Windows Analysis Report
https://31127442751603.docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview

Overview

General Information

Sample URL:	https://31127442751603.docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview
Analysis ID:	1432143
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found suspicious QR code URL

Classification

Signatures

Phishing

Found suspicious QR code URL

Source: QR Code extractor	URL: http://I9I6 5TK959U94RBV%RE$O%J90R72BRA94O/7UEM 2IYRFHD394RQREVZFGDR O II9DTI8 DRX$PIF$OHF$OW95II HR7I9IA V2CICI98.I2$O9694RE:DRDV*JM7/RC9HH$V.Q794P7$OF-OK%V97YVRERD IRC95DT II9M8I7JF9T4$TP KZD II2 I9M9H6S$I6QDUAH6$9694RE90RN3YIY JRDZR
Source: QR Code extractor	URL: http://I9I6 5TK959U94RBV%RE$O%J90R72BRA94O/7UEM 2IYRFHD394RQREVZFGDR O II9DTI8 DRX$PIF$OHF$OW95II HR7I9IA V2CICI98.I2$O9694RE:DRDV*JM7/RC9HH$V.Q794P7$OF-OK%V97YVRERD IRC95DT II9M8I7JF9T4$TP KZD II2 I9M9H6S$I6QDUAH6$9694RE90RN3YIY JRDZR

Source: https://support.google.com/docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1	HTTP Parser: No favicon
Source: https://support.google.com/docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview HTTP/1.1Host: 31127442751603.docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /drive/bin/answer.py?hl=en&answer=148505 HTTP/1.1Host: support.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=BjBNQiX2anqRKvuRNorm8JB5JBraU3xMWGePWMuLmEd5VYS8wR6M3_SvpOLiyi1R8JqLKjda-t63C0RK7AIn8OcDzG1J1pPNBLbwTkrqSyk2n-RIcoCXmk3C5cmnF0YTIbAFd0p0x9xxyZ7sPiKAdjn4lA18UbyW5_r8bjotAnw
Source: global traffic	HTTP traffic detected: GET /drive/answer/148505?hl=en HTTP/1.1Host: support.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=BjBNQiX2anqRKvuRNorm8JB5JBraU3xMWGePWMuLmEd5VYS8wR6M3_SvpOLiyi1R8JqLKjda-t63C0RK7AIn8OcDzG1J1pPNBLbwTkrqSyk2n-RIcoCXmk3C5cmnF0YTIbAFd0p0x9xxyZ7sPiKAdjn4lA18UbyW5_r8bjotAnw
Source: global traffic	HTTP traffic detected: GET /docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1 HTTP/1.1Host: support.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /apis/caseslist?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714242%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802540%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.1.375092185.1714138115
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /apis/prefinsert?v=0&helpcenter=docs&hl=en&key=support-content&request_source=1&service_configuration=&mendel_ids=10800112,1706538,1714242,10800561,10800621,10800672,10800695,10800700,10800707,10800738,10800761,10800763,10800848,10800880,10800922,10800950,10800957,10801032,10801042,10801150,10801288,10801345,10801510,10801539,10801601,10801704,10801736,10801757,10802104,10802277,10802281,10802381,10802419,10802540,10802571,10802616,10802624,10802781,10803188,10803213,10803447,10803680 HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.1.375092185.1714138115
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.google.com/docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.3.375092185.1714138115; _gid=GA1.3.1858669933.1714138121; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /apis/logjourney?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714242%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802540%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.3.375092185.1714138115; _gid=GA1.3.1858669933.1714138121; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.3.375092185.1714138115; _gid=GA1.3.1858669933.1714138121; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw

