Windows Analysis Report
https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk

Overview

General Information

Sample URL:	https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk
Analysis ID:	1438245
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=AaSxoQwno2fSZZK4Hk5vEE5Opmd9YYkUIM1dK7xRA0A4oP58Ue8gNFq_7TZhnGhwTJ946Uq64wlb_w&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2013655146%3A1715170523562473&theme=mn&ddm=0

HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49774 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49800 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49774 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /auth_warmup HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=LDrJ9zBTfV3pZoB17-ucCt8Zz8qN3VlMNirXBwN3lL38osEIIBAicWnp7d6uNnjQtfdG6fx8PX6cjx7dUbpzl-GQN9nP0JawAN4gykMhvMcwX9a7Z26i2B-_oWa2zcc57PgU34WY5gxt8OX9jNFYivIltP70VHJOUxgoiTCuyDs
Source: global traffic	HTTP traffic detected: GET /drivesharing/clientmodel?id=12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.com HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=LDrJ9zBTfV3pZoB17-ucCt8Zz8qN3VlMNirXBwN3lL38osEIIBAicWnp7d6uNnjQtfdG6fx8PX6cjx7dUbpzl-GQN9nP0JawAN4gykMhvMcwX9a7Z26i2B-_oWa2zcc57PgU34WY5gxt8OX9jNFYivIltP70VHJOUxgoiTCuyDs
Source: global traffic	HTTP traffic detected: GET /viewer2/prod-01/archive?ck=drive&ds=APznzaZx5nAprH_U-3S3p79NDN5zTZblloNhn_gSJSBxMg9DJiUArmcek9liWF_JNJjgJCQjzuwJqwz8Qa4fO0JUELJuF1IfxlPeYN0XvjwrcgCVROX6dofUomAg0MaI4bw5Rkjjs2NQXBzRqEBHpcNzUtMMaUSkC6pFkQUQBfsNwREzd_x6dAXXxMtFWS8_UnvaIAKhEtSAN1F2n5lKGcutXt5vlY-rp_jmDPdOMFTS_QOXC1M55k_ij8cmxTaO15S7tX98BDWS34Hi1ZR9bLX9_lpXMnVWiNRT-OOBSXM3Zk9pTPtQ1Y3eWdMAoiQR9lwtB6EtD3YhrP91HR78LhZababXRODFCD_A1U1iyaSxj5Xh3tv1ePF2GaQtI6X8SWaIcV0JfDNwtYMaO7WygrawGKsZK88ANQ%3D%3D&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=LDrJ9zBTfV3pZoB17-ucCt8Zz8qN3VlMNirXBwN3lL38osEIIBAicWnp7d6uNnjQtfdG6fx8PX6cjx7dUbpzl-GQN9nP0JawAN4gykMhvMcwX9a7Z26i2B-_oWa2zcc57PgU34WY5gxt8OX9jNFYivIltP70VHJOUxgoiTCuyDs
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /viewer2/prod-01/archive?ck=drive&ds=APznzaZx5nAprH_U-3S3p79NDN5zTZblloNhn_gSJSBxMg9DJiUArmcek9liWF_JNJjgJCQjzuwJqwz8Qa4fO0JUELJuF1IfxlPeYN0XvjwrcgCVROX6dofUomAg0MaI4bw5Rkjjs2NQXBzRqEBHpcNzUtMMaUSkC6pFkQUQBfsNwREzd_x6dAXXxMtFWS8_UnvaIAKhEtSAN1F2n5lKGcutXt5vlY-rp_jmDPdOMFTS_QOXC1M55k_ij8cmxTaO15S7tX98BDWS34Hi1ZR9bLX9_lpXMnVWiNRT-OOBSXM3Zk9pTPtQ1Y3eWdMAoiQR9lwtB6EtD3YhrP91HR78LhZababXRODFCD_A1U1iyaSxj5Xh3tv1ePF2GaQtI6X8SWaIcV0JfDNwtYMaO7WygrawGKsZK88ANQ%3D%3D&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /js/googleapis.proxy.js?onload=startup HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cXkZwHTpU45pOMB&MD=+MDlyW+f HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/docos/p/sync?resourcekey&id=12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv&reqid=0 HTTP/1.1Host: drive.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /a-/ALV-UjVb9SFnDTZyqkqHArY-sJwqn-ErkFj9L3KnrN0g71pcwcnP-g=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a-/ALV-UjVb9SFnDTZyqkqHArY-sJwqn-ErkFj9L3KnrN0g71pcwcnP-g=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cXkZwHTpU45pOMB&MD=+MDlyW+f HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_89.2.dr	String found in binary or memory: disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}, equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: ff=u(["https://sandbox.google.com/tools/feedback/"]),gf=u(["https://www.google.cn/tools/feedback/"]),hf=u(["https://help.youtube.com/tools/feedback/"]),jf=u(["https://asx-frontend-staging.corp.google.com/inapp/"]),kf=u(["https://asx-frontend-staging.corp.google.com/tools/feedback/"]),lf=u(["https://localhost.corp.google.com/inapp/"]),mf=u(["https://localhost.proxy.googlers.com/inapp/"]),nf=S(Pe),of=[S(Qe),S(Re)],pf=[S(Se),S(Te),S(Ue),S(Ve),S(We),S(Xe),S(Ye),S(Ze),S($e),S(af)],qf=[S(bf),S(cf)],rf= equals www.youtube.com (Youtube)
Source: chromecache_81.2.dr	String found in binary or memory: var xzb=function(a){return ph(function(){return JC(a,wzb,l5a)},function(b,c){(void 0===c\|\|500>c)&&b.cancel()},function(b,c){(void 0===c\|\|500>c)&&b.cancel()}).then()},yzb=function(a,b){b.then(function(){a.state=2;for(var c=n(a.C),d=c.next();!d.done;d=c.next())d.value.Nc.resolve();a.C.splice(0,a.C.length)},function(){var c=a.C.shift();c?(yzb(a,c.promise),c.Nc.resolve()):a.state=0})};var zzb=function(a){J.call(this);this.context=a;a=this.context.fa();this.C=SC(a)\|\|new VF;this.He=new Sh(F(this.C,6,"AIzaSyDVQw45DwoYh632gvsP5vPDqEKvb-Ywnb8"),ki(a)\|\|"0",F(this.C,7,"https://workspacevideo-pa.googleapis.com"),void 0,!0,void 0,!0,void 0,void 0);this.He.init();this.sa(this.He)};N(zzb,J);var Azb=function(a){XF.call(this,a.ma());this.context=a};N(Azb,XF);Azb.prototype.D=function(){return"onYouTubeIframeAPIReady"};Azb.prototype.H=function(){var a=SC(this.context.fa())\|\|new VF;return WAa(F(a,1,"https://www.youtube.com"),"iframe_api")};Azb.prototype.C=function(){return xj("YT.Player",this.ma().getWindow())};var rJ=function(a){If.call(this);this.C=a;this.sa(this.C);var b=a.fa();a=a.ma();this.L=null;this.ha=!1;this.R=0;this.O=null;CC(b)\|\|uf(b,83);var c=M(b,hD,112);c=null!=c?D(c,1):null;c="string"===typeof c?pe(c):"https://drive.google.com";this.Ha=TOa(c);this.J=new yh(this);this.sa(this.J);this.D=new dhb;this.sa(this.D);Bzb(this,b,a);c=this.C.fa();var d=M(c,hD,112);null!=d&&oi(d,7)&&(cF(this.D,new f7a(this.C)),cF(this.D,new mD(this.C)));(d=Rh(c))&&G(d,7,!1)&&(cF(this.D,new oD(this.C)),cF(this.D,new m7a(this.C))); equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: blobcomments-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: peoplestackwebexperiments-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 1998sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://drive.google.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=LDrJ9zBTfV3pZoB17-ucCt8Zz8qN3VlMNirXBwN3lL38osEIIBAicWnp7d6uNnjQtfdG6fx8PX6cjx7dUbpzl-GQN9nP0JawAN4gykMhvMcwX9a7Z26i2B-_oWa2zcc57PgU34WY5gxt8OX9jNFYivIltP70VHJOUxgoiTCuyDs

