0}}KF()?(a.o=["com.youtube.fairplay"],a.A["com.youtube.fairplay"]=new VN("fairplay","com.youtube.fairplay","",a.D),a.C.fairplay={'audio/mp4; codecs="avc1.4d4015"':!0,'video/mp4; codecs="mp4a.40.2"':!0}):a.o=(c?g.bb(nO.widevine, equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: UN=function(a){var b=IN(a);!a.na("yt_embeds_disable_new_error_lozenge_url")&&Jla.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: www-widgetapi[1].js.2.drString found in binary or memory: Wa.prototype.g=function(a){if(a.origin==V(this,"host")||a.origin==V(this,"host").replace(/^http:/,"https:")){try{var b=JSON.parse(a.data)}catch(c){return}this.c=!0;this.a||0!=a.origin.indexOf("https:")||(this.a=!0);if(a=U[b.id])a.A=!0,a.A&&(y(a.s,a.B,a),a.s.length=0),a.H(b)}};function W(a,b,c){this.h=this.a=this.b=null;this.g=this[r]||(this[r]=++t);this.c=0;this.A=!1;this.s=[];this.f=null;this.l=c;this.m={};c=document;if(a=l(a)?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host||(b.host=c?Ba(a.src):"https://www.youtube.com"),this.b=new Wa(b),c||(b=Ya(this,a),this.h=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.a=a,this.a.id||(a=b=this.a,a=a[r]||(a[r]=++t),b.id="widget"+a),R[this.a.id]=this,window.postMessage){this.f=new M;Za(this);b=V(this.b,"events"); equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: Wr=function(a,b){if(b.A){1012==b.Gb()&&(b=Co(Sr));var c=Cr(b,a),d=a.ka;P()&&303==b.Gb()&&(d=(0,g.ne)(d,function(a){return-1==a.indexOf(".youtube.com/api/stats/ads")})); equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: ZQ.prototype.za=function(){if(this.o.videoData.fg){var a=this.o.videoData.fg;cR(this,"drm-"+a.flavor);cR(this,"eme-"+(a.A?"final":XN(a)?"ms":"com.youtube.fairplay"==a.o?"ytfp":$N(a)?"safarifp":"nonfinal"))}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: Zla=function(a,b,c,d,e){if(!(RF||OF()||KF()))return dG();var f=Yla(c),k=pO(c);if(!k)return dG();c={};var l=(c.fairplay="https://youtube.com/api/drm/fps?ek=uninitialized",c),m;c=[];var n=[],p=[],t=a.experiments.A("html5_hls_min_video_height"),x=0;a.experiments.o("html5_hls_pair_all_audio")?x=1:a.experiments.o("html5_hls_pair_distinct_audio")&&(x=2);var y;for(y in k)if(!a.experiments.o("html5_disable_drm_hfr_1080")||"383"!=y&&"373"!=y){var E=g.q(k[y]);for(m=E.next();!m.done;m=E.next()){var G=m.value; equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: _.GZ=function(a,b){var c=a.id,d=a.ye,e="";switch(_.fb(c)?c.toString():c){case "useful-ads":switch(d){case 1:var f=e;var g=(0,_.F)("Werbung, die Sie besonders n\u00fctzlich finden");e=f+g;break;case 2:var h=e,m="",p='href="'+_.Q(_.T(_.TW({url:"https://support.google.com/accounts?p=privpol_whyad"},b)))+'"',t=(0,_.P)(p),w='href="'+_.Q(_.T(_.TW({url:"https://support.google.com/accounts?p=privpol_whyad"},b)))+'"',L=(0,_.P)(w);m+="<p>";var S='Wenn Sie sich beispielsweise auf YouTube Videos zum Thema Backen ansehen, werden Ihnen beim Surfen im Web unter Umst\u00e4nden mehr Werbeanzeigen zu diesem Thema eingeblendet. Anhand Ihrer IP-Adresse k\u00f6nnen wir auch Ihren ungef\u00e4hren Standort ermitteln, damit wir Werbung f\u00fcr Pizza-Lieferservices in der N\u00e4he einblenden k\u00f6nnen, wenn Sie den Suchbegriff "Pizza" eingeben. Hier finden Sie weitere Informationen '+ equals www.youtube.com (Youtube)
Source: ServiceLogin[1].htm.2.drString found in binary or memory: _.jz("yb9KU")+' tabindex="-1" aria-hidden="true">':"")+'<p jsname="'+_.Q("OZNMeb")+'" aria-live="assertive"></p>'+_.K("Ha","",!1)(null,b)+_.mH({ea:"Si5T8b"},b))};_.I("Ga","",0,function(a,b,c){return(0,_.C)(_.lH({autocomplete:a.autocomplete,autofocus:a.autofocus,Sg:a.Sg,qj:a.qj,id:a.id,ea:a.ea,label:a.label,name:a.name,Vl:a.Vl,type:a.type,value:a.value},c||b))});_.I("Ia","",0,function(){return(0,_.C)("Ihr Google-Konto wurde nicht gefunden")});_.I("Ja","",0,function(){return _.G("Falls Sie sich bereits in Google-Produkten wie YouTube angemeldet haben, versuchen Sie es mit dieser E-Mail-Adresse")}); equals www.youtube.com (Youtube)
Source: m=wI7Sfc,pB6Zqd,rHjpXd,o02Jie,lCVo3d,MB66Qc,sy9f,sy9g,sy9h,sy9j,em3o,em3p,m5Z1Eb,sy5y,sy5z,sy60,sy9p,sy9q,sy9r,sy9t,sy3u,em3n,sy8l,em3z,em3y,em40,em3q,em3r,em3s,em3t,em3u,em3[1].js.2.drString found in binary or memory: _.oQa=function(a){_.Vb(a.domains);a=a.domains;for(var b="Geben Sie eine E-Mail-Adresse f\u00fcr eine der folgenden Domains ein: ",c=a.length,d=0;d<c;d++)b+=""+a[d]+(d!=c-1?", ":"");return _.G(b)};_.pQa=function(a,b,c){b=c||b;return(0,_.C)(_.K("oc","",!1)(null,b))};_.I("oc","",0,function(){return(0,_.C)("<p>Ihr Google-Konto wurde nicht gefunden</p><p>Falls Sie sich bereits in Google-Produkten wie YouTube angemeldet haben, versuchen Sie es mit dieser E-Mail-Adresse</p>")}); equals www.youtube.com (Youtube)
Source: 43APDWZV.js.2.drString found in binary or memory: _.x("sy6c");_.UV=function(a,b){a=a||{};a=a.id;var c=b.Gb,d=b.ts;b=_.F;a&&!d?(d='<div class="'+_.Q("M3GAob")+'"><div class="'+_.Q("O3bgpc")+'">',a=(0,_.O)("embed/"+_.Dw(a)+"?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl="+_.Cw(c)+"&amp;cc_lang_pref="+_.Cw(c)+"&amp;cc_load_policy=1&amp;enablejsapi=1"),a=(0,_.F)('<iframe src="'+_.Q("https://www.youtube.com/"+a)+'" allowfullscreen="allowfullscreen"'+(' class="'+_.Q("Ylcf5b")+'"')+"></iframe>"),a=d+a+"</div></div>"):a="";return b(a)}; _.VV=function(a){return(0,_.F)('<div id="'+_.Q(a.id)+'" class="'+_.Q("ahbJ5")+'"></div>')};_.WV=function(a){a=a.content;return(0,_.F)('<div class="'+_.Q("Ih2lSe")+'">'+_.G(a)+"</div>")}; equals www.youtube.com (Youtube)
Source: m=wI7Sfc,pB6Zqd,rHjpXd,o02Jie,lCVo3d,MB66Qc,sy9f,sy9g,sy9h,sy9j,em3o,em3p,m5Z1Eb,sy5y,sy5z,sy60,sy9p,sy9q,sy9r,sy9t,sy3u,em3n,sy8l,em3z,em3y,em40,em3q,em3r,em3s,em3t,em3u,em3[1].js.2.drString found in binary or memory: _.y("sy9g");var qQa=function(){return _.G("Ihr Google-Konto wurde nicht gefunden")},rQa=function(a,b,c){b=c||b;return _.G(_.K("pc","",!1)(null,b))};_.I("pc","",0,function(){return _.G("Falls Sie sich bereits in Google-Produkten wie YouTube angemeldet haben, versuchen Sie es mit dieser E-Mail-Adresse")});var sQa=function(){return _.G("Dieses Konto ist bereits auf Ihrem Ger\u00e4t vorhanden.")},tQa=function(a){return _.G("Geben Sie eine E-Mail-Adresse f\u00fcr eine der folgenden Domains ein: "+(""+a.domains+"."))}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: a.byteLength/2)).replace("skd://","https://")):(a=this.A.C,this.B.experiments.o("enable_shadow_yttv_channels")&&(a=new g.tn(a),document.location.origin&&document.location.origin.includes("green")?g.vn(a,"web-green-qa.youtube.com"):g.vn(a,"www.youtube.com"),a=a.toString()));e=a=this.L=a;var k=void 0===k?!1:k;LJ(oqa.test(e),e,k,"Drm Licensor URL")||lT(this,"drm.net",!0,"t.x");for(var l in this.H)a=qh(a,l,this.H[l]);this.ea=a;this.Z=b.experiments.o("html5_use_drm_retry");this.T=0;this.J=this.R=!1;(0,g.RP)("drm_gk_s"); equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: ber Apps, die Sie installiert haben, und Videos, die Sie sich auf YouTube angesehen haben, um neue Apps zu empfehlen, die Ihnen gefallen k equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: bergreifend kombiniert</a>. Wenn Sie sich beispielsweise Videos von Gitarrenspielern auf YouTube ansehen, kann eine Werbeanzeige f equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: c2.HTML5_FLASH_DEPRECATED="Flash-Videos werden nicht mehr unterst\u00fctzt. Aktualisiere deinen Browser auf die aktuelle Version, um YouTube optimal nutzen zu k\u00f6nnen. $BEGIN_LINKWEITERE INFORMATIONEN$END_LINK",c2.HTML5_NO_AVAILABLE_FORMATS_FALLBACK="Dieses Videoformat wird nicht unterst\u00fctzt.",c2.HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK="Dein Browser erkennt zurzeit keines der verf\u00fcgbaren Videoformate. $BEGIN_LINKKlicke hier, um unsere h\u00e4ufig gestellten Fragen zu HTML5-Videos aufzurufen.$END_LINK", equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: cher</a></li><li><a href="https://payments.google.com/legaldocument?family=0.privacynotice&hl=de">Payments</a></li><li><a href="https://fiber.google.com/legal/privacy.html">Fiber</a></li><li><a href="https://fi.google.com/about/tos/#project-fi-privacy-notice">Google Fi</a></li><li><a href="https://www.google.com/work/apps/terms/education_privacy.html">G Suite for Education</a></li><li><a href="https://kids.youtube.com/privacynotice">YouTube Kids</a></li><li><a href="https://families.google.com/familylink/privacy/child-policy/">Mit Family Link verwaltete Google-Konten f equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: d||a.jc)"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!