Source: chromecache_67.2.dr	String found in binary or memory: <li>Publicly sharing videos that do not comply with the <a href="https://www.youtube.com/howyoutubeworks/policies/community-guidelines/" rel="noopener">YouTube Community Guidelines</a>.</li> equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: ;function Cs(){this.part="snippet,id,contentDetails,localizations,statistics";this.zk=new qs({serverUrl:"https://www.googleapis.com/youtube/v3",serviceName:"youtubeDataApi"})} equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: ;var bra=wa(["//www.youtube.com/player_api"]),JB=4/3,cra=16/9,KB={autoplay:1,cc_load_policy:1,controls:2,hl:"en",rel:0,playsinline:0};function LB(a){var b=a.Db,c=void 0===a.Dl?!1:a.Dl;a=void 0===a.playerVars?KB:a.playerVars;A.call(this,"sc.tailwind.shared.video.VideoPlayer");this.o=!1;this.ma=0;this.Db=b;this.Dl=c;this.id=this.Db.getId();this.playerVars=a;b=this.Db.mediumThumbnail.width;c=this.Db.mediumThumbnail.height;this.aspectRatio=b&&c?b/c===JB?JB:cra:JB;this.watch(this.Db)} equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: ;var qea=wa(["//www.youtube.com/player_api"]),rea=Bo(qea),Ds=[],sea=!1;function Es(){if(!sea){window.onYouTubeIframeAPIReady=tea;var a=aq("SCRIPT");co(a,rea);document.head.appendChild(a);sea=!0}} equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: b.open("GET","https://www.googleapis.com/youtube/v3/videos?part=snippet%2C+id&key=AIzaSyD-4tE5aKFZYIS_IrfpCDRsgQZbv5VCJZM&id="+a.ma);b.send()} equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: bb=bb.split("-")[0].toLowerCase();if(Ta===bb\|\|e.localizations&&e.localizations[a.ua])a.ma=!0;e="https://www.youtube.com/embed/"+encodeURIComponent(a.id);a.embedUrl=e}a.state=2;a.Ea(0);yp("youtube_video_model/load/success");return Pa(c,0)}Qa(c);a.state=3;a.Ea(0);yp("youtube_video_model/load/failure");Na(c)})} equals www.youtube.com (Youtube)
Source: chromecache_79.2.dr	String found in binary or memory: ff=u(["https://sandbox.google.com/tools/feedback/"]),gf=u(["https://www.google.cn/tools/feedback/"]),hf=u(["https://help.youtube.com/tools/feedback/"]),jf=u(["https://asx-frontend-staging.corp.google.com/inapp/"]),kf=u(["https://asx-frontend-staging.corp.google.com/tools/feedback/"]),lf=u(["https://localhost.corp.google.com/inapp/"]),mf=u(["https://localhost.proxy.googlers.com/inapp/"]),nf=S(Pe),of=[S(Qe),S(Re)],pf=[S(Se),S(Te),S(Ue),S(Ve),S(We),S(Xe),S(Ye),S(Ze),S($e),S(af)],qf=[S(bf),S(cf)],rf= equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: function PB(a){if(ep())2==z().rs?window.YT&&window.YT.Player?RB(a,a.o):(Ds.push(function(f){RB(this,f)}.bind(a,a.o)),Es()):lp("//www.youtube.com/embed/"+a.ma+"/?rel=0&cc_load_policy=1&autoplay=1&hl="+window.sc_pageModel.lang); equals www.youtube.com (Youtube)
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 31127442751603.docs.google.com
Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: support.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: unknown

HTTP traffic detected: POST /apis/caseslist?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714242%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802540%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveContent-Length: 2sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-Type: application/json+protobufX-SupportContent-AllowApiCookieAuth: trueX-SupportContent-XsrfToken: sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://support.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://support.google.com/docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319