Source: chromecache_92.2.dr, chromecache_81.2.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: chromecache_104.2.dr	String found in binary or memory: http://localhost.corp.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: http://localhost.proxy.googlers.com/inapp/
Source: chromecache_81.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_113.2.dr, chromecache_88.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: chromecache_113.2.dr, chromecache_88.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch/ns
Source: chromecache_86.2.dr, chromecache_81.2.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_92.2.dr	String found in binary or memory: https://accounts.google.com/o/fedcm/config.json
Source: chromecache_92.2.dr, chromecache_117.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_92.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_96.2.dr, chromecache_81.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_104.2.dr, chromecache_81.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_89.2.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js
Source: chromecache_85.2.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: chromecache_81.2.dr	String found in binary or memory: https://apps-drive-picker-dev.corp.google.com/picker/minpick/main
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_89.2.dr	String found in binary or memory: https://classroom.google.com/sharewidget?usegapi=1
Source: chromecache_89.2.dr	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1
Source: chromecache_81.2.dr	String found in binary or memory: https://clients5.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://clients5.google.com/webstore/wall/widget
Source: chromecache_96.2.dr, chromecache_116.2.dr, chromecache_92.2.dr, chromecache_117.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_92.2.dr	String found in binary or memory: https://console.developers.google.com/
Source: chromecache_96.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_92.2.dr, chromecache_117.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_92.2.dr, chromecache_81.2.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_89.2.dr	String found in binary or memory: https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1
Source: chromecache_92.2.dr	String found in binary or memory: https://developers.google.com/
Source: chromecache_92.2.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: chromecache_92.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/gis-migration)
Source: chromecache_92.2.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: chromecache_81.2.dr	String found in binary or memory: https://docs.google.com/document/d/1kganm9BHI3TsF8ogVulX2o4DzzO8XA4gu8aIKneTTNU/preview
Source: chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_81.2.dr	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com/drive/my-drive
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com/picker/minpick/main
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com/requestreview?id=
Source: chromecache_89.2.dr	String found in binary or memory: https://drive.google.com/savetodrivebutton?usegapi=1
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com/viewer
Source: chromecache_81.2.dr	String found in binary or memory: https://drivemetadata.clients6.google.com
Source: chromecache_89.2.dr	String found in binary or memory: https://families.google.com/webcreation?usegapi=1&usegapi=1
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback-pa.clients6.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/annotator.css
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/render_frame2.html
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_94.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_96.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/e/notoemoji/
Source: chromecache_94.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v59/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialiconsfilled/close/v19/gm_grey200-24dp/1x/gm_filled_close
Source: chromecache_104.2.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_104.2.dr	String found in binary or memory: https://help.youtube.com/tools/feedback/
Source: chromecache_96.2.dr, chromecache_81.2.dr	String found in binary or memory: https://lh3.googleusercontent.com/a/default-user
Source: chromecache_104.2.dr	String found in binary or memory: https://localhost.corp.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://localhost.proxy.googlers.com/inapp/
Source: chromecache_81.2.dr	String found in binary or memory: https://mygoogle.corp.google.com/help/answer/9011840
Source: chromecache_81.2.dr	String found in binary or memory: https://onepick-autopush.sandbox.google.com/picker/minpick/main
Source: chromecache_81.2.dr	String found in binary or memory: https://onepick-preprod.sandbox.google.com/picker/minpick/main
Source: chromecache_81.2.dr	String found in binary or memory: https://onepick-staging-drivequal.sandbox.google.com/picker/minpick/main
Source: chromecache_81.2.dr	String found in binary or memory: https://onepick-staging.sandbox.google.com/picker/minpick/main
Source: chromecache_89.2.dr	String found in binary or memory: https://pay.google.com/gp/v/widget/save