=d||a.jc?"HTML5_FLASH_DEPRECATED"==d?b.Mb(mW(b,"HTML5_FLASH_DEPRECATED","//support.google.com/googleplay/answer/2844198#movies",!1,!0,"Video nicht verf\u00fcgbar")):(b.Mb(cta(c.message)),b.F&&c.subreason&&b.Mb(cta(c.subreason),"subreason")):b.Mb(mW(b,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK","//www.youtube.com/html5"));else if(c=g.Y(b.B).Eg,d="//support.google.com/youtube/?p=player_error1",c&&(d=g.lh(d,{hl:c})),b.Mb(mW(b,"GENERIC_WITH_LINK_AND_CPN", equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: eN("US",a.cr);this.Eg=eN("en",a.host_language);this.po=!this.aa&&Math.random()<this.experiments.A("web_player_api_logging_fraction");this.ka=!this.aa;this.Dg=new Set;this.deviceHasDisplay=bN(!0,a.deviceHasDisplay);this.cg=dN(this.cg,a.ismb);c=a;this.experiments.B("html5_qoe_intercept")?c=this.experiments.B("html5_qoe_intercept"):this.Bq?(c=c.vss_host||"s.youtube.com",this.na("www_for_videostats")&&"s.youtube.com"==c&&(c=zN(this.D)||"www.youtube.com")):c="video.google.com";this.Jl=c;this.ih(a);this.J= equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: eo.prototype.B=function(){return""};fo.prototype.getId=function(){return this.Ka};go.prototype.getId=function(){return this.Ka};var rea=["ActiveViewExternalLayer"],jo=null;var kfa=["*.googlesyndication.com","gcdn.2mdn.net"],tea=["*.youtu.be","*.youtube.com"],wea="ad.doubleclick.net bid.g.doubleclick.net corp.google.com ggpht.com google.co.uk google.com googleads.g.doubleclick.net googleads4.g.doubleclick.net googleadservices.com googlesyndication.com googleusercontent.com gstatic.com gvt1.com prod.google.com pubads.g.doubleclick.net s0.2mdn.net static.doubleclick.net static.doubleclick.net surveys.g.doubleclick.net youtube.com ytimg.com".split(" "),vea=["c.googlesyndication.com"], equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.drString found in binary or memory: function Av(a){var b=new XMLHttpRequest;b.addEventListener("load",function(){try{var a=JSON.parse(b.responseText)}catch(d){}a&&Bv(this,a)}.bind(a));b.open("GET","https://www.googleapis.com/youtube/v3/videos?part=snippet%2C+id&key=AIzaSyAS3YZWVqFxQtxsjU5ytM9WVNiZPM_l2yk&id="+a.H);b.send()} equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.drString found in binary or memory: function Ev(a){if(Xc())2==G().rs?window.YT&&window.YT.Player?Fv(a,a.o):(ur.push(function(a){Fv(this,a)}.bind(a,a.o)),wr()):J("//www.youtube.com/embed/"+a.H+"/?rel=0&cc_load_policy=1&autoplay=1&hl="+window.sc_pageModel.lang);else{var b=document.createElement("div"),c=document.createElement("h2");c.textContent=a.T;b.appendChild(c);c=document.createElement("div");c.className="video-popup";b.appendChild(c);var d=document.createElement("div");d.style.height=640/a.R+"px";c.appendChild(d);window.YT&&window.YT.Player?Fv(a,d):(ur.push(function(a){Fv(this,a)}.bind(a,d)),wr());window.sc_showLightbox(b)}} equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.SP=function(a){return KF()&&a.uh?(a={},a.fairplay="https://youtube.com/api/drm/fps?ek=uninitialized",a):a.Ca&&a.Ca.Yc||null}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.Bp=function(a){if(1==a.info.type)this.o||(a.o&&"http://youtube.com/streaming/otf/durations/112015"==a.o.uri&&ala(this,a.o),this.o=AJ(a));else if(g.CJ(this.info)&&2==a.info.type&&!this.index.Qb()){var b=g.GI(zJ(a),0,1936286840);if(b){a=[];var c=OI(b);b=c.jx.length;var d=c.Rx,e=c.jx,f=c.Qn;c=this.indexRange.end+c.hB+1;for(var k=0,l=0;l<b;l++){var m=f[l]/d,n=e[l];a.push(new kI(l,k,m,NaN,"range/"+c+"-"+(c+n-1)));k+=m;c+=n}this.index.append(a)}}}; equals www.youtube.com (Youtube)
Source: remote[1].js.2.drString found in binary or memory: g.h.Ex=g.z;g.h.W=function(){this.info("disposeInternal");g.RE(this.C);this.C=0;this.o&&(this.o.removeUpdateListener(this.F),this.o.removeMessageListener("urn:x-cast:com.google.youtube.mdx",this.D));this.o=null;u7.ga.W.call(this)}; equals www.youtube.com (Youtube)
Source: remote[1].js.2.drString found in binary or memory: g.h.PU=function(a,b){if(!this.la())if(b){var c=g.Wx(b);if(g.Ia(c)){var d=""+c.type;c=c.data||{};this.info("onYoutubeMessage_: "+d+" "+g.Ug(c));switch(d){case "mdxSessionStatus":mFa(this,c.screenId);break;default:t7(this,"Unknown youtube message: "+d)}}else t7(this,"Unable to parse message.")}else t7(this,"No data in message.")}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.SP=function(){var a=this;g.jV(this.B,this.element);var b=g.Y(this.B),c=this.B.getVideoData().videoId;b.Wc?Iwa(this,c):this.B.app.za?asa(function(){Jwa(a,c)},function(){Kwa(a,"Video cannot be added to Watch Later as the browser has blocked access to YouTube cookies.")}):Jwa(this,c)}; equals www.youtube.com (Youtube)
Source: remote[1].js.2.drString found in binary or memory: g.h.W=function(){this.Ex("");s7.ga.W.call(this)};g.B(u7,s7);g.h=u7.prototype;g.h.Dx=function(a){if(this.o){if(this.o==a)return;t7(this,"Overriding cast sesison with new session object");this.o.removeUpdateListener(this.F);this.o.removeMessageListener("urn:x-cast:com.google.youtube.mdx",this.D)}this.o=a;this.o.addUpdateListener(this.F);this.o.addMessageListener("urn:x-cast:com.google.youtube.mdx",this.D);nFa(this)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.clone=function(){var a=new g.An;a.A=this.A;this.o&&(a.o=this.o.clone(),a.Oa=this.Oa);return a};var yo={DI:5E3,EI:15E3,mz:"://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/sul www.google.com/pagead/xsul www.youtube.com/pagead/sul www.youtube.com/pagead/psul www.youtube.com/pagead/slav".split(" "),jJ:/\bocr\b/,Qt:0,eh:{},GV:function(a,b,c){a&&(yo.VM(a)?yo.WF(a,b):yo.TF(a,b,c))}, equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.createSession=function(a){var b=a.initData;if(this.o.A){var c=this.D.createSession();"com.youtube.fairplay"==this.o.o&&(b=mqa(this,b));b=c.generateRequest(a.contentType,b);c=new iT(null,null,null,c,null);b.then(null,JE((0,g.A)(c.jE,c,"t.generateRequest")));return c}if(XN(this.o)){c=new Uint8Array(270);for(a=0;135>a;a++)c[2*a]='<PlayReadyCDMData type="LicenseAcquisition"><LicenseAcquisition version="1.0" Proactive="true"></LicenseAcquisition></PlayReadyCDMData>'.charCodeAt(a);b=this.B.createSession("video/mp4", equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.getAvailablePlaybackRates=function(){var a=this.app.o;a.za?(a=a.xc[0],a="https://admin.youtube.com"==a||"https://viacon.corp.google.com"==a?kza:jza):a=[1];return a}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.kK=function(a){var b=lo(),c=this.va();if((g.Va(Bt(c))||!Bt(c)[0].C)&&!b.o("website_actions_holdback")&&P()&&ku(c)){var d=nga(c,a);if(d)if(Ht(c,[d]),M.A)this.K&&c.H&&this.oa("youtubeKevlarCompanionShow");else try{this.Rd(c)}catch(n){oz(this,g1,n)}}if(d=this.Ua){d=this.va();var e=d.N;d=P()&&g.Va(Bt(d))&&null!=d.fa&&null!=e&&e.Ae}M.A&&(d=d&&!c.H);if(d){this.bb().X(window,"message",this.jL);d=this.va();e=d.fa.channelId;var f=Kr(d),k=this.Wa.contentId,l=this.Wa.Hj;l=new g.tn((null!=l?l:"//www.youtube.com/")+ equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.kL=function(a){if(this.la())return this;this.R=a.status;a=a.responseText;a=(new DOMParser).parseFromString(a,"text/xml").getElementsByTagName("MPD")[0];this.G=1E3*XK(VK(a,"minimumUpdatePeriod"))||Infinity;if(!this.N){var b;a:{if(a.attributes)for(b=0;b<a.attributes.length;b++)if("http://youtube.com/yt/2012/10/10"==a.attributes[b].value){b=a.attributes[b].name.split(":")[1];break a}b=""}this.Z=b}this.isLive=Infinity>this.G&&this.ha;this.T=parseInt(VK(a,sL(this,"earliestMediaSequence")),10)||0;if(b= equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.lN=function(a){a=a||PP(this);if(this.ua&&!a){if(IP(this)&&(a=this.ua,!a.o["0"])){var b=new CK("0","fakesb",void 0,new yK(0,0,0,void 0,void 0,"auto"),null,null,1);a.o["0"]=this.Ea?new LK(new g.YJ("http://www.youtube.com/videoplayback"),b,"fake"):new g.dL(new g.YJ("http://www.youtube.com/videoplayback"),b,new g.kJ(0,0),new g.kJ(0,0),0,NaN)}return lO(JP(this),this.jb.H,this.ua,this.fg).then(this.tr,void 0,this)}return dG()}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.load=function(a){if(this.rb=this.o.rb){var b=this.o.o;this.F=b.applyFadeOnMidrolls?new AZ(this.o):new zZ;var c=oua(this.o);c.A=Mva(this,a);if(c.A){c.Fp=this.o.F.H;c.gc.TSLA=pua(this);c.gc.GET_MIDROLL_POSITION_IN_SEC=(0,g.A)(this.F.Hr,this.F);c.gc.DESCRIPTION_URL="http://www.youtube.com/video/"+ZX(this.o).videoId;if(a=jva(b).get(3)){var d="";a&2&&a&1?d="video":a&2?d="skippablevideo":a&1&&(d="standardvideo");a&4&&(d&&(d+="_"),d+="text_image_flash");c.B=d;if(b=b.Da)c.J=b}this.rb.X("adsManagerLoaded", equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.mr=function(a){var b=this.o.o,c=this.o.videoData,d={ns:b.da,el:aQ(c),eurl:b.Aa,fmt:c.Ca?uJ(c.Ca):0,html5:1,list:c.playlistId,cpn:c.clientPlaybackNonce,ei:c.eventId,ps:b.playerStyle,noflv:1,st:this.o.A(),video_id:c.videoId,metric:a};dQ(c)&&(d.autoplay="1");"heartbeat"==a&&(d.tpmt=ona(this.B));g.Ma(d,b.A);lR(this,g.lh(b.experiments.o("cardio_base_url_killswitch")?