Source: chromecache_79.2.dr	String found in binary or memory: http://localhost.corp.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: http://localhost.proxy.googlers.com/inapp/
Source: chromecache_68.2.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_67.2.dr	String found in binary or memory: http://www.google.com/support/websearch/bin/answer.py?hl=
Source: chromecache_88.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_88.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_83.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_83.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_86.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_68.2.dr, chromecache_88.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_67.2.dr, chromecache_88.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_88.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_67.2.dr	String found in binary or memory: https://docs.google.com/
Source: chromecache_88.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback-pa.clients6.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/annotator.css
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/render_frame2.html
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_89.2.dr, chromecache_60.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmZjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmdjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmtjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmxjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmZjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmdjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmtjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmxjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qE52i1dC.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qER2i1dC.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEV2i1dC.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEl2i1dC.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2)
Source: chromecache_68.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_68.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_68.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_68.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.0.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.1.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.10.w
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.2.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.3.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.4.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.5.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.6.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.7.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.8.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.9.wo
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2)
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2)
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2)
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_67.2.dr	String found in binary or memory: https://guidebooks.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://help.youtube.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://localhost.corp.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://localhost.proxy.googlers.com/inapp/
Source: chromecache_67.2.dr	String found in binary or memory: https://moltron-pa.clients6.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://myaccount.google.com/privacypolicy?hl=
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_67.2.dr	String found in binary or memory: https://play.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://play.google.com/about/developer-content-policy/
Source: chromecache_68.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_88.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_67.2.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_67.2.dr	String found in binary or memory: https://policies.google.com/terms/generative-ai
Source: chromecache_67.2.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_67.2.dr	String found in binary or memory: https://policies.google.com/terms?hl=
Source: chromecache_67.2.dr	String found in binary or memory: https://safebrowsing.google.com/#policies
Source: chromecache_79.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_79.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_67.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_79.2.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://stagingqual-feedback-pa-googleapis.sandbox.google.com
Source: chromecache_83.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_83.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_86.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_67.2.dr	String found in binary or memory: https://support.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://support.google.com/communities/answer/7424249
Source: chromecache_67.2.dr	String found in binary or memory: https://support.google.com/communities/answer/7425194
Source: chromecache_67.2.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_79.2.dr	String found in binary or memory: https://support.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_86.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_79.2.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_67.2.dr, chromecache_65.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_86.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_86.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_86.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_83.2.dr, chromecache_67.2.dr, chromecache_65.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/accounts/TOS?hl=en&loc=US