Source: chromecache_81.2.dr	String found in binary or memory: https://play.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_89.2.dr	String found in binary or memory: https://play.google.com/work/embedded/search?usegapi=1&usegapi=1
Source: chromecache_117.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_81.2.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_81.2.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_81.2.dr	String found in binary or memory: https://policies.google.com/terms/generative-ai
Source: chromecache_81.2.dr	String found in binary or memory: https://preprod-dynamite-alpha-us-signaler-pa.clients6.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://preprod-dynamite-alpha-us-signaler-pa.googleapis.com
Source: chromecache_81.2.dr	String found in binary or memory: https://punctual-dev.corp.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_104.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_104.2.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://signaler-pa.clients6.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://signaler-pa.googleapis.com
Source: chromecache_81.2.dr	String found in binary or memory: https://signaler-pa.youtube.com
Source: chromecache_81.2.dr	String found in binary or memory: https://signaler-staging.sandbox.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://ssl.gstatic.com/docs/common/cleardot.gif
Source: chromecache_92.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: chromecache_89.2.dr	String found in binary or memory: https://ssl.gstatic.com/microscope/embed/
Source: chromecache_104.2.dr	String found in binary or memory: https://stagingqual-feedback-pa-googleapis.sandbox.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com
Source: chromecache_104.2.dr, chromecache_81.2.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/contacts/answer/7345608
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/docs/answer/37603
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/docs/answer/49114
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/docs/answer/65129
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/docs/answer/65129?hl=en-GB
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/docs?p=comments_guide
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2407404?hl=en
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2423485?hl=%s
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2423694
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/drive/answer/7650301
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_requester_terms
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_signer_terms
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_signer_tos
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/legal/answer/3110420
Source: chromecache_89.2.dr	String found in binary or memory: https://talkgadget.google.com/:session_prefix:talkgadget/_/widget
Source: chromecache_104.2.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_81.2.dr	String found in binary or memory: https://workspace.google.com
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_81.2.dr	String found in binary or memory: https://workspacevideo-pa.googleapis.com
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_81.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true
Source: chromecache_89.2.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/badge?usegapi=1
Source: chromecache_89.2.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/optin?usegapi=1
Source: chromecache_104.2.dr, chromecache_81.2.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_92.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: chromecache_117.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_117.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_81.2.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_81.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/calendar_2020q4/v13/192px.svg
Source: chromecache_81.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/tasks/v10/192px.svg
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_89.2.dr	String found in binary or memory: https://www.gstatic.com/partners/badge/templates/badge.html?usegapi=1
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_email_address_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_name_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_copy_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_cut_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/email_copy_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/info_outline_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/phone_copy_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/visibility_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/visibility_off_grey200.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_email_address_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_name_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_copy_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_cut_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/domain_disabled_grey900.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/email_copy_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/info_outline_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/phone_copy_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/visibility_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/visibility_off_grey700.svg