(b.B?b.protocol+"://www.youtube.com/":b.D)+"live_204":b.D+"live_204",d))}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.yf=function(a,b){b=void 0===b?!1:b;if("missing-qualities"==a)return{I:"a",U:{href:"https://support.google.com/youtube/?p=missing_quality",target:g.Y(this.B).G},ba:"Fehlende Optionen?"};if("inline-survey"==a)return"";var c=[Lta(this,a)],d=this.B.getPreferredQuality();b||"auto"!=d||"auto"!=a||(c.push(" "),c.push(Lta(this,this.F,["ytp-menu-label-secondary"])));return{I:"div",P:c}};g.r(mX,g.W);mX.prototype.Qc=function(a){g.pQ(this,this.F&&400<=a.width)}; equals www.youtube.com (Youtube)
Source: www-widgetapi[1].js.2.drString found in binary or memory: h.B=function(a){a.id=this.g;a.channel="widget";a=xa(a);var b=this.b;var c=Ba(this.a.src);b=0==c.indexOf("https:")?[c]:b.a?[c.replace("http:","https:")]:b.c?[c]:[c,c.replace("http:","https:")];if(!this.a.contentWindow)throw Error("The YouTube player is not attached to the DOM.");for(c=0;c<b.length;c++)try{this.a.contentWindow.postMessage(a,b[c])}catch(d){if(d.name&&"SyntaxError"==d.name)Ha(d,"WARNING");else throw d;}};function bb(a){return(0==a.search("cue")||0==a.search("load"))&&"loadModule"!=a} equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: hlen <a class="g1mG8c" href="privacy?gl=CH&amp;hl=de#footnote-cookies-and-similar-technologies" data-name="cookies-and-similar-technologies" jsaction="click:IPbaae(preventDefault=true)">Cookies</a>, <a class="g1mG8c" href="privacy?gl=CH&amp;hl=de#footnote-pixel" data-name="pixel" jsaction="click:IPbaae(preventDefault=true)">Pixel-Tags</a>, die lokale Speicherung wie etwa <a class="g1mG8c" href="privacy?gl=CH&amp;hl=de#footnote-browser-storage" data-name="browser-storage" jsaction="click:IPbaae(preventDefault=true)">Browser-Webspeicher</a> oder <a class="g1mG8c" href="privacy?gl=CH&amp;hl=de#footnote-application-data-cache" data-name="application-data-cache" jsaction="click:IPbaae(preventDefault=true)">Anwendungsdaten-Caches</a>, Datenbanken und <a class="g1mG8c" href="privacy?gl=CH&amp;hl=de#footnote-server-logs" data-name="server-logs" jsaction="click:IPbaae(preventDefault=true)">Serverprotokolle</a>.</p></div></div><div class=" xXnO1d"><div class="nrAB0c"><div id="whycollect" class="ahbJ5"></div><div class="
Source: privacy[1].htm.2.drString found in binary or memory: hrten Zwecken nutzen, bitten wir Sie um Ihre Einwilligung.</p></div></div><div class=" xXnO1d"><div class="nrAB0c"><div id="infochoices" class="ahbJ5"></div><div class="pTrV6d"><div class="M3GAob"><div class="O3bgpc"><iframe src="https://www.youtube.com/embed/TgeYH-tayyU?rel=0&amp;amp;showinfo=0&amp;amp;theme=light&amp;amp;version=3&amp;amp;hl=de&amp;amp;cc_lang_pref=de&amp;amp;cc_load_policy=1&amp;amp;enablejsapi=1" allowfullscreen="allowfullscreen" class="Ylcf5b"></iframe></div></div></div><h1>Datenschutzeinstellungen</h1><p class="vxK8q">Sie haben Entscheidungsm equals www.youtube.com (Youtube)
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=460129170&timestamp=1549934658275 equals www.youtube.com (Youtube)
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.youtube.com/embed/BH0hS5mrtcY?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl=de&amp;cc_lang_pref=de&amp;cc_load_policy=1&amp;enablejsapi=1 equals www.youtube.com (Youtube)
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.youtube.com/embed/P31DFowd2Lw?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl=de&amp;cc_lang_pref=de&amp;cc_load_policy=1&amp;enablejsapi=1 equals www.youtube.com (Youtube)
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.youtube.com/embed/TgeYH-tayyU?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl=de&amp;cc_lang_pref=de&amp;cc_load_policy=1&amp;enablejsapi=1 equals www.youtube.com (Youtube)
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.youtube.com/embed/VNxLua4c7FY?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl=de&amp;cc_lang_pref=de&amp;cc_load_policy=1&amp;enablejsapi=1 equals www.youtube.com (Youtube)
Source: iframe_api[1].js.2.drString found in binary or memory: if (!window['YT']) {var YT = {loading: 0,loaded: 0};}if (!window['YTConfig']) {var YTConfig = {'host': 'http://www.youtube.com'};}if (!YT.loading) {YT.loading = 1;(function(){var l = [];YT.ready = function(f) {if (YT.loaded) {f();} else {l.push(f);}};window.onYTReady = function() {YT.loaded = 1;for (var i = 0; i < l.length; i++) {try {l[i]();} catch (e) {}}};YT.setConfig = function(c) {for (var k in c) {if (c.hasOwnProperty(k)) {YTConfig[k] = c[k];}}};var a = document.createElement('script');a.type = 'text/javascript';a.id = 'www-widgetapi-script';a.src = 'https://s.ytimg.com/yts/jsbin/www-widgetapi-vflN2g023/www-widgetapi.js';a.async = true;var c = document.currentScript;if (c) {var n = c.nonce || c.getAttribute('nonce');if (n) {a.setAttribute('nonce', n);}}var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);})();} equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: ita=function(a){if(!a.B){var b=(null!=pG(["requestFullscreen","webkitRequestFullscreen","mozRequestFullScreen","msRequestFullscreen"],document.body)?"Vollbild ist nicht verf\u00fcgbar. $BEGIN_LINKWeitere Informationen$END_LINK":"Dein Browser unterst\u00fctzt kein Vollbild. $BEGIN_LINKWeitere Informationen$END_LINK").split(/\$(BEGIN|END)_LINK/);a.B=new zW(a.C,{I:"div",ca:["ytp-popup","ytp-generic-popup"],U:{role:"alert",tabindex:"0"},P:[b[0],{I:"a",U:{href:"https://support.google.com/youtube/answer/6276924", equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: iwa=function(a,b){var c=g.Y(a.B),d=2==a.B.getPresentingPlayerType(),e=!d||b.Ae;e=!c.K&&!!b.videoId&&e;"play"!=c.playerStyle?c="https://support.google.com/youtube/?p=report_playback":(c={contact_type:"playbackissue",html5:1,ei:b.eventId,v:b.videoId,p:"movies_playback"},b.Ca&&(c.fmt=uJ(b.Ca)),b.clientPlaybackNonce&&(c.cpn=b.clientPlaybackNonce),b.ff&&(c.partnerid=b.ff),c=g.lh("//support.google.com/googleplay/",c));g.pQ(a.C,e&&b.allowEmbed);g.pQ(a.F,e);g.pQ(a.D,e&&!b.Ea);a.aa.Mb(c,"href");g.pQ(a.G,!b.Ea&& equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: jB.prototype.B=function(a,b){this.o[a]=b};g.B(mB,pp);var Aia=$c(g.Sc("https://www.youtube.com/iframe_api")),Oya=["video/mp4","video/webm"],Pya={el:"adunit",controls:0,html5:1,playsinline:1,ps:"gvn",showinfo:0},lB=[],kB=!1;g.h=mB.prototype;g.h.MF=function(a,b,c){var d=g.Qa(a,function(a){return null!==sr(a.Za())}); equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: kW=function(a){var b=g.Y(a),c=b.o;if(c){var d=new hW(a);b={I:"div",ca:["ytp-error","ytp-related-on-error"],U:{role:"alert"},P:[{I:"div",M:"ytp-error-content",P:[{I:"div",M:"ytp-error-icon-container",P:[zsa()]},{I:"div",M:"ytp-error-content-wrap",P:[{I:"div",M:"ytp-error-content-wrap-reason",ba:"{{content}}"},{I:"div",M:"ytp-error-content-wrap-subreason",ba:"{{subreason}}"}]}]},{I:"div",M:"ytp-small-redirect",P:[{I:"a",M:"ytp-small-redirect-link",U:{href:UN(b),target:b.G,"aria-label":"Auf YouTube nach weiteren Videos suchen"}, equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: lfa=function(a){if(g.D(g.F(a)))return null;var b=a.match(/^https?:\/\/[^\/]*youtu\.be\/([a-zA-Z0-9_-]+)$/);if(null!=b&&2==b.length)return b[1];b=a.match(/^https?:\/\/[^\/]*youtube.com\/video\/([a-zA-Z0-9_-]+)$/);if(null!=b&&2==b.length)return b[1];b=a.match(/^https?:\/\/[^\/]*youtube.com\/watch\/([a-zA-Z0-9_-]+)$/);if(null!