Source: chromecache_86.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/policies/terms/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&onload=
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&render=explicit&onload=
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_88.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_88.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_67.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3
Source: chromecache_67.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3/videos?part=snippet%2C
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_86.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_67.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-H30R9PNQFN
Source: chromecache_67.2.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_68.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_68.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_68.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_67.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_67.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_79.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_79.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_83.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_67.2.dr	String found in binary or memory: https://www.youtube.com/embed/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.youtube.com/howyoutubeworks/policies/community-guidelines/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: sus20.phis.win@19/58@16/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1828,i,3970195251696910120,13788360159969536646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://31127442751603.docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1828,i,3970195251696910120,13788360159969536646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.165.206	play.google.com	United States	15169	GOOGLEUS	false
192.178.50.78	unknown	United States	15169	GOOGLEUS	false
142.250.64.238	support.google.com	United States	15169	GOOGLEUS	false
142.250.217.238	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.64.142	unknown	United States	15169	GOOGLEUS	false
142.250.97.189	browserchannel-sites.l.google.com	United States	15169	GOOGLEUS	false
142.250.64.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
docs.google.com	142.250.217.206	true
bg.microsoft.map.fastly.net	199.232.214.172	true
browserchannel-sites.l.google.com	142.250.97.189	true
play.google.com	172.217.165.206	true
plus.l.google.com	142.250.217.238	true
www.google.com	142.250.64.228	true
support.google.com	142.250.64.238	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
31127442751603.docs.google.com	unknown	unknown
apis.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/generate_204	false	high
https://support.google.com/docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1	false	high
https://support.google.com/apis/caseslist?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714242%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802540%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680&authuser=0&v=1&helpcenter=docs	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0	false	high
https://docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview	false	high
https://support.google.com/drive/bin/answer.py?hl=en&answer=148505	false	high
https://support.google.com/apis/prefinsert?v=0&helpcenter=docs&hl=en&key=support-content&request_source=1&service_configuration=&mendel_ids=10800112,1706538,1714242,10800561,10800621,10800672,10800695,10800700,10800707,10800738,10800761,10800763,10800848,10800880,10800922,10800950,10800957,10801032,10801042,10801150,10801288,10801345,10801510,10801539,10801601,10801704,10801736,10801757,10802104,10802277,10802281,10802381,10802419,10802540,10802571,10802616,10802624,10802781,10803188,10803213,10803447,10803680	false	high
https://support.google.com/apis/logjourney?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714242%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802540%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680&authuser=0&v=1&helpcenter=docs	false	high
https://support.google.com/drive/answer/148505?hl=en	false	high
https://support.google.com/favicon.ico	false	high
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	high
https://31127442751603.docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview	false	high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 57	SVG Scalable Vector Graphics image	678F0DD4F96ED208AE638043469A4F84	B94FA6E66F07BBD17ED18586448078D25E687F57	66CEF6A86EA1B23495619C0B32764347E13B162A7FA57BACE6D3E1598C47FEA1
Chrome Cache Entry: 58	Web Open Font Format (Version 2), TrueType, length 7764, version 1.0	840275CCD07904AE4081556FD92B784F	3599B52C76D614FF957CEE2606AC67D61E8F50A8	4053825BF798F2D0CAF91D40483D4447ECEADEE819DB6AC1C7DC498B9AD41F49
Chrome Cache Entry: 59	ASCII text, with very long lines (4456), with no line terminators	4610F5F2D275DBCCE73241CAC5E9E48B	47A481FBA95D9EB7494977AFBFB67D39FF2E54D7	13ADEBF6ACE2EECE1D48E36988E4DB4B080FC454BBA66226A335F59CE6EDB96C
Chrome Cache Entry: 60	ASCII text	B939B48641DD382769F5A921A51354D1	3E649193F051D481FCA5EB499FCB451ED6DB14C2	87DE156E2BD6004CC029BDEC39839C051DC935899C041DD6CA96E98C2585C402