Source: chromecache_81.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_81.2.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_89.2.dr	String found in binary or memory: https://www.youtube.com/subscribe_embed?usegapi=1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49800 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/71@26/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2096,i,3259511740123321582,4811320085073021387,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2096,i,3259511740123321582,4811320085073021387,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.14.206	unknown	United States	15169	GOOGLEUS	false
142.251.33.110	play.google.com	United States	15169	GOOGLEUS	false
142.250.217.78	unknown	United States	15169	GOOGLEUS	false
142.251.33.78	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.217.100	unknown	United States	15169	GOOGLEUS	false
142.251.215.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.33.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.69.206	drive.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
blobcomments-pa.clients6.google.com	142.250.217.106	true
bg.microsoft.map.fastly.net	199.232.214.172	true
play.google.com	142.251.33.110	true
plus.l.google.com	142.251.33.78	true
drive.google.com	142.250.69.206	true
www.google.com	142.251.215.228	true
peoplestackwebexperiments-pa.clients6.google.com	142.250.69.202	true
googlehosted.l.googleusercontent.com	142.251.33.97	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
lh3.googleusercontent.com	unknown	unknown
apis.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://apis.google.com/js/googleapis.proxy.js?onload=startup	false		high
about:blank	false	Avira URL Cloud: safe	low
https://lh3.googleusercontent.com/a-/ALV-UjVb9SFnDTZyqkqHArY-sJwqn-ErkFj9L3KnrN0g71pcwcnP-g=s64	false		high
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png	false		high
https://play.google.com/log?format=json&hasfast=true	false		high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_1	false		high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0	false		high
https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/docos/p/sync?resourcekey&id=12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv&reqid=0	false		high
https://drive.google.com/viewer2/prod-01/archive?ck=drive&ds=APznzaZx5nAprH_U-3S3p79NDN5zTZblloNhn_gSJSBxMg9DJiUArmcek9liWF_JNJjgJCQjzuwJqwz8Qa4fO0JUELJuF1IfxlPeYN0XvjwrcgCVROX6dofUomAg0MaI4bw5Rkjjs2NQXBzRqEBHpcNzUtMMaUSkC6pFkQUQBfsNwREzd_x6dAXXxMtFWS8_UnvaIAKhEtSAN1F2n5lKGcutXt5vlY-rp_jmDPdOMFTS_QOXC1M55k_ij8cmxTaO15S7tX98BDWS34Hi1ZR9bLX9_lpXMnVWiNRT-OOBSXM3Zk9pTPtQ1Y3eWdMAoiQR9lwtB6EtD3YhrP91HR78LhZababXRODFCD_A1U1iyaSxj5Xh3tv1ePF2GaQtI6X8SWaIcV0JfDNwtYMaO7WygrawGKsZK88ANQ%3D%3D&authuser=0&page=0	false		high
https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk	false		high
https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view	false		high
https://drive.google.com/auth_warmup	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 11:15:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	695AA74F67D6D99CC9D10EEE39464005	A1157151D0021B260CB4D998AAE710ABE9639035	FF9B596B38F6E1358D436A298BD481DD20AC8CF8C457E1B1ABB0626F54EFE045
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 11:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7C28E4ACAF4B029883440C6AB86BA12A	68F4E7EAD37FCCED87420BD647FEE0F9CC3DC3F3	F7C89E703E6C3C435CD35A0474300D27AB7A81B83A135B0079AB538E40691AAB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8CD96D0EBFB3BE40C833194C4C445159	3A69C7DEAEB24D6DF663118C03E668EA3DA99F55	39045A864673721844E921B1E6ED15B179898460A37EC47DAEBDB355DD51260C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 11:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BA999439A16AE409AAD1F236E989B24B	BFE5EF71602C52DD9329B592939EF5E24973BF37	85FBAB8C5F8E3747E15F2248F8411E557D6BD3DAABA1C7FCF0D98F2140CF3864
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 11:15:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A46E60DA4E7B32A10E23C69582B643D8	AA77C067682515B5138CDAC42E42762CDA8C2918	F0828A8E4939188BFD1BF8AEDBFF39A1E7E41B1392DAECA011BDEA28B2802555
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 11:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	DAD5B37C0944C4D13DB64896DECE10DE	5758B5C84737CF8DA8BDDEC0F426D2597EA67481	F9AD7CE6DBB3283EECD9F6D31A1E3DB57E1B85779EBD5151AEA8AA1ABBCA72A8
Chrome Cache Entry: 100	JSON data	41A1BC2FA7FBA0E8F1C3CA3B037B4B61	DA89FF3A9FC29743489C1820BC0F327B92EC9241	5CD42A62552A673DCCCC069203DEB6F456E3680D72BE85C5B5410793E17144A7
Chrome Cache Entry: 101	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 102	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 103	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 104	ASCII text, with very long lines (3383)	936C777790659F304D0D75DD37C349C5	C02A937CC205D9D9332B92E05C69836CEAFEE53A	1252984607640507F1E1AED2558E401937EE530BB81FB2237619B15F953052B1
Chrome Cache Entry: 105	PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced	9D73B3AA30BCE9D8F166DE5178AE4338	D0CBC46850D8ED54625A3B2B01A2C31F37977E75	DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
Chrome Cache Entry: 106	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 107	PNG image data, 16 x 13, 8-bit/color RGBA, non-interlaced	BFC48DF4E020D16249862A8EDC5BD42E	54BB411DC2D8E1B84F7559BD32DA79AA4808BDD0	8B581B79700F57BB3E1D4C12152A204F81FC75A1BFE05477E4922AA60152F657
Chrome Cache Entry: 108	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	E718A1B337A3197CBC7ED8C8F560FB5D	703765677CFEA246D06C2481E0BB495EC3D095F3	933453961F18E84204C8A3A13FBF771DF892E18DFD0C820C4437D99CC0EDED60
Chrome Cache Entry: 109	ASCII text, with very long lines (997)	BBECDF7AB66A8640099816AEBD2B3BC6	163C0FB32D7EC552890DB6115103C2CFB15B5717	D2F2BE2F25425965AFD8D6076248E14999DD97D85BAB9A580124832985F7959D