=b&&2==b.length)return b[1];a=(new g.tn(a)).o;return In(a,"v")?a.get("v").toString():In(a,"video_id")?a.get("video_id").toString():null}; equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: lich YouTube, Android und Dienste, die auf Websites Dritter bereitgestellt werden, wie Werbedienste. Diese Datenschutzerkl equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: nnen Sie Ihren <a href="https://www.youtube.com/feed/history/search_history?utm_source=pp&amp;hl=de" class="XddVQ" target="_blank">YouTube-Suchverlauf</a> und Ihren <a href="https://www.youtube.com/feed/history?utm_source=pp&amp;hl=de" class="XddVQ" target="_blank">YouTube-Wiedergabeverlauf</a> pausieren und l equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: nnen Sie entscheiden, welche Ihrer Videos auf YouTube equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: nnen Sie uns gern kontaktieren</a>.</p></div></div><div class=" xXnO1d"><div class="nrAB0c"><div id="infocollect" class="ahbJ5"></div><div class="pTrV6d"><div class="M3GAob"><div class="O3bgpc"><iframe src="https://www.youtube.com/embed/VNxLua4c7FY?rel=0&amp;amp;showinfo=0&amp;amp;theme=light&amp;amp;version=3&amp;amp;hl=de&amp;amp;cc_lang_pref=de&amp;amp;cc_load_policy=1&amp;amp;enablejsapi=1" allowfullscreen="allowfullscreen" class="Ylcf5b"></iframe></div></div></div><h1>Von Google erhobene Daten</h1><p class="vxK8q">Im Folgenden erkl equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: nnen Websites unsere Werbedienste wie AdSense oder Analysetools wie Google Analytics verwenden oder andere Inhalte wie Videos von YouTube einbetten. Von diesen Produkten k equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: null;p=null;if(n=WK(b,"ContentProtection"))if(g.JF())if((p=n.attributes.schemeIdUri)&&"http://youtube.com/drm/2012/10/10"==p.value)for(p={},n=n.firstChild;null!=n;n=n.nextSibling)"yt:SystemURL"==n.nodeName&&(p[n.attributes.type.value]=n.textContent.trim());else p=null;else if((p=n.attributes.schemeIdUri)&&"http://youtube.com/drm/2012/10/10"==p.textContent)for(p={},n=n.firstChild;null!=n;n=n.nextSibling)"SystemURL"==n.localName&&"http://youtube.com/yt/2012/10/10"==n.namespaceURI&&(p[n.attributes.type.textContent]= equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: pha=function(a,b,c,d){var e=new g.tn("https://www.googleapis.com/youtube/v3/videos");g.Cn(e,"id",a);g.Cn(e,"part","snippet,status,statistics");g.Cn(e,"fields","items/id,items/snippet/title,items/snippet/channelId,items/status/privacyStatus,items/statistics/viewCount");null!=d&&(b=(0,g.A)(b,d),c=(0,g.A)(c,d));ly(new g.ay,e,b,c)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: qha=function(a,b,c,d){var e=new g.tn("https://www.googleapis.com/youtube/v3/channels");g.Cn(e,"id",a);g.Cn(e,"part","snippet,statistics,brandingSettings");g.Cn(e,"fields","items/id,items/snippet/title,items/snippet/thumbnails/default/url,items/statistics/videoCount,items/brandingSettings/image/bannerImageUrl");null!=d&&(b=(0,g.A)(b,d),c=(0,g.A)(c,d));ly(new g.ay,e,b,c)}; equals www.youtube.com (Youtube)
Source: P31DFowd2Lw[1].htm.2.drString found in binary or memory: rung","adformat":null,"subtitle":"131.790 Aufrufe","xhr_apiary_host":"youtubei.youtube.com","eventid":"xKFhXOzsKYeZhAef9KXAAg","innertube_api_key":"AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8","cr":"CH","video_id":"P31DFowd2Lw","length_seconds":50,"avg_rating":3.7906976744,"view_count":131790,"profile_picture":"https:\/\/yt3.ggpht.com\/-v0soe-ievYE\/AAAAAAAAAAI\/AAAAAAAAAAA\/OixOH_h84Po\/s68-c-k-no-mo-rj-c0xffffff\/photo.jpg","embedded_player_response":"{\"responseContext\":{},\"embedPreview\":{\"thumbnailPreviewRenderer\":{\"title\":{\"runs\":[{\"text\":\"Einf equals www.youtube.com (Youtube)
Source: VNxLua4c7FY[1].htm.2.drString found in binary or memory: rung","cos":"Windows","loaderUrl":"https:\/\/policies.google.com\/","subtitle":"80.639 Aufrufe","hl":"de_DE","view_count":80639,"innertube_context_client_version":"20190207","innertube_api_version":"v1","channel_path":"\/channel\/UCK8sQmJBp8GCxrOtXWBpyEA","cbrver":"11.0","xhr_apiary_host":"youtubei.youtube.com","expanded_title":"Google","c":"WEB_EMBEDDED_PLAYER","allow_ratings":0,"embed_config":"{}","cr":"CH","ucid":"UCK8sQmJBp8GCxrOtXWBpyEA","vss_host":"s.youtube.com","iurlmq":"https:\/\/i.ytimg.com\/vi\/VNxLua4c7FY\/mqdefault.jpg","co_rel":"1","host_language":"de","apiary_host":"","subscribed":false,"enablejsapi":"1","avg_rating":3.2921348315,"is_embed":"1","cver":"20190207","embedded_player_response":"{\"responseContext\":{},\"embedPreview\":{\"thumbnailPreviewRenderer\":{\"title\":{\"runs\":[{\"text\":\"Von Google erhobene Daten | Google-Datenschutzerkl equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: rung</a></div><div class="HHTmSc"><svg xmlns="https://www.w3.org/2000/svg" width="24px" height="24px" viewBox="0 0 24 24" fill="#2572e4" class="R28RU"><path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"/><path d="M0 0h24v24H0z" fill="none"/></svg><a href="privacy?gl=CH&amp;hl=de#products" class="farYT">Weitere Informationen zum Datenschutz</a></div></div></div><div class=" xXnO1d"><div class="nrAB0c"><div id="intro" class="ahbJ5"></div><div class="pTrV6d"><div class="M3GAob"><div class="O3bgpc"><iframe src="https://www.youtube.com/embed/P31DFowd2Lw?rel=0&amp;amp;showinfo=0&amp;amp;theme=light&amp;amp;version=3&amp;amp;hl=de&amp;amp;cc_lang_pref=de&amp;amp;cc_load_policy=1&amp;amp;enablejsapi=1" allowfullscreen="allowfullscreen" class="Ylcf5b"></iframe></div></div></div><p>Wir entwickeln eine Vielzahl von Diensten, die Millionen von Menschen Tag f equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: rz=function(a){if(!a.T){var b=a.va(),c=b.G;if(ku(b)&&!P()&&!a.Pa.Ip()&&c){b=a.Ma.getCurrentTime();var d=a.Ma.getDuration(),e=new g.tn("//s.youtube.com/s");g.Cn(e,"ns","yt");g.Cn(e,"el","adunit");g.Cn(e,"docid",c);g.Cn(e,"eurl",document.URL);g.Cn(e,"len",d.toFixed(2));g.Cn(e,"tv","1");g.Cn(e,"ps","trueview-instream");g.Cn(e,"st",b.toFixed(2));g.Cn(e,"et",b.toFixed(2));g.Cn(e,"rt",b.toFixed(2));vo(e.toString());a.T=!0}}}; equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: te, wie die Google-Suche, YouTube und Google Home</li><li>Plattformen wie der Chrome-Browser und das Android-Betriebssystem</li><li>Produkte, die in Apps und Websites von Drittanbietern integriert sind, wie Werbeanzeigen und das eingebettete Google Maps</li></ul><p>Sie k equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: this.X("click",this.ha);this.O(a,"appresize",this.Qc);this.O(a,"onVolumeChange",this.ia);var d=null;c.N?g.zf(this,sW(b.Ib(),this.element)):(d="Die \u00c4nderung der Lautst\u00e4rke wird von deinem Browser nicht unterst\u00fctzt. $BEGIN_LINKWeitere Informationen$END_LINK".split(/\$(BEGIN|END)_LINK/),d=new zW(a,{I:"span",ca:["ytp-popup","ytp-generic-popup"],U:{tabindex:"0"},P:[d[0],{I:"a",U:{href:"https://support.google.com/youtube/?p=noaudio",target:c.G},ba:d[2]},d[4]]},100,!0),g.K(this,d),d.hide(), equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: this.aa=bN(!1,a.privembed);this.protocol=0==this.fb.indexOf("http:")?"http":"https";this.D=MJ(a.BASE_YT_URL||"")||MJ(this.fb)||this.protocol+"://www.youtube.com/";c=a.el;b="detailpage";"adunit"==c?b=this.o?"embedded":"detailpage":"embedded"==c||this.Nb?b=cN(b,c,Fla):c&&(b="embedded");this.Z=b;xH();c=null;b=a.ps;var d=g.Ua(lN,b);!b||d&&!this.Nb||(c=b);this.playerStyle=c;this.K=(this.jc=g.Ua(lN,this.playerStyle))&&"play"!=this.playerStyle&&"jamboard"!=this.playerStyle;this.Bq=!this.K;c={};this.A=(c.c= equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: tr=function(a,b,c){if(null==a)return null;c=new g.tn((null!=c?c:"//www.youtube.com/")+"watch");var d=c.o;d.set("v",a);d.set("feature",b?"trueview-instream":"instream");yn(c,d);return c.toString()}; equals www.youtube.com (Youtube)
Source: privacy[1].htm.2.drString found in binary or memory: tzlich finden</h3><p>Wenn Sie sich beispielsweise auf YouTube Videos zum Thema Backen ansehen, werden Ihnen beim Surfen im Web unter Umst equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: var U1={},nO=(U1.playready=["com.youtube.playready","com.microsoft.playready"],U1.widevine=["com.widevine.alpha"],U1);g.h=g.bO.prototype;g.h.getId=function(){return this.Ka}; equals www.youtube.com (Youtube)