Chrome Cache Entry: 61	ASCII text, with very long lines (1203)	073DACAAD1F71A1B60CB6C73BE21A940	5D58B96FBF447E3EDAA6BE0E06AD7386EC66C2E6	D83F983E6D22A2A2D37E3EE9D2E119BFFF7EF1C8E7B8671DF73BEA8BC93F9FC2
Chrome Cache Entry: 62	Web Open Font Format (Version 2), TrueType, length 8700, version 1.0	2FE42D3535DA679F04F3D17C6365A3B3	64DA6FE900FDBB59AB97F956ECDE4E57F9848403	1B36C0B0A947C1A484C4384FDE4735E3FBE8F0EAAA04B058B74C83425B08D4B0
Chrome Cache Entry: 63	Web Open Font Format (Version 2), TrueType, length 21552, version 1.0	EA2C3CF1BE388BD3FBE9D0CD8AFEE11C	6647CBAF7BFEDD842F806549F5C3433A19EAB1AB	1CF04407E728EA1EBF82DC1C6B45D12632CB3202FF8F4556F380B16E57484F27
Chrome Cache Entry: 64	ASCII text, with no line terminators	7C75EAA17B37BC1FB911C80DBC99E4EB	447C43B1F1801D3923E154C8745100ED0B915012	0105D84E88CE0378E75A047F73F4B7845054BE0440FC588428B0A15F4ADE3C05
Chrome Cache Entry: 65	ASCII text, with very long lines (1763)	A0432AD164A72FA297E724B24FDC8147	DC9812C9EFBCEFC70970DADBC4780989B5091F33	49F7C4252AE72C7FA194C48F8AFF50C92391C3F5B76D5AC8F3DC2CE75CE38AA4
Chrome Cache Entry: 66	Web Open Font Format (Version 2), TrueType, length 21716, version 1.0	D4FF90DB5DA894C833F356F47A16E408	30606044507D81B996C992895AB16B8A8D68BE97	F2C761EE3CE27469F940A05B64E38A829A400427727CD0BDBB4E36F1D572AFD7
Chrome Cache Entry: 67	HTML document, Unicode text, UTF-8 text, with very long lines (54627)	A89E0B94B250A36E34566B55E18C68EE	E6D7ADD7CE4C96AF07E2CD2FFCB787EE49FDAAB4	71D36833AED8C18E44DAF0818F78FF950F4BB10B0903A2500089A0CC36CC54F1
Chrome Cache Entry: 68	ASCII text, with very long lines (1746)	2670EDE2722783E236F152349898D6B7	3B8468D4AD36C136F52D1583B9EEA3360362105D	5B0AB2468A21C9C3BB32FAE474CD41A04773FA0E36650AC59252699C2B26D0C1
Chrome Cache Entry: 69	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	916C9BCCCF19525AD9D3CD1514008746	9CCCE6978D2417927B5150FFAAC22F907FF27B6E	358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50
Chrome Cache Entry: 70	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	916C9BCCCF19525AD9D3CD1514008746	9CCCE6978D2417927B5150FFAAC22F907FF27B6E	358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50
Chrome Cache Entry: 71	SVG Scalable Vector Graphics image	678F0DD4F96ED208AE638043469A4F84	B94FA6E66F07BBD17ED18586448078D25E687F57	66CEF6A86EA1B23495619C0B32764347E13B162A7FA57BACE6D3E1598C47FEA1
Chrome Cache Entry: 72	ASCII text, with no line terminators	7C75EAA17B37BC1FB911C80DBC99E4EB	447C43B1F1801D3923E154C8745100ED0B915012	0105D84E88CE0378E75A047F73F4B7845054BE0440FC588428B0A15F4ADE3C05
Chrome Cache Entry: 73	ASCII text, with no line terminators	7C75EAA17B37BC1FB911C80DBC99E4EB	447C43B1F1801D3923E154C8745100ED0B915012	0105D84E88CE0378E75A047F73F4B7845054BE0440FC588428B0A15F4ADE3C05
Chrome Cache Entry: 74	ASCII text, with no line terminators	819B69E39EB07A33260D1CB7C6602B65	1460D3775DB13956E5BBCA4E2AC1D6D3194B575C	B08241EBF122168672648B99F3398E5EDBA7592567E9A7C3F502789E8DECB183
Chrome Cache Entry: 75	PNG image data, 461 x 70, 8-bit/color RGBA, non-interlaced	26D6701A79D01FD149D9CC183503DE15	AFDF38752DFA087AD09A540A855ADD56B356D335	EB15DA8AB73D2348D4BE301E68C1F410246A7D19CDB8FF2418CAECB129C8DE43
Chrome Cache Entry: 76	Web Open Font Format (Version 2), TrueType, length 15208, version 1.0	CD05F978145C3B6F58B800C1FB5EF436	916E50A357512D525C2850C8429E1E091574C9C9	F36242B1AB1AC1316640455B84D157E26487BFBB2B847C6DD4107D6CA071617F
Chrome Cache Entry: 77	Web Open Font Format (Version 2), TrueType, length 14796, version 1.0	BB9D1306FBA272771A89683EA3B0A4FC	7CAD32EAF7748F5AC06CDA557739FC9D5AEC6D9C	483F202789ED694C70F16E9CA008533BE41FC8F9DDC44D832F5818CEF0AC85F2
Chrome Cache Entry: 78	PNG image data, 461 x 70, 8-bit/color RGBA, non-interlaced	26D6701A79D01FD149D9CC183503DE15	AFDF38752DFA087AD09A540A855ADD56B356D335	EB15DA8AB73D2348D4BE301E68C1F410246A7D19CDB8FF2418CAECB129C8DE43
Chrome Cache Entry: 79	ASCII text, with very long lines (3383)	B1603D0E9433907B5F5AC30B5018DD45	E9F09D93B13340342F82D3346AAC0F844FC0A1FE	1FB71328DF3633BEACAD3165E7A28463FFD4A5B3BEE5C2969041DA8591E760BF
Chrome Cache Entry: 80	Web Open Font Format (Version 2), TrueType, length 3744, version 1.0	76401C24E5DADD117E47C8A3AED24721	2D08A624B4CAA7EEAAEC148D879554DE049C1623	7DDA16A4834B7CD8B77EBEE5723D5AB9090E0F7AE0C6A8280588A92468618933
Chrome Cache Entry: 81	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Chrome Cache Entry: 82	Web Open Font Format (Version 2), TrueType, length 14796, version 1.0	675DF44DB2BAFC60DF7052DA41F6C94B	8B766EB9F1DC9F4F6B6C81028570FD03A5F59509	8300BA70904617A47A80E9098FE00B3F7AEFD328519318C420289B0BBDFB5E2C
Chrome Cache Entry: 83	ASCII text, with very long lines (5945)	616BF7DD6DBA661E756C4E96C96B6FD4	6DEEAD07F485E4FE6B0BB048A33CC504D7E2CCCB	B38F0C880BF8B7B407875FF02313C0E6D0F8DACEF0D95381F6E7AB20794A7D60
Chrome Cache Entry: 84	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Chrome Cache Entry: 85	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 86	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 87	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 88	ASCII text, with very long lines (2124)	F46ACD807A10216E6EEE8EA51E0F14D6	4702F47070F7046689432DCF605F11364BC0FBED	D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
Chrome Cache Entry: 89	ASCII text	C8FFC386DE3B2056FB79BE94F3D30F1F	E401F137EEADD957077148B0520EB7161E63BEE2	7F750D218718DBC45D41A9908008A1BA5B0D32CBA9FA57E0691E30E9ABC7DF29

