Loading ...

Play interactive tourEdit tour

Analysis Report Swift-Receipt222.pdf

Overview

General Information

Sample Name:Swift-Receipt222.pdf
Analysis ID:432799
MD5:a67be3d1f4d7f321f58f068399f1fa11
SHA1:f6872349a822b44ed2662e044995f376bec69fdd
SHA256:575125b2fcad78ccfd6ac81b71077cfee9c24a92c8549b6185b8a5689c9f895f
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found potential malicious PDF (bad image similarity)
Yara detected HtmlPhish10
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Found iframes
HTML body contains low number of good links
IP address seen in connection with other malware
Invalid 'forgot password' link found
JA3 SSL client fingerprint seen in connection with other malware
No HTML title found
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Unusual large HTML page

Classification

Process Tree

  • System is w10x64
  • AcroRd32.exe (PID: 6404 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Swift-Receipt222.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • AcroRd32.exe (PID: 6528 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • RdrCEF.exe (PID: 6692 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6904 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6912 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 7088 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 5872 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
    • chrome.exe (PID: 996 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=' MD5: C139654B5C1438A95B321BB01AD63EF6)
      • chrome.exe (PID: 6996 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
      • chrome.exe (PID: 6588 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
      • chrome.exe (PID: 6480 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

barindex
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 17087.pages.csv, type: HTML
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177225778&timestamp=1623377106846
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177225778&timestamp=1623377106846
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: /_/bscframe
Source: https://ga-ine.net/go/homeHTTP Parser: Number of links: 0
Source: https://ga-ine.net/go/homeHTTP Parser: Number of links: 0
Source: https://ga-ine.net/go/homeHTTP Parser: Invalid link: Forgot my password
Source: https://ga-ine.net/go/homeHTTP Parser: Invalid link: Forgot my password
Source: https://ga-ine.net/go/homeHTTP Parser: HTML title missing
Source: https://ga-ine.net/go/homeHTTP Parser: HTML title missing
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Total size: 1706137
Source: https://ga-ine.net/go/homeHTTP Parser: No <meta name="author".. found
Source: https://ga-ine.net/go/homeHTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="author".. found
Source: https://ga-ine.net/go/homeHTTP Parser: No <meta name="copyright".. found
Source: https://ga-ine.net/go/homeHTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49886 version: TLS 1.2
Source: global trafficDNS query: name: cliffskenya.com
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 20.150.208.6:443
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 151.80.25.150:80
Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox ViewIP Address: 91.199.212.52 91.199.212.52
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveContent-Type: text/html; charset=UTF-8Content-Length: 167Content-Encoding: gzipVary: Accept-EncodingDate: Thu, 10 Jun 2021 17:04:30 GMTData Raw: 1f 8b 08 00 00 00 00 00 00 03 25 ce b1 0e c2 20 14 40 d1 dd af 20 0c 6e 82 16 1b 8d 29 35 c6 c1 a6 43 57 a3 1b a5 58 30 14 48 fb a4 f8 f7 26 76 bb 39 d3 2d 26 39 9a 00 08 be 41 71 84 41 25 a0 6f 11 c5 c2 b8 9c 8d eb fc 4c ac 97 02 8c 77 44 8f ea 85 38 c2 1a 20 4c 27 4a 7b b1 31 4e 11 a7 80 f6 9e 5a df 1b 47 c4 14 d2 d9 74 fc 59 d5 b1 bd a5 d0 ba e6 22 ab 3a 4a d6 58 39 68 fb b8 a7 ad b8 e6 51 0e 92 af c5 07 34 67 47 b6 cf 14 db b1 43 a6 58 ce b2 7f 1f 71 41 97 8d 72 f5 03 b4 00 65 3b a7 00 00 00 Data Ascii: % @ n)5CWX0H&v9-&9AqA%oLwD8 L'J{1NZGtY":JX9hQ4gGCXqAre;
Source: global trafficHTTP traffic detected: GET /rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc= HTTP/1.1Host: drollins.cliffskenya.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: zerossl.crt.sectigo.com
Source: 2ce38f300ec8bea9_0.18.drString found in binary or memory: ://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav equals www.youtube.com (Youtube)
Source: 2ce38f300ec8bea9_0.18.drString found in binary or memory: www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: cliffskenya.com
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0//1.0/V7k
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/1.0/
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.19.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Current Session.18.drString found in binary or memory: http://drollins.cliffskenya.com
Source: Favicons-journal.18.dr, History.18.dr, History-journal.18.drString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=
Source: Swift-Receipt222.pdfString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=)
Source: History.18.drString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=/#