Source: remote[1].js.2.drString found in binary or memory: var b={type:"getMdxSessionStatus"};a.o?a.o.sendMessage("urn:x-cast:com.google.youtube.mdx",b,g.z,(0,g.A)(function(){t7(this,"Failed to send message: getMdxSessionStatus.")},a)):t7(a,"Sending yt message without session: "+g.Ug(b))},mFa=function(a,b){g.RE(a.C); equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: void 0,g.cU(this,a.errorCode,b,ML(a.details))):this.C&&(this.C.onError(a.errorCode,ML(a.details)),b&&"manifest.net.connect"==a.errorCode&&(a="https://www.youtube.com/generate_204?cpn="+this.o.clientPlaybackNonce+"&t="+g.jH(),(new MS(a,"manifest",(0,g.A)(function(a){this.yb("pathprobe",a)},this),(0,g.A)(function(a){this.onError(a.errorCode,ML(a.details))},this.C))).send()))}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: yz=function(a){var b=a.va().fa;if(xz(a)&&null!=b){var c=a.Wa.Hj;b=g.F(b.channelId);c=g.D(b)?null:(null!=c?c:"//www.youtube.com/")+"channel/"+(g.tb(b,"UC")&&24==b.length?b:"UC"+b);null!==c&&(a.Ma.pause(),uo(c))}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: zI=function(a,b,c){this.o=a;this.uri=b||"http://youtube.com/streaming/metadata/segment/102015";this.C=void 0===c?null:c;this.A=yI(this,"Sequence-Number");this.J=yI(this,"Segment-Count");this.K=this.o["Segment-Durations-Ms"]||"";this.ingestionTime=yI(this,"Ingestion-Walltime-Us")/1E6;this.B=(yI(this,"First-Frame-Time-Us")+yI(this,"First-Frame-Uncertainty-Us"))/1E6;this.H=yI(this,"Target-Duration-Us")/1E6;this.G="T"==this.o["Overlayed-With-Slate"];this.F="T"==this.o["Stream-Finished"];this.D="T"==this.o.Streamable}; equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: accounts.youtube.com
Urls found in memory or binary dataShow sources
Source: cb=gapi[1].js.2.dr, operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: http://csi.gstatic.com/csi
Source: base[1].js.2.drString found in binary or memory: http://imasdk.googleapis.com/flash/sdkloader/flashinhtml.swf
Source: base[1].js.2.drString found in binary or memory: http://pagead2.googlesyndication.com/pagead/gen_204
Source: base[1].js.2.drString found in binary or memory: http://tpc.googlesyndication.com/pagead/js/loader13.html
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: ServiceLogin[1].htm.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: http://www.broofa.com
Source: msapplication.xml2.1.drString found in binary or memory: http://www.google.com/
Source: base[1].js.2.drString found in binary or memory: http://www.google.com/adsense/support
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: http://www.google.com/help/chatsupport/loading.html
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: http://www.google.com/policies/privacy/
Source: 2917834[1].htm.2.drString found in binary or memory: http://www.google.com/support/websearch/bin/answer.py?hl=
Source: msapplication.xml3.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.wikipedia.com/
Source: iframe_api[1].js.2.drString found in binary or memory: http://www.youtube.com
Source: msapplication.xml8.1.drString found in binary or memory: http://www.youtube.com/
Source: base[1].js.2.drString found in binary or memory: http://www.youtube.com/video/
Source: base[1].js.2.drString found in binary or memory: http://www.youtube.com/videoplayback
Source: BH0hS5mrtcY[1].htm.2.drString found in binary or memory: http://www.youtube.com/watch?v=BH0hS5mrtcY
Source: P31DFowd2Lw[1].htm.2.drString found in binary or memory: http://www.youtube.com/watch?v=P31DFowd2Lw
Source: TgeYH-tayyU[1].htm.2.drString found in binary or memory: http://www.youtube.com/watch?v=TgeYH-tayyU
Source: VNxLua4c7FY[1].htm.2.drString found in binary or memory: http://www.youtube.com/watch?v=VNxLua4c7FY
Source: base[1].js.2.drString found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.2.drString found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.2.drString found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.2.drString found in binary or memory: http://youtube.com/yt/2012/10/10
Source: 43APDWZV.js.2.drString found in binary or memory: https://aboutme.google.com/?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://aboutme.google.com/?utm_source=pp&amp;hl=de
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.google.com/
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.google.com/Logout?continue
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fdocs.google.com%2Fforms%2F%3Fusp%3Dm
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://accounts.google.com/ServiceLogin?hl=de&amp;passive=true&amp;continue=http://support.google.c
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://docs.google.c
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.google.com/SignUp?service
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.google.com/TOS?loc=
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.google.com/TOS?loc=CH&amp;hl=de
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.google.com/TOS?loc=CH&amp;hl=de&amp;privacy=true
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: cb=gapi[1].js.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fsupport.google.com&jsh=m%
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.dr, ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=46012
Source: base[1].js.2.drString found in binary or memory: https://admin.youtube.com
Source: base[1].js.2.drString found in binary or memory: https://adssettings.google.com
Source: 43APDWZV.js.2.drString found in binary or memory: https://adssettings.google.com/?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://adssettings.google.com/?utm_source=pp&amp;hl=de
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: rpc_shindig_random[1].js.2.dr, cb=gapi[1].js.2.dr, rs=AA2YrTv1HnmB3b4f-JKIKXcJhJBtRx6uQA[1].js.2.drString found in binary or memory: https://apis.google.com
Source: privacy[1].htm.2.drString found in binary or memory: https://apis.google.com/js/api.js
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://apis.google.com/js/base.js
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: https://apis.google.com/js/client.js?onload=%
Source: proxy[1].htm0.2.drString found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: postmessageRelay[1].htm.2.dr, postmessageRelay[1].htm0.2.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://books.google.com/bkshp?hl=de
Source: operatordeferred_bin_base__de[1].js.2.dr, 2917834[1].htm.2.drString found in binary or memory: https://clients6.google.com
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://console.developers.google.com/
Source: 43APDWZV.js.2.drString found in binary or memory: https://contacts.google.com
Source: privacy[1].htm.2.drString found in binary or memory: https://contacts.google.com?hl=de
Source: operatordeferred_bin_base__de[1].js.2.dr, 2917834[1].htm.2.drString found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: operatordeferred_bin_base__de[1].js.2.dr, 2917834[1].htm.2.drString found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: cb=gapi[1].js.2.dr, cb=gapi[1].js0.2.drString found in binary or memory: https://content.googleapis.com
Source: cb=gapi[1].js.2.dr, operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: https://csi.gstatic.com/csi
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://docs.google.com/document/?usp=docs_alc
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://docs.google.com/forms/?usp
Source: base[1].js.2.drString found in binary or memory: https://docs.google.com/get_video_info
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://dogfoody.appspot.com/opa
Source: cb=gapi[1].js.2.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: terms[1].htm.2.dr, m=NTMZac,Y9atKf,ktZhLb,oPwyWd,qehskd,wX26lb,xXmYM[1].js.2.drString found in binary or memory: https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home2.show
Source: 43APDWZV.js.2.dr, privacy[1].htm.2.drString found in binary or memory: https://families.google.com/familylink/privacy/child-policy/
Source: 43APDWZV.js.2.dr, privacy[1].htm.2.drString found in binary or memory: https://fi.google.com/about/tos/#project-fi-privacy-notice
Source: 43APDWZV.js.2.drString found in binary or memory: https://fiber.google.com/
Source: privacy[1].htm.2.drString found in binary or memory: https://fiber.google.com/legal/privacy.html
Source: css[1].css.2.drString found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v9/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)format(