Phishing

Found suspicious QR code URL

Source: QR Code extractor	URL: http://I9I6 5TK959U94RBV%RE$O%J90R72BRA94O/7UEM 2IYRFHD394RQREVZFGDR O II9DTI8 DRX$PIF$OHF$OW95II HR7I9IA V2CICI98.I2$O9694RE:DRDV*JM7/RC9HH$V.Q794P7$OF-OK%V97YVRERD IRC95DT II9M8I7JF9T4$TP KZD II2 I9M9H6S$I6QDUAH6$9694RE90RN3YIY JRDZR
Source: QR Code extractor	URL: http://I9I6 5TK959U94RBV%RE$O%J90R72BRA94O/7UEM 2IYRFHD394RQREVZFGDR O II9DTI8 DRX$PIF$OHF$OW95II HR7I9IA V2CICI98.I2$O9694RE:DRDV*JM7/RC9HH$V.Q794P7$OF-OK%V97YVRERD IRC95DT II9M8I7JF9T4$TP KZD II2 I9M9H6S$I6QDUAH6$9694RE90RN3YIY JRDZR

Source: https://support.google.com/docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1	HTTP Parser: No favicon
Source: https://support.google.com/docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview HTTP/1.1Host: 31127442751603.docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /drive/bin/answer.py?hl=en&answer=148505 HTTP/1.1Host: support.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=BjBNQiX2anqRKvuRNorm8JB5JBraU3xMWGePWMuLmEd5VYS8wR6M3_SvpOLiyi1R8JqLKjda-t63C0RK7AIn8OcDzG1J1pPNBLbwTkrqSyk2n-RIcoCXmk3C5cmnF0YTIbAFd0p0x9xxyZ7sPiKAdjn4lA18UbyW5_r8bjotAnw
Source: global traffic	HTTP traffic detected: GET /drive/answer/148505?hl=en HTTP/1.1Host: support.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=BjBNQiX2anqRKvuRNorm8JB5JBraU3xMWGePWMuLmEd5VYS8wR6M3_SvpOLiyi1R8JqLKjda-t63C0RK7AIn8OcDzG1J1pPNBLbwTkrqSyk2n-RIcoCXmk3C5cmnF0YTIbAFd0p0x9xxyZ7sPiKAdjn4lA18UbyW5_r8bjotAnw
Source: global traffic	HTTP traffic detected: GET /docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1 HTTP/1.1Host: support.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://docs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /apis/caseslist?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714242%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802540%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.1.375092185.1714138115
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /apis/prefinsert?v=0&helpcenter=docs&hl=en&key=support-content&request_source=1&service_configuration=&mendel_ids=10800112,1706538,1714242,10800561,10800621,10800672,10800695,10800700,10800707,10800738,10800761,10800763,10800848,10800880,10800922,10800950,10800957,10801032,10801042,10801150,10801288,10801345,10801510,10801539,10801601,10801704,10801736,10801757,10802104,10802277,10802281,10802381,10802419,10802540,10802571,10802616,10802624,10802781,10803188,10803213,10803447,10803680 HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.1.375092185.1714138115
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.google.com/docs/answer/148505?visit_id=638497349106407893-2017100099&hl=en&rd=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.3.375092185.1714138115; _gid=GA1.3.1858669933.1714138121; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /apis/logjourney?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714242%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802540%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.3.375092185.1714138115; _gid=GA1.3.1858669933.1714138121; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw; SUPPORT_CONTENT=638497349123509273-2258584319; _ga_H30R9PNQFN=GS1.1.1714138114.1.0.1714138114.0.0.0; _ga=GA1.3.375092185.1714138115; _gid=GA1.3.1858669933.1714138121; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=ByVBOOqtprbkzXtmBobAHitIlJ3YeGISigVOEo9dxD_VS1yFwLRwW9iJpJ3Dw4r4aVHvOJBH2ep1qauvh8R5hE46gwpYgFxcCbAgk21Y3dmKCRgCXb1C_4rISR8n-_dUSwbOniQ9RHc6wXoVOMVxQoIhoMQstmyLYjRsN62henHkAliptQDjtfkOEVLSgw