Source: AcroRd32.exe, 00000001.00000002.420388313.000000000CDEA000.00000004.00000001.sdmp, History Provider Cache.18.drString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=2
Source: History Provider Cache.18.drString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=2:
Source: AcroRd32.exe, 00000001.00000002.418935057.000000000B491000.00000004.00000001.sdmpString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=5
Source: Favicons-journal.18.drString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=B
Source: History-journal.18.drString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=E
Source: History-journal.18.drString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=FH
Source: AcroRd32.exe, 00000001.00000002.418209299.000000000B191000.00000004.00000001.sdmpString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=_8D
Source: AcroRd32.exe, 00000001.00000002.414465174.000000000A770000.00000004.00000001.sdmpString found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=ontainerSize
Source: AcroRd32.exe, 00000001.00000002.418636294.000000000B332000.00000004.00000001.sdmpString found in binary or memory: http://en.wikipedia
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/g
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmpString found in binary or memory: http://www.adobe.
Source: AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmpString found in binary or memory: http://www.adobe.co
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/77
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/property#3
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#r
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfe/ns/id/B5
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmpString found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmpString found in binary or memory: http://www.quicktime.com.Acrobat
Source: 10BDC45B4A27319429BBC4F08A4E8A10.19.drString found in binary or memory: http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt
Source: AcroRd32.exe, 00000001.00000002.420813546.000000000CE6B000.00000004.00000001.sdmpString found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.418863963.000000000B42E000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/c
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i-
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/iW
Source: Reporting and NEL.19.drString found in binary or memory: https://a.nel.cloudflare.com/report/v2?s=tg%2FqX4LyDc8GF%2FiWUQV9RYkrHH4EYSSuDyGsvPKbbkcOEXtu0TRXBkF
Source: 000003.log5.18.drString found in binary or memory: https://about.google
Source: Network Action Predictor.18.dr, b8c3df9b5168fca9_0.18.dr, 346866bbe969e451_0.18.drString found in binary or memory: https://about.google/
Source: 1154c6710157da27_0.18.drString found in binary or memory: https://about.google/3
Source: ca5dd8c4d05c0b30_0.18.drString found in binary or memory: https://about.google/Y
Source: ca5dd8c4d05c0b30_0.18.drString found in binary or memory: https://about.google/assets-products/js/index.min.js?cache=627e25d
Source: Favicons.18.drString found in binary or memory: https://about.google/favicon.ico
Source: Favicons.18.drString found in binary or memory: https://about.google/favicon.ico0
Source: Favicons.18.drString found in binary or memory: https://about.google/intl/en/products
Source: Current Session.18.drString found in binary or memory: https://about.google/intl/en/products/
Source: Current Session.18.drString found in binary or memory: https://about.google/intl/en/products/3Browse
Source: History.18.drString found in binary or memory: https://about.google/intl/en/products/Browse
Source: History.18.drString found in binary or memory: https://about.google/intl/en/productsBrowse
Source: 000003.log5.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.drString found in binary or memory: https://accounts.google.com
Source: Current Session.18.drString found in binary or memory: https://accounts.google.com#
Source: d076b6fa748cc943_0.18.drString found in binary or memory: https://accounts.google.com/
Source: f2a8eb5d2b3ff76f_0.18.drString found in binary or memory: https://accounts.google.com//E
Source: Current Session.18.dr, History.18.drString found in binary or memory: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https://policies.google.com/privac
Source: Current Session.18.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: History.18.drString found in binary or memory: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.goo
Source: fe0519b5b8b2b844_0.18.drString found in binary or memory: https://accounts.google.com/u
Source: Current Session.18.drString found in binary or memory: https://accounts.google.comh
Source: Current Session.18.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177
Source: Network Action Predictor.18.drString found in binary or memory: https://ajax.googleapis.com/
Source: 29b9e743bf6a96f6_0.18.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.comgs
Source: 150501eb52c82ec4_0.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.drString found in binary or memory: https://apis.google.com
Source: 150501eb52c82ec4_0.18.dr, 5a55e44991ac8b2b_0.18.drString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.vQiXRrxCe40.O/m=gapi_iframes