Chrome Cache Entry: 110	Web Open Font Format (Version 2), TrueType, length 34184, version 1.0	1ACA735014A6BB648F468EE476680D5B	6D28E3AE6E42784769199948211E3AA0806FA62C	E563F60814C73C0F4261067BD14C15F2C7F72ED2906670ED4076EBE0D6E9244A
Chrome Cache Entry: 111	PNG image data, 16 x 13, 8-bit/color RGBA, non-interlaced	BFC48DF4E020D16249862A8EDC5BD42E	54BB411DC2D8E1B84F7559BD32DA79AA4808BDD0	8B581B79700F57BB3E1D4C12152A204F81FC75A1BFE05477E4922AA60152F657
Chrome Cache Entry: 112	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 113	SVG Scalable Vector Graphics image	BA7AB7044D6C6C0240C3917858948CFF	3B840B104CB3D74D5A35FBD193ACA32D27815D3E	0189F7C6ED35A7BE5E51A30366FBC54C9C9E27D2511DB44895D85A1458F83AB5
Chrome Cache Entry: 114	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	E718A1B337A3197CBC7ED8C8F560FB5D	703765677CFEA246D06C2481E0BB495EC3D095F3	933453961F18E84204C8A3A13FBF771DF892E18DFD0C820C4437D99CC0EDED60
Chrome Cache Entry: 115	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 116	ASCII text, with very long lines (2124)	F46ACD807A10216E6EEE8EA51E0F14D6	4702F47070F7046689432DCF605F11364BC0FBED	D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
Chrome Cache Entry: 117	ASCII text, with very long lines (2124)	5845C4B4039A782892BA98EEFE3537FE	53094E84BE77E96AFE3B3F3CF337044A8AC3C4DB	F730FB8496D16C5F117388BB3F5F2B117DB2D49AA9C35E7BFD5318C7253DBFD2
Chrome Cache Entry: 118	ASCII text, with no line terminators	EC331136E75314D2030EE013B6069921	6B7428B8B15616A67F767D42964AF94FCBE2A803	A7358DF6B7B60280F2A0D7CD5B70A9F1DFA4FCE5C31FB1A24FB2F109AF7EE977
Chrome Cache Entry: 80	PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced	C5D27D213FDF0A83783C76F7DB91E9A9	6EFC214E562B8F2F0B769C1974F485715EFC26A1	D7A8DDC19CAB32B0D9D9B7B0AB33725B2241B79A69D67DEDE7510814BA0D65BD
Chrome Cache Entry: 81	ASCII text, with very long lines (597)	60B42368273C03A937F40E339BB29A52	C542037A8545D2282EF33A68C262A36987C7A398	5B42939D9E0285E943F61CA508A14C706388919D934D50838567884E8FC990F6
Chrome Cache Entry: 82	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 83	PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced	9D73B3AA30BCE9D8F166DE5178AE4338	D0CBC46850D8ED54625A3B2B01A2C31F37977E75	DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
Chrome Cache Entry: 84	PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced	C5D27D213FDF0A83783C76F7DB91E9A9	6EFC214E562B8F2F0B769C1974F485715EFC26A1	D7A8DDC19CAB32B0D9D9B7B0AB33725B2241B79A69D67DEDE7510814BA0D65BD
Chrome Cache Entry: 85	HTML document, ASCII text	4A6045C5CC99A75C422BCA6CF6C4D029	B7BD7BEE5C8C5B128C69BBB021684D871E0C05DD	7AE1B8F2A6D0DD214B0C12F9898328396DA94FCB26BDFD7D1D921627AADF662B
Chrome Cache Entry: 86	ASCII text, with very long lines (2294)	0A9CA0B85493CDB03AE2EBBCC05096B0	7AFA52AEC7E615DCF90187BC77E4BE2A04BCCE78	FC7C9DDA5CC36489EEFE65E42DEDBFF1156D6BA48E6E4068311A95BF360A3152
Chrome Cache Entry: 87	JSON data	BA6AB51487CFAEF8F7E56133C34AAE37	19DF244D1D07FF43020A7B001A5B27498507CB7D	FB20FC7C1F7CFCF723EFCEE54434C316E05EE614F707502344330828FFC1CC98
Chrome Cache Entry: 88	SVG Scalable Vector Graphics image	BA7AB7044D6C6C0240C3917858948CFF	3B840B104CB3D74D5A35FBD193ACA32D27815D3E	0189F7C6ED35A7BE5E51A30366FBC54C9C9E27D2511DB44895D85A1458F83AB5
Chrome Cache Entry: 89	ASCII text, with very long lines (2054)	EAB0DC82067FB5758A121009C7040231	8D869354F7A947ECC087B23868999BC53F77BDF7	9C77D6DB3131248F92AE41075F189B4ECC2E51BCFDCCA143719A83145F8AC070
Chrome Cache Entry: 90	ASCII text, with very long lines (65536), with no line terminators	C1FF39B98EC16FFF8698C27468A7C676	40BEB2301616450E33B31E7D60CDC776657F4719	C2A2E94E07145046BED4F0FF8DBD32AF1595CD963561EA1224E16D56D4CCD4DF
Chrome Cache Entry: 91	ASCII text, with very long lines (962)	1F793C92BD1DC3E776B4B61FE46CC648	8C231CFB41183F041FC5793D465F1B74CAD872C6	B87B7A49267E1712F9D29ED6DBE99FF290CBEE4DEA826ECC98E7FF3CD03158DE
Chrome Cache Entry: 92	ASCII text, with very long lines (1293)	E2965C7B2C07132BA0770965EFE81CA4	B1AA82452465DD74BC80BDA33C62CE7ECB172064	82B3F379A1BBB41DE5081E80DD9583AD5E77C011B501CDE5F9317463001F3CA2
Chrome Cache Entry: 93	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 94	ASCII text, with very long lines (1572)	A4D49184D5EE811D1F859C928D41BEE6	ACD6B3AD62D31E9E2CB37E2E931CC78CAAE5FCC0	10FB805E679F1F472880CE7651D5B39F8EE4DA5483CA55F96C26898FB115DB9F
Chrome Cache Entry: 95	GIF image data, version 89a, 1 x 1	FC94FB0C3ED8A8F909DBC7630A0987FF	56D45F8A17F5078A20AF9962C992CA4678450765	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
Chrome Cache Entry: 96	ASCII text, with very long lines (1841)	298D44CF3F67842626FCC491DF230DE9	AAB1261CE5A8D6335A5A2F962AA194E6029EA9C6	2D6A0979709E301734C97FC66D5D94AB3F515A4AF9ECCFF49C09F0FD31BB9749
Chrome Cache Entry: 97	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	916C9BCCCF19525AD9D3CD1514008746	9CCCE6978D2417927B5150FFAAC22F907FF27B6E	358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50
Chrome Cache Entry: 98	JSON data	83A8719F50F54A04835CF33B68E9DA68	9A5B826814B6AF5960092F0D995E5D9C6317FC49	E4C44B356156B57A483B9B8468946997FDEFFBCD600482C0B362ED9768A071FA
Chrome Cache Entry: 99	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	916C9BCCCF19525AD9D3CD1514008746	9CCCE6978D2417927B5150FFAAC22F907FF27B6E	358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50

HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49774 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49800 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49774 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /auth_warmup HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=LDrJ9zBTfV3pZoB17-ucCt8Zz8qN3VlMNirXBwN3lL38osEIIBAicWnp7d6uNnjQtfdG6fx8PX6cjx7dUbpzl-GQN9nP0JawAN4gykMhvMcwX9a7Z26i2B-_oWa2zcc57PgU34WY5gxt8OX9jNFYivIltP70VHJOUxgoiTCuyDs