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v9/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)format(
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eI.woff)
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format(
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff)format(
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format(
Source: m=wI7Sfc,pB6Zqd,rHjpXd,o02Jie,lCVo3d,MB66Qc,sy9f,sy9g,sy9h,sy9j,em3o,em3p,m5Z1Eb,sy5y,sy5z,sy60,sy9p,sy9q,sy9r,sy9t,sy3u,em3n,sy8l,em3z,em3y,em40,em3q,em3r,em3s,em3t,em3u,em3[1].js.2.drString found in binary or memory: https://g.co/
Source: cb=gapi[1].js.2.drString found in binary or memory: https://gsuite.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://hangouts.google.com/
Source: base[1].js.2.drString found in binary or memory: https://imasdk.googleapis.com/flash/sdkloader/flashinhtml.swf
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://jamboard.google.com/?usp=jam_ald
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://keep.google.com/
Source: 43APDWZV.js.2.dr, privacy[1].htm.2.drString found in binary or memory: https://kids.youtube.com/privacynotice
Source: accounts[1].htm0.2.drString found in binary or memory: https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72
Source: 43APDWZV.js.2.dr, m=ApfnBb,BM62mb,E05aSc,NTMZac,Y9atKf,oPwyWd,wX26lb[1].js.2.drString found in binary or memory: https://myaccount.google.com/
Source: privacy[1].htm.2.dr, terms[1].htm.2.drString found in binary or memory: https://myaccount.google.com/?hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/?utm_source=pp&amp;hl=de
Source: 2917834[1].htm.2.drString found in binary or memory: https://myaccount.google.com/activitycontrols
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/activitycontrols?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/activitycontrols?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/dashboard?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/dashboard?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/deleteaccount?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/deleteaccount?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/deleteservices?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/deleteservices?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/inactive?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/inactive?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/preferences?utm_source=pp#deleteservices
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/preferences?utm_source=pp&amp;hl=de#deleteservices
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/privacy?utm_source=pp#personalinfo
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/privacy?utm_source=pp&amp;hl=de#personalinfo
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/privacycheckup?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/privacycheckup?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/security-checkup?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/security-checkup?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myaccount.google.com/shared-endorsements?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myaccount.google.com/shared-endorsements?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myactivity.google.com/?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myactivity.google.com/?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://myactivity.google.com/myactivity?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://myactivity.google.com/myactivity?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://payments.google.com/legaldocument?family=0.privacynotice&hl=
Source: privacy[1].htm.2.drString found in binary or memory: https://payments.google.com/legaldocument?family=0.privacynotice&hl=de
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://photos.google.com/?pageId=none
Source: 43APDWZV.js.2.drString found in binary or memory: https://play.google.com/books/intl/
Source: privacy[1].htm.2.drString found in binary or memory: https://play.google.com/books/intl/de/privacy.html
Source: 43APDWZV.js.2.dr, ServiceLogin[1].htm.2.dr, rs=AA2YrTv1HnmB3b4f-JKIKXcJhJBtRx6uQA[1].js.2.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: m=wI7Sfc,pB6Zqd,rHjpXd,o02Jie,lCVo3d,MB66Qc,sy9f,sy9g,sy9h,sy9j,em3o,em3p,m5Z1Eb,sy5y,sy5z,sy60,sy9p,sy9q,sy9r,sy9t,sy3u,em3n,sy8l,em3z,em3y,em40,em3q,em3r,em3s,em3t,em3u,em3[1].js.2.drString found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: rs=AA2YrTv1HnmB3b4f-JKIKXcJhJBtRx6uQA[1].js.2.drString found in binary or memory: https://play.googleapis.com/staging/log
Source: cb=gapi[1].js.2.drString found in binary or memory: https://plus.google.com
Source: 43APDWZV.js.2.drString found in binary or memory: https://plus.google.com/settings?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://plus.google.com/settings?utm_source=pp&amp;hl=de
Source: cb=gapi[1].js.2.drString found in binary or memory: https://plus.googleapis.com
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://policies.Root
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://policies.e.com/terms?gl=CH&hl=de#toc-aboutRoot
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://policies.googl
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.dr, privacy[1].htm.2.drString found in binary or memory: https://policies.google.com/
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://policies.google.com/privacy?gl=CH&hl=de
Source: ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://policies.google.com/privacy?gl=CH&hl=de3382296
Source: ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://policies.google.com/privacy?gl=CH&hl=de3382296.gstatic.com/policies/favicon.ico
Source: ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://policies.google.com/privacy?gl=CH&hl=de3382296O
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://policies.google.com/terms?gl=CH&hl=de
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.dr, ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://policies.google.com/terms?gl=CH&hl=de#toc-about
Source: ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://policies.google.com/terms?gl=CH&hl=dee3382296.gstatic.com/policies/favicon.ico
Source: 43APDWZV.js.2.drString found in binary or memory: https://privacy.google.com/businesses/affiliates
Source: privacy[1].htm.2.drString found in binary or memory: https://privacy.google.com/businesses/affiliates?hl=de
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: https://realtimesupport.clients6.google.com
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-sta
Source: iframe_api[1].js.2.drString found in binary or memory: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflN2g023/www-widgetapi.js
Source: 43APDWZV.js.2.drString found in binary or memory: https://safebrowsing.google.com/?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://safebrowsing.google.com/?utm_source=pp&amp;hl=de
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://scone-pa.clients6.google.com
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://sites.google.com/corp/google.com/magic-wand/dogfood
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://sites.google.com/corp/google.com/magic-wand/dogfood/how-does-this-work
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark.svg
Source: postmessageRelay[1].htm.2.dr, postmessageRelay[1].htm0.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/o/748736246-postmessagerelay.js
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/account.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/family.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/personal.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/privacy.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/safe.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify.svg
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.de.adKDB1zPODc.O/am=BAqAAUAAABDwIQCE
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: rs=AA2YrTv1HnmB3b4f-JKIKXcJhJBtRx6uQA[1].js.2.drString found in binary or memory: https://ssl.gstatic.com/gb/images/spinner_32.gif