Source: 33358dc9738a86ce_0.18.dr, a6f875b417e34ffa_0.18.drString found in binary or memory: https://apis.google.com/js/api.js
Source: Network Action Predictor.18.drString found in binary or memory: https://cdnjs.cloudflare.com/
Source: 6eaf70376a4c0fcb_0.18.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.18.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://clients2.googleusercontent.com
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://clients6.google.com
Source: Network Action Predictor.18.drString found in binary or memory: https://code.jquery.com/
Source: 18a574279a460c61_0.18.drString found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 150501eb52c82ec4_0.18.dr, manifest.json0.18.drString found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.19.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsDomainCookiesCheckConnectionHttp/external
Source: Reporting and NEL.19.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi/external
Source: Reporting and NEL.19.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/external
Source: Reporting and NEL.19.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/externalr
Source: Reporting and NEL.19.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi/external
Source: 120b86f3-b3c5-47f9-a252-a729121ab9fd.tmp.19.dr, d3f71dd8-af7e-4572-962d-7a741cc75787.tmp.19.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://dns.google
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: manifest.json0.18.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.18.drString found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.18.drString found in binary or memory: https://fonts.googleapis.com;
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor.18.drString found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.18.drString found in binary or memory: https://fonts.gstatic.com;
Source: 000003.log5.18.drString found in binary or memory: https://ga-ine.net
Source: 18a574279a460c61_0.18.dr, Network Action Predictor.18.dr, 29b9e743bf6a96f6_0.18.dr, 4e44c6b63048c53f_0.18.drString found in binary or memory: https://ga-ine.net/
Source: Favicons.18.drString found in binary or memory: https://ga-ine.net/favicon.ico
Source: Favicons-journal.18.drString found in binary or memory: https://ga-ine.net/favicon.icoB
Source: Current Session.18.drString found in binary or memory: https://ga-ine.net/go/home
Source: Favicons.18.drString found in binary or memory: https://ga-ine.net/go/home3
Source: History.18.drString found in binary or memory: https://ga-ine.net/go/homeSign
Source: Current Session.18.drString found in binary or memory: https://ga-ine.net/go/homeT
Source: Current Session.18.drString found in binary or memory: https://ga-ine.net/go/homefm
Source: Current Session.18.dr, Favicons.18.drString found in binary or memory: https://ga-ine.net/go/login.aspx?id=ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=&auth=38342e31372e35322e3138
Source: 5925aba0295ba9a2_0.18.drString found in binary or memory: https://ga-ine.net/o#
Source: Current Session.18.drString found in binary or memory: https://ga-ine.neth
Source: 1fc81d98e0bca5b5_0.18.dr, 901b648cd82f37e1_0.18.dr, 3dbe54b7c92541c6_0.18.dr, abd4f02146639bbf_0.18.drString found in binary or memory: https://google.com/
Source: 89976388d776040a_0.18.drString found in binary or memory: https://google.com/0q
Source: 70f3e0500aa4a1d7_0.18.drString found in binary or memory: https://google.com/3
Source: 0bd7a193caaa1084_0.18.drString found in binary or memory: https://google.com/5
Source: 3dbe54b7c92541c6_0.18.drString found in binary or memory: https://google.com/:
Source: 031517cf987ed5ca_0.18.drString found in binary or memory: https://google.com/F
Source: 3dbe54b7c92541c6_0.18.drString found in binary or memory: https://google.com/JF
Source: 2ef175f79a71fadd_0.18.drString found in binary or memory: https://google.com/L
Source: 5528c7caf4fa1401_0.18.drString found in binary or memory: https://google.com/L-m
Source: 68b3bfd079cc9fcd_0.18.drString found in binary or memory: https://google.com/Qr
Source: 0355d4a94b58528a_0.18.drString found in binary or memory: https://google.com/T
Source: 08d531cb4a36a419_0.18.drString found in binary or memory: https://google.com/V
Source: 1fde12061b590deb_0.18.drString found in binary or memory: https://google.com/Z
Source: 2a8215f3bb8c1a18_0.18.drString found in binary or memory: https://google.com/_;
Source: ed2289f19713d927_0.18.drString found in binary or memory: https://google.com/f
Source: 3dbe54b7c92541c6_0.18.drString found in binary or memory: https://google.com/h
Source: 3dbe54b7c92541c6_0.18.drString found in binary or memory: https://google.com/hA9=
Source: 6f8306580c7f29f4_0.18.drString found in binary or memory: https://google.com/k
Source: 3dbe54b7c92541c6_0.18.drString found in binary or memory: https://google.com/l
Source: 07f049ed7c03b867_0.18.drString found in binary or memory: https://google.com/p
Source: 3dbe54b7c92541c6_0.18.drString found in binary or memory: https://google.com/pF
Source: ec79fe2a6efd0153_0.18.drString found in binary or memory: https://google.com/r
Source: a45d7a7b5530ef14_0.18.drString found in binary or memory: https://google.com/x
Source: manifest.json0.18.drString found in binary or memory: https://hangouts.google.com/