Source: global traffic	HTTP traffic detected: GET /drivesharing/clientmodel?id=12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.com HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=LDrJ9zBTfV3pZoB17-ucCt8Zz8qN3VlMNirXBwN3lL38osEIIBAicWnp7d6uNnjQtfdG6fx8PX6cjx7dUbpzl-GQN9nP0JawAN4gykMhvMcwX9a7Z26i2B-_oWa2zcc57PgU34WY5gxt8OX9jNFYivIltP70VHJOUxgoiTCuyDs
Source: global traffic	HTTP traffic detected: GET /viewer2/prod-01/archive?ck=drive&ds=APznzaZx5nAprH_U-3S3p79NDN5zTZblloNhn_gSJSBxMg9DJiUArmcek9liWF_JNJjgJCQjzuwJqwz8Qa4fO0JUELJuF1IfxlPeYN0XvjwrcgCVROX6dofUomAg0MaI4bw5Rkjjs2NQXBzRqEBHpcNzUtMMaUSkC6pFkQUQBfsNwREzd_x6dAXXxMtFWS8_UnvaIAKhEtSAN1F2n5lKGcutXt5vlY-rp_jmDPdOMFTS_QOXC1M55k_ij8cmxTaO15S7tX98BDWS34Hi1ZR9bLX9_lpXMnVWiNRT-OOBSXM3Zk9pTPtQ1Y3eWdMAoiQR9lwtB6EtD3YhrP91HR78LhZababXRODFCD_A1U1iyaSxj5Xh3tv1ePF2GaQtI6X8SWaIcV0JfDNwtYMaO7WygrawGKsZK88ANQ%3D%3D&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=LDrJ9zBTfV3pZoB17-ucCt8Zz8qN3VlMNirXBwN3lL38osEIIBAicWnp7d6uNnjQtfdG6fx8PX6cjx7dUbpzl-GQN9nP0JawAN4gykMhvMcwX9a7Z26i2B-_oWa2zcc57PgU34WY5gxt8OX9jNFYivIltP70VHJOUxgoiTCuyDs
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /viewer2/prod-01/archive?ck=drive&ds=APznzaZx5nAprH_U-3S3p79NDN5zTZblloNhn_gSJSBxMg9DJiUArmcek9liWF_JNJjgJCQjzuwJqwz8Qa4fO0JUELJuF1IfxlPeYN0XvjwrcgCVROX6dofUomAg0MaI4bw5Rkjjs2NQXBzRqEBHpcNzUtMMaUSkC6pFkQUQBfsNwREzd_x6dAXXxMtFWS8_UnvaIAKhEtSAN1F2n5lKGcutXt5vlY-rp_jmDPdOMFTS_QOXC1M55k_ij8cmxTaO15S7tX98BDWS34Hi1ZR9bLX9_lpXMnVWiNRT-OOBSXM3Zk9pTPtQ1Y3eWdMAoiQR9lwtB6EtD3YhrP91HR78LhZababXRODFCD_A1U1iyaSxj5Xh3tv1ePF2GaQtI6X8SWaIcV0JfDNwtYMaO7WygrawGKsZK88ANQ%3D%3D&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /js/googleapis.proxy.js?onload=startup HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cXkZwHTpU45pOMB&MD=+MDlyW+f HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/docos/p/sync?resourcekey&id=12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv&reqid=0 HTTP/1.1Host: drive.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /a-/ALV-UjVb9SFnDTZyqkqHArY-sJwqn-ErkFj9L3KnrN0g71pcwcnP-g=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a-/ALV-UjVb9SFnDTZyqkqHArY-sJwqn-ErkFj9L3KnrN0g71pcwcnP-g=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=bSSVaOnUMe2pdvInaAxjtpj5OYa71e5iX74519oy8_6eDxZey4xuNRF6Kb4PdqOJjEAoQEyv0J9KXZysigw-bfMElUgEZdsqScEvgaOZ6Ng3YN7p66pSDZiCvGjy4UQ2Rr1sSTlscTWDZaxX_fQrbfTHHwNG3fee-I6zo9v9Dy8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cXkZwHTpU45pOMB&MD=+MDlyW+f HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_89.2.dr	String found in binary or memory: disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}, equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: ff=u(["https://sandbox.google.com/tools/feedback/"]),gf=u(["https://www.google.cn/tools/feedback/"]),hf=u(["https://help.youtube.com/tools/feedback/"]),jf=u(["https://asx-frontend-staging.corp.google.com/inapp/"]),kf=u(["https://asx-frontend-staging.corp.google.com/tools/feedback/"]),lf=u(["https://localhost.corp.google.com/inapp/"]),mf=u(["https://localhost.proxy.googlers.com/inapp/"]),nf=S(Pe),of=[S(Qe),S(Re)],pf=[S(Se),S(Te),S(Ue),S(Ve),S(We),S(Xe),S(Ye),S(Ze),S($e),S(af)],qf=[S(bf),S(cf)],rf= equals www.youtube.com (Youtube)
Source: chromecache_81.2.dr	String found in binary or memory: var xzb=function(a){return ph(function(){return JC(a,wzb,l5a)},function(b,c){(void 0===c\|\|500>c)&&b.cancel()},function(b,c){(void 0===c\|\|500>c)&&b.cancel()}).then()},yzb=function(a,b){b.then(function(){a.state=2;for(var c=n(a.C),d=c.next();!d.done;d=c.next())d.value.Nc.resolve();a.C.splice(0,a.C.length)},function(){var c=a.C.shift();c?(yzb(a,c.promise),c.Nc.resolve()):a.state=0})};var zzb=function(a){J.call(this);this.context=a;a=this.context.fa();this.C=SC(a)\|\|new VF;this.He=new Sh(F(this.C,6,"AIzaSyDVQw45DwoYh632gvsP5vPDqEKvb-Ywnb8"),ki(a)\|\|"0",F(this.C,7,"https://workspacevideo-pa.googleapis.com"),void 0,!0,void 0,!0,void 0,void 0);this.He.init();this.sa(this.He)};N(zzb,J);var Azb=function(a){XF.call(this,a.ma());this.context=a};N(Azb,XF);Azb.prototype.D=function(){return"onYouTubeIframeAPIReady"};Azb.prototype.H=function(){var a=SC(this.context.fa())\|\|new VF;return WAa(F(a,1,"https://www.youtube.com"),"iframe_api")};Azb.prototype.C=function(){return xj("YT.Player",this.ma().getWindow())};var rJ=function(a){If.call(this);this.C=a;this.sa(this.C);var b=a.fa();a=a.ma();this.L=null;this.ha=!1;this.R=0;this.O=null;CC(b)\|\|uf(b,83);var c=M(b,hD,112);c=null!=c?D(c,1):null;c="string"===typeof c?pe(c):"https://drive.google.com";this.Ha=TOa(c);this.J=new yh(this);this.sa(this.J);this.D=new dhb;this.sa(this.D);Bzb(this,b,a);c=this.C.fa();var d=M(c,hD,112);null!=d&&oi(d,7)&&(cF(this.D,new f7a(this.C)),cF(this.D,new mD(this.C)));(d=Rh(c))&&G(d,7,!1)&&(cF(this.D,new oD(this.C)),cF(this.D,new m7a(this.C))); equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: blobcomments-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: peoplestackwebexperiments-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com

Source: unknown

Source: chromecache_92.2.dr, chromecache_81.2.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: chromecache_104.2.dr	String found in binary or memory: http://localhost.corp.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: http://localhost.proxy.googlers.com/inapp/
Source: chromecache_81.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_113.2.dr, chromecache_88.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: chromecache_113.2.dr, chromecache_88.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch/ns