Source: chromecache_67.2.dr	String found in binary or memory: <li>Publicly sharing videos that do not comply with the <a href="https://www.youtube.com/howyoutubeworks/policies/community-guidelines/" rel="noopener">YouTube Community Guidelines</a>.</li> equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: ;function Cs(){this.part="snippet,id,contentDetails,localizations,statistics";this.zk=new qs({serverUrl:"https://www.googleapis.com/youtube/v3",serviceName:"youtubeDataApi"})} equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: ;var bra=wa(["//www.youtube.com/player_api"]),JB=4/3,cra=16/9,KB={autoplay:1,cc_load_policy:1,controls:2,hl:"en",rel:0,playsinline:0};function LB(a){var b=a.Db,c=void 0===a.Dl?!1:a.Dl;a=void 0===a.playerVars?KB:a.playerVars;A.call(this,"sc.tailwind.shared.video.VideoPlayer");this.o=!1;this.ma=0;this.Db=b;this.Dl=c;this.id=this.Db.getId();this.playerVars=a;b=this.Db.mediumThumbnail.width;c=this.Db.mediumThumbnail.height;this.aspectRatio=b&&c?b/c===JB?JB:cra:JB;this.watch(this.Db)} equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: ;var qea=wa(["//www.youtube.com/player_api"]),rea=Bo(qea),Ds=[],sea=!1;function Es(){if(!sea){window.onYouTubeIframeAPIReady=tea;var a=aq("SCRIPT");co(a,rea);document.head.appendChild(a);sea=!0}} equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: b.open("GET","https://www.googleapis.com/youtube/v3/videos?part=snippet%2C+id&key=AIzaSyD-4tE5aKFZYIS_IrfpCDRsgQZbv5VCJZM&id="+a.ma);b.send()} equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: bb=bb.split("-")[0].toLowerCase();if(Ta===bb\|\|e.localizations&&e.localizations[a.ua])a.ma=!0;e="https://www.youtube.com/embed/"+encodeURIComponent(a.id);a.embedUrl=e}a.state=2;a.Ea(0);yp("youtube_video_model/load/success");return Pa(c,0)}Qa(c);a.state=3;a.Ea(0);yp("youtube_video_model/load/failure");Na(c)})} equals www.youtube.com (Youtube)
Source: chromecache_79.2.dr	String found in binary or memory: ff=u(["https://sandbox.google.com/tools/feedback/"]),gf=u(["https://www.google.cn/tools/feedback/"]),hf=u(["https://help.youtube.com/tools/feedback/"]),jf=u(["https://asx-frontend-staging.corp.google.com/inapp/"]),kf=u(["https://asx-frontend-staging.corp.google.com/tools/feedback/"]),lf=u(["https://localhost.corp.google.com/inapp/"]),mf=u(["https://localhost.proxy.googlers.com/inapp/"]),nf=S(Pe),of=[S(Qe),S(Re)],pf=[S(Se),S(Te),S(Ue),S(Ve),S(We),S(Xe),S(Ye),S(Ze),S($e),S(af)],qf=[S(bf),S(cf)],rf= equals www.youtube.com (Youtube)
Source: chromecache_67.2.dr	String found in binary or memory: function PB(a){if(ep())2==z().rs?window.YT&&window.YT.Player?RB(a,a.o):(Ds.push(function(f){RB(this,f)}.bind(a,a.o)),Es()):lp("//www.youtube.com/embed/"+a.ma+"/?rel=0&cc_load_policy=1&autoplay=1&hl="+window.sc_pageModel.lang); equals www.youtube.com (Youtube)
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 31127442751603.docs.google.com
Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: support.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: unknown