Source: cb=gapi[1].js.2.drString found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: ~DFAFAFDD8043702BC3.TMP.1.dr, imagestore.dat.2.drString found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico~
Source: 2917834[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/
Source: operatorParams[1].json.2.drString found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/1549443762162/operatordeferred_bin_base.js
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/ui/v1/activityindicator/loading.svg
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: https://staging-realtimesupport-googleapis.sandbox.google.com
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: https://support-content-apiary-gkmsstaging.sandbox.google.com
Source: 2917834[1].htm.2.drString found in binary or memory: https://support.apple.com/kb/ph21413
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://support.google
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://support.google.com
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/a?p=privpol_admin&amp;hl=de
Source: accounts[1].htm0.2.drString found in binary or memory: https://support.google.com/accounts/
Source: accounts[1].htm0.2.drString found in binary or memory: https://support.google.com/accounts/?hl
Source: accounts[1].htm0.2.drString found in binary or memory: https://support.google.com/accounts/?hl=de
Source: 2917834[1].htm.2.drString found in binary or memory: https://support.google.com/accounts/answer/2917834
Source: 2917834[1].htm.2.drString found in binary or memory: https://support.google.com/accounts/answer/2917834?co=GENIE.Platform%3DDesktop&amp;hl=de
Source: 2917834[1].htm.2.drString found in binary or memory: https://support.google.com/accounts/answer/2917834?visit_id
Source: 2917834[1].htm.2.dr, accounts[1].htm.2.drString found in binary or memory: https://support.google.com/accounts/answer/2917834?visit_id=636854990713900496-561657173&amp;p=signi
Source: ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://support.google.com/accounts/answer/2917834?visit_id=636854990713900496-561657173&p=signin_pr
Source: m=NTMZac,Y9atKf,ktZhLb,oPwyWd,qehskd,wX26lb,xXmYM[1].js.2.drString found in binary or memory: https://support.google.com/accounts/bin/answer.py?hl=
Source: terms[1].htm.2.drString found in binary or memory: https://support.google.com/accounts/bin/answer.py?hl=de&answer=58585
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?hl=
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.dr, ServiceLogin[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?hl=de
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.dr, ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://support.google.com/accounts?hl=de#topic=3382296
Source: ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://support.google.com/accounts?hl=de#topic=3382296_id=636854990713900496-561657173&p=signin_pri
Source: ~DFAFAFDD8043702BC3.TMP.1.drString found in binary or memory: https://support.google.com/accounts?hl=de/2917834?visit_id=636854990713900496-561657173&p=signin_pri
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=autocontacts&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_agereq&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_androidloc&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_controlads&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_endorse
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_endorse&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_location
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_location&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_lochistory
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_lochistory&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_phone&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_whyad
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=privpol_whyad&amp;hl=de
Source: m=wI7Sfc,pB6Zqd,rHjpXd,o02Jie,lCVo3d,MB66Qc,sy9f,sy9g,sy9h,sy9j,em3o,em3p,m5Z1Eb,sy5y,sy5z,sy60,sy9p,sy9q,sy9r,sy9t,sy3u,em3n,sy8l,em3z,em3y,em40,em3q,em3r,em3s,em3t,em3u,em3[1].js.2.dr, ServiceLogin[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=signin_privatebrowsing
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=signin_privatebrowsing&amp;hl=de
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/ads/answer/7029660#match
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/adwordspolicy?p=privpol_p13nad&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/analytics?p=privpol_data&amp;hl=de
Source: m=NTMZac,Y9atKf,ktZhLb,oPwyWd,qehskd,wX26lb,xXmYM[1].js.2.drString found in binary or memory: https://support.google.com/bin/static.py?hl=
Source: terms[1].htm.2.drString found in binary or memory: https://support.google.com/bin/static.py?hl=de&ts=1114905&page=ts.cs
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/blogger?p=privpol_blog&amp;hl=de
Source: m=wI7Sfc,pB6Zqd,rHjpXd,o02Jie,lCVo3d,MB66Qc,sy9f,sy9g,sy9h,sy9j,em3o,em3p,m5Z1Eb,sy5y,sy5z,sy60,sy9p,sy9q,sy9r,sy9t,sy3u,em3n,sy8l,em3z,em3y,em40,em3q,em3r,em3s,em3t,em3u,em3[1].js.2.dr, ServiceLogin[1].htm.2.drString found in binary or memory: https://support.google.com/chrome/answer/6130773
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/chrome?p=privpol_chrsync
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/chrome?p=privpol_chrsync&amp;hl=de
Source: imagestore.dat.2.drString found in binary or memory: https://support.google.com/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://support.google.com/favicon.ico~
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/googlehome?p=privpol_actions&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/googlehome?p=privpol_homedata&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/googleplay?p=privpol_review&amp;hl=de
Source: 2917834[1].htm.2.drString found in binary or memory: https://support.google.com/inapp/rts_frame
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/legal?p=privpol_remove&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/mail?p=privpol_signinactivity&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/photos?p=privpol_manage
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/photos?p=privpol_manage&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/policies/troubleshooter/7575787?hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/policies?p=privpol_privts
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/policies?p=privpol_privts&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/sites?p=privpol_delete&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://support.google.com/trends?p=privpol_about
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/trends?p=privpol_about&amp;hl=de
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/websearch?p=privpol_feed&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/websearch?p=privpol_incognito&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/websearch?p=privpol_locserp&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/websearch?p=privpol_privresults&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://support.google.com/websearch?p=privpol_searchactivity&amp;hl=de
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://support.googlee.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2
Source: 2917834[1].htm.2.drString found in binary or memory: https://support.mozilla.org/de-DE/kb/private-browsing-use-firefox-without-history
Source: 43APDWZV.js.2.drString found in binary or memory: https://takeout.google.com/?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://takeout.google.com/?utm_source=pp&amp;hl=de
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: https://test-realtimesupport-googleapis.sandbox.google.com
Source: 43APDWZV.js.2.drString found in binary or memory: https://transparencyreport.google.com/user-data/overview
Source: privacy[1].htm.2.drString found in binary or memory: https://transparencyreport.google.com/user-data/overview?hl=de
Source: base[1].js.2.drString found in binary or memory: https://viacon.corp.google.com
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://www.blogger.com/
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/analytics
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/u/d
Source: m=ApfnBb,BM62mb,E05aSc,NTMZac,Y9atKf,oPwyWd,wX26lb[1].js.2.drString found in binary or memory: https://www.google.