Source: chromecache_86.2.dr, chromecache_81.2.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_92.2.dr	String found in binary or memory: https://accounts.google.com/o/fedcm/config.json
Source: chromecache_92.2.dr, chromecache_117.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_92.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_96.2.dr, chromecache_81.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_104.2.dr, chromecache_81.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_89.2.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js
Source: chromecache_85.2.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: chromecache_81.2.dr	String found in binary or memory: https://apps-drive-picker-dev.corp.google.com/picker/minpick/main
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_89.2.dr	String found in binary or memory: https://classroom.google.com/sharewidget?usegapi=1
Source: chromecache_89.2.dr	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1
Source: chromecache_81.2.dr	String found in binary or memory: https://clients5.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://clients5.google.com/webstore/wall/widget
Source: chromecache_96.2.dr, chromecache_116.2.dr, chromecache_92.2.dr, chromecache_117.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_92.2.dr	String found in binary or memory: https://console.developers.google.com/
Source: chromecache_96.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_92.2.dr, chromecache_117.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_92.2.dr, chromecache_81.2.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_89.2.dr	String found in binary or memory: https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1
Source: chromecache_92.2.dr	String found in binary or memory: https://developers.google.com/
Source: chromecache_92.2.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: chromecache_92.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/gis-migration)
Source: chromecache_92.2.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: chromecache_81.2.dr	String found in binary or memory: https://docs.google.com/document/d/1kganm9BHI3TsF8ogVulX2o4DzzO8XA4gu8aIKneTTNU/preview
Source: chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_81.2.dr	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com/drive/my-drive
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com/picker/minpick/main
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com/requestreview?id=
Source: chromecache_89.2.dr	String found in binary or memory: https://drive.google.com/savetodrivebutton?usegapi=1
Source: chromecache_81.2.dr	String found in binary or memory: https://drive.google.com/viewer
Source: chromecache_81.2.dr	String found in binary or memory: https://drivemetadata.clients6.google.com
Source: chromecache_89.2.dr	String found in binary or memory: https://families.google.com/webcreation?usegapi=1&usegapi=1
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback-pa.clients6.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/annotator.css
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/render_frame2.html
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_104.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_94.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_96.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/e/notoemoji/
Source: chromecache_94.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v59/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_86.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialiconsfilled/close/v19/gm_grey200-24dp/1x/gm_filled_close
Source: chromecache_104.2.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_104.2.dr	String found in binary or memory: https://help.youtube.com/tools/feedback/
Source: chromecache_96.2.dr, chromecache_81.2.dr	String found in binary or memory: https://lh3.googleusercontent.com/a/default-user
Source: chromecache_104.2.dr	String found in binary or memory: https://localhost.corp.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://localhost.proxy.googlers.com/inapp/
Source: chromecache_81.2.dr	String found in binary or memory: https://mygoogle.corp.google.com/help/answer/9011840
Source: chromecache_81.2.dr	String found in binary or memory: https://onepick-autopush.sandbox.google.com/picker/minpick/main
Source: chromecache_81.2.dr	String found in binary or memory: https://onepick-preprod.sandbox.google.com/picker/minpick/main
Source: chromecache_81.2.dr	String found in binary or memory: https://onepick-staging-drivequal.sandbox.google.com/picker/minpick/main
Source: chromecache_81.2.dr	String found in binary or memory: https://onepick-staging.sandbox.google.com/picker/minpick/main
Source: chromecache_89.2.dr	String found in binary or memory: https://pay.google.com/gp/v/widget/save
Source: chromecache_81.2.dr	String found in binary or memory: https://play.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_89.2.dr	String found in binary or memory: https://play.google.com/work/embedded/search?usegapi=1&usegapi=1
Source: chromecache_117.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_81.2.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_81.2.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_81.2.dr	String found in binary or memory: https://policies.google.com/terms/generative-ai
Source: chromecache_81.2.dr	String found in binary or memory: https://preprod-dynamite-alpha-us-signaler-pa.clients6.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://preprod-dynamite-alpha-us-signaler-pa.googleapis.com