Source: chromecache_79.2.dr	String found in binary or memory: http://localhost.corp.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: http://localhost.proxy.googlers.com/inapp/
Source: chromecache_68.2.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_67.2.dr	String found in binary or memory: http://www.google.com/support/websearch/bin/answer.py?hl=
Source: chromecache_88.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_88.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_83.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_83.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_86.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_68.2.dr, chromecache_88.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_67.2.dr, chromecache_88.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_88.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_67.2.dr	String found in binary or memory: https://docs.google.com/
Source: chromecache_88.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback-pa.clients6.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/annotator.css
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/render_frame2.html
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_79.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_89.2.dr, chromecache_60.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmZjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmdjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmtjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmxjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmZjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmdjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmtjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmxjtiu7.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qE52i1dC.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qER2i1dC.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEV2i1dC.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEl2i1dC.woff2)
Source: chromecache_89.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2)
Source: chromecache_68.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_68.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_68.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_68.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.0.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.1.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.10.w
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.2.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.3.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.4.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.5.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.6.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.7.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.8.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.9.wo
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2)
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2)
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2)
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_67.2.dr	String found in binary or memory: https://guidebooks.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://help.youtube.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://localhost.corp.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://localhost.proxy.googlers.com/inapp/
Source: chromecache_67.2.dr	String found in binary or memory: https://moltron-pa.clients6.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://myaccount.google.com/privacypolicy?hl=
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_67.2.dr	String found in binary or memory: https://play.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://play.google.com/about/developer-content-policy/
Source: chromecache_68.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_88.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_67.2.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_67.2.dr	String found in binary or memory: https://policies.google.com/terms/generative-ai
Source: chromecache_67.2.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_67.2.dr	String found in binary or memory: https://policies.google.com/terms?hl=
Source: chromecache_67.2.dr	String found in binary or memory: https://safebrowsing.google.com/#policies
Source: chromecache_79.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_79.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_67.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_79.2.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://stagingqual-feedback-pa-googleapis.sandbox.google.com
Source: chromecache_83.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_83.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_86.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_67.2.dr	String found in binary or memory: https://support.google.com
Source: chromecache_79.2.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://support.google.com/communities/answer/7424249
Source: chromecache_67.2.dr	String found in binary or memory: https://support.google.com/communities/answer/7425194
Source: chromecache_67.2.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_79.2.dr	String found in binary or memory: https://support.google.com/inapp/
Source: chromecache_79.2.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_86.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_79.2.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_67.2.dr, chromecache_65.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_86.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_86.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_86.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_83.2.dr, chromecache_67.2.dr, chromecache_65.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/accounts/TOS?hl=en&loc=US
Source: chromecache_86.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/policies/terms/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&onload=
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&render=explicit&onload=
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_88.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_88.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_67.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3
Source: chromecache_67.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3/videos?part=snippet%2C
Source: chromecache_83.2.dr, chromecache_65.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_86.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_67.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-H30R9PNQFN
Source: chromecache_67.2.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_68.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_68.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_68.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_67.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_67.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_79.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_79.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_83.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_67.2.dr	String found in binary or memory: https://www.youtube.com/embed/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.youtube.com/howyoutubeworks/policies/community-guidelines/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: sus20.phis.win@19/58@16/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1828,i,3970195251696910120,13788360159969536646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://31127442751603.docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1828,i,3970195251696910120,13788360159969536646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1432143
Product:	CloudBasic
Start time:	15:27:05
Start date:	26.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://31127442751603.docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://31127442751603.docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://31127442751603.docs.google.com/drawings/d/10ZZZ9n1JasGBmH5CaOAfx27pWT_nVM2yetp-8M1sWzI/preview