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: ServiceLogin[1].htm.2.dr, 2917834[1].htm.2.drString found in binary or memory: https://www.google.com
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/?hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/about/
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.google.com/about/datacenters/inside/locations
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/about/datacenters/inside/locations?hl=de
Source: 2917834[1].htm.2.drString found in binary or memory: https://www.google.com/accounts/TOS
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.google.com/chrome/intl/
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/chrome/intl/de/privacy.html
Source: m=NTMZac,Y9atKf,ktZhLb,oPwyWd,qehskd,wX26lb,xXmYM[1].js.2.drString found in binary or memory: https://www.google.com/contact/
Source: imagestore.dat.2.drString found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://www.google.com/favicon.ico~
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.google.com/history/optout
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/history/optout?hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.google.com/history/optout?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/history/optout?utm_source=pp&amp;hl=de
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_74x24dp.png
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.google.com/intl/
Source: accounts[1].htm0.2.drString found in binary or memory: https://www.google.com/intl/de/about/products
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: https://www.google.com/intl/de/policies/privacy/
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/intl/de/safetycenter/
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.google.com/landing/2step/?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://www.google.com/landing/2step/?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.dr, ServiceLogin[1].htm.2.dr, rs=AA2YrTv1HnmB3b4f-JKIKXcJhJBtRx6uQA[1].js.2.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://www.google.com/save
Source: base[1].js.2.drString found in binary or memory: https://www.google.com/settings/ads
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://www.google.com/settings/hatsv2
Source: 2917834[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://www.google.com/shopping?hl=de&amp;source=og
Source: 43APDWZV.js.2.dr, privacy[1].htm.2.drString found in binary or memory: https://www.google.com/work/apps/terms/education_privacy.html
Source: operatordeferred_bin_base__de[1].js.2.drString found in binary or memory: https://www.googleapis.com
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[1].js.2.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[1].js.2.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: base[1].js.2.drString found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: base[1].js.2.drString found in binary or memory: https://www.googleapis.com/urlshortener/v1/url?key=AIzaSyBbSB-E7SYd1iggX6r2b5C7ljvO6fVqaj0&shortUrl=
Source: base[1].js.2.drString found in binary or memory: https://www.googleapis.com/youtube/v3/channels
Source: base[1].js.2.drString found in binary or memory: https://www.googleapis.com/youtube/v3/videos
Source: accounts[1].htm0.2.drString found in binary or memory: https://www.googleapis.com/youtube/v3/videos?part=snippet%2C
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.gstatic.
Source: privacy[1].htm.2.dr, terms[1].htm.2.drString found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.de.PY3OhudbsLI.O/a
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: remote[1].js.2.drString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: ServiceLogin[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: 2917834[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/svg/keyboard_arrow_up_24px.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/02698a3383765bd3c250471c53a86c5a.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/02f8664b95445de6f27ba682f3c5f9ab.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/0d6da8d8c44e7e3ee95c4d56c19f04e1.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/13062c65605335a46d14656c46af3868.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/1fa3e4ce8ac456f39ed02a6f9eb49b14.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/2951277d4c35389d7d304ed78d4fb6f6.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/3394102be0315326fd760e503b31c7b6.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/39b031d352a2e1586cf50ac7f2bbc18b.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/4165cd3aa643abb80fe1953668f67551.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/4c5ee41d52605ff6f43538d46a1c0d35.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/4f19891c43001db11efc8048f9bc7cdb.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/51cd09d6239edc9652bc05ad1d149a5c.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/546f2b674b407304a2570e71a216e509.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/5959e84c2197c8a27da0a717f1cd47d5.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/5e7cd445f8861a262a3da876f855a4cc.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/900a793eae04f4bddd675f8d95c4a794.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/9c1bd42ba6ec58ce82eef30bbb30ecc3.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/a8e78fa7fa279aa946fe1a9d6a0508f2.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/acad335ad7ba163209d8c3e671b2c445.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/b18d13e9ea8a362642b7d25bce665039.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/c1b97d74dace7e43a9ccb26841a7cae4.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/d1b68e2cd423aba52d74f02573df2d2d.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/e28714c71f217892f72b2698ea5cefef.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/e60586c0029adec0bacd3e48470ca6c6.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/e79ea0ed464fc8952d5b5582f9f9ae53.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/fa9e0e90d1e7ec399dad9f3257a9bb63.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/fb61fc4bfc85ad86f11342e699d685e9.svg
Source: privacy[1].htm.2.drString found in binary or memory: https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_de_eu.pdf
Source: base[1].js.2.drString found in binary or memory: https://www.macromedia.com/go/getflashplayer
Source: www-widgetapi[1].js.2.drString found in binary or memory: https://www.youtube.com
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.youtube.com/
Source: privacy[1].htm.2.drString found in binary or memory: https://www.youtube.com/embed/BH0hS5mrtcY?rel=0&amp;amp;showinfo=0&amp;amp;theme=light&amp;amp;versi
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.youtube.com/embed/BH0hS5mrtcY?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl=
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.youtube.com/embed/P31DFowd2Lw?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl=
Source: privacy[1].htm.2.drString found in binary or memory: https://www.youtube.com/embed/TgeYH-tayyU?rel=0&amp;amp;showinfo=0&amp;amp;theme=light&amp;amp;versi
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.youtube.com/embed/TgeYH-tayyU?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl=
Source: privacy[1].htm.2.drString found in binary or memory: https://www.youtube.com/embed/VNxLua4c7FY?rel=0&amp;amp;showinfo=0&amp;amp;theme=light&amp;amp;versi
Source: {E66A8B78-2E64-11E9-AADC-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.youtube.com/embed/VNxLua4c7FY?rel=0&amp;showinfo=0&amp;theme=light&amp;version=3&amp;hl=
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.youtube.com/feed/history/search_history?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://www.youtube.com/feed/history/search_history?utm_source=pp&amp;hl=de
Source: 43APDWZV.js.2.drString found in binary or memory: https://www.youtube.com/feed/history?utm_source=pp
Source: privacy[1].htm.2.drString found in binary or memory: https://www.youtube.com/feed/history?utm_source=pp&amp;hl=de
Source: base[1].js.2.drString found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: 43APDWZV.js.2.dr, base[1].js.2.drString found in binary or memory: https://www.youtube.com/iframe_api
Source: BH0hS5mrtcY[1].htm.2.drString found in binary or memory: https://www.youtube.com/watch?v=BH0hS5mrtcY
Source: P31DFowd2Lw[1].htm.2.drString found in binary or memory: https://www.youtube.com/watch?v=P31DFowd2Lw
Source: TgeYH-tayyU[1].htm.2.drString found in binary or memory: https://www.youtube.com/watch?v=TgeYH-tayyU
Source: VNxLua4c7FY[1].htm.2.drString found in binary or memory: https://www.youtube.com/watch?v=VNxLua4c7FY
Source: base[1].js.2.drString found in binary or memory: https://youtu.be/
Source: base[1].js.2.drString found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: clean1.win@3/135@9/3
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user~1\AppData\Local\Temp\~DF822BA5B8236C42F2.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4912 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4912 CREDAT:17410 /prefetch:2Jump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behaviorgraph top1 process2 2 Behavior Graph ID: 109762 URL: https://docs.google.com/forms?usp=mail_form_link Startdate: 11/02/2019 Architecture: WINDOWS Score: 1 5 iexplore.exe 10 84 2->5         started        process3 7 iexplore.exe 6 161 5->7         started        dnsIp4 10 googlehosted.l.googleusercontent.com 172.217.18.225, 443, 49805, 49806 GOOGLE-GoogleIncUS United States 7->10 12 pagead46.l.doubleclick.net 172.217.21.66, 443, 49827, 49828 GOOGLE-GoogleIncUS United States 7->12 14 10 other IPs or domains 7->14

Simulations

Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
https://docs.google.com/forms?usp=mail_form_link0%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLinkDownload
https://policies.e.com/terms?gl=CH&hl=de#toc-aboutRoot0%Avira URL CloudsafeDownload File

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.