Source: chromecache_81.2.dr	String found in binary or memory: https://punctual-dev.corp.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_104.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_104.2.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://signaler-pa.clients6.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://signaler-pa.googleapis.com
Source: chromecache_81.2.dr	String found in binary or memory: https://signaler-pa.youtube.com
Source: chromecache_81.2.dr	String found in binary or memory: https://signaler-staging.sandbox.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://ssl.gstatic.com/docs/common/cleardot.gif
Source: chromecache_92.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: chromecache_89.2.dr	String found in binary or memory: https://ssl.gstatic.com/microscope/embed/
Source: chromecache_104.2.dr	String found in binary or memory: https://stagingqual-feedback-pa-googleapis.sandbox.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com
Source: chromecache_104.2.dr, chromecache_81.2.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/contacts/answer/7345608
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/docs/answer/37603
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/docs/answer/49114
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/docs/answer/65129
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/docs/answer/65129?hl=en-GB
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/docs?p=comments_guide
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2407404?hl=en
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2423485?hl=%s
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2423694
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/drive/answer/7650301
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_requester_terms
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_signer_terms
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_signer_tos
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_81.2.dr	String found in binary or memory: https://support.google.com/legal/answer/3110420
Source: chromecache_89.2.dr	String found in binary or memory: https://talkgadget.google.com/:session_prefix:talkgadget/_/widget
Source: chromecache_104.2.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_81.2.dr	String found in binary or memory: https://workspace.google.com
Source: chromecache_89.2.dr, chromecache_116.2.dr, chromecache_117.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_81.2.dr	String found in binary or memory: https://workspacevideo-pa.googleapis.com
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_81.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_81.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true
Source: chromecache_89.2.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/badge?usegapi=1
Source: chromecache_89.2.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/optin?usegapi=1
Source: chromecache_104.2.dr, chromecache_81.2.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_92.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: chromecache_117.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_117.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_81.2.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_81.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/calendar_2020q4/v13/192px.svg
Source: chromecache_81.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/tasks/v10/192px.svg
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_86.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_89.2.dr	String found in binary or memory: https://www.gstatic.com/partners/badge/templates/badge.html?usegapi=1
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_email_address_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_name_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_copy_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_cut_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/email_copy_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/info_outline_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/phone_copy_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/visibility_grey300.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/visibility_off_grey200.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_email_address_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_name_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_copy_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_cut_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/domain_disabled_grey900.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/email_copy_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/info_outline_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/phone_copy_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/visibility_grey700.svg
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/visibility_off_grey700.svg
Source: chromecache_81.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_81.2.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_89.2.dr	String found in binary or memory: https://www.youtube.com/subscribe_embed?usegapi=1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49800 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/71@26/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2096,i,3259511740123321582,4811320085073021387,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2096,i,3259511740123321582,4811320085073021387,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1438245
Product:	CloudBasic
Start time:	14:14:25
Start date:	08.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://drive.google.com/file/d/12wgdoVCUtzv9UaHMbhtpDEnvd4Ke5bzv/view?usp=drivesdk