Source: AcroRd32.exe, 00000001.00000002.407681471.000000000943F000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com
Source: Network Action Predictor.18.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: 4e44c6b63048c53f_0.18.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: Current Session.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://ogs.google.com
Source: Current Session.18.drString found in binary or memory: https://ogs.google.com#
Source: Current Session.18.drString found in binary or memory: https://ogs.google.com/widget/app/so?bc=1&origin=https%3A%2F%2Fpolicies.google.com&cn=app&pid=269&sp
Source: 2ce38f300ec8bea9_0.18.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: manifest.json.18.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://plus.google.com
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://plus.googleapis.com
Source: Current Session.18.drString found in binary or memory: https://policies.google.com
Source: Current Session.18.drString found in binary or memory: https://policies.google.com#
Source: Network Action Predictor.18.dr, Current Session.18.drString found in binary or memory: https://policies.google.com/
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/?hl=en
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/?hl=en-
Source: History.18.drString found in binary or memory: https://policies.google.com/?hl=enPrivacy
Source: History.18.drString found in binary or memory: https://policies.google.com/Privacy
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/Zq
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/faq?hl=en
Source: History.18.drString found in binary or memory: https://policies.google.com/faq?hl=enFAQ
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/faq?hl=ena
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/archive?hl=en
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/archive?hl=en2Updates:
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/archive?hl=en81
Source: History.18.drString found in binary or memory: https://policies.google.com/privacy/archive?hl=enUpdates:
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en3
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en3Data
Source: History.18.drString found in binary or memory: https://policies.google.com/privacy/frameworks?hl=enData
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/google-partners?hl=en
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/google-partners?hl=en5Who
Source: History.18.drString found in binary or memory: https://policies.google.com/privacy/google-partners?hl=enWho
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/key-terms?hl=en
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/key-terms?hl=en$Key
Source: History.18.drString found in binary or memory: https://policies.google.com/privacy/key-terms?hl=enKey
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy/key-terms?hl=enc
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy?hl=en
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy?hl=en)Privacy
Source: History.18.drString found in binary or memory: https://policies.google.com/privacy?hl=enPrivacy
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/privacy?hl=enm
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/technologies?hl=en
Source: History.18.drString found in binary or memory: https://policies.google.com/technologies?hl=enTechnologies
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/terms?hl=en
Source: Current Session.18.drString found in binary or memory: https://policies.google.com/terms?hl=en2Google
Source: History.18.drString found in binary or memory: https://policies.google.com/terms?hl=enGoogle
Source: Current Session.18.drString found in binary or memory: https://policies.google.comh
Source: manifest.json.18.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://ssl.gstatic.com
Source: 55eb0dad66b87c70_0.18.dr, f2a8eb5d2b3ff76f_0.18.drString found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en.QMyOJliEoZQ.O/am=B2CcYUEBEAAAGAAA
Source: Favicons.18.drString found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: Network Action Predictor.18.drString found in binary or memory: https://stackpath.bootstrapcdn.com/
Source: 5925aba0295ba9a2_0.18.drString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: messages.json62.18.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json62.18.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 33358dc9738a86ce_0.18.dr, a6f875b417e34ffa_0.18.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: 1154c6710157da27_0.18.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: Current Session.18.dr, History.18.drString found in binary or memory: https://www.google.ch/intl/en/about/products
Source: History.18.drString found in binary or memory: https://www.google.ch/intl/en/about/productsBrowse
Source: 000003.log5.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.drString found in binary or memory: https://www.google.com
Source: QuotaManager.18.drString found in binary or memory: https://www.google.com/
Source: QuotaManager.18.drString found in binary or memory: https://www.google.com//#
Source: Current Session.18.drString found in binary or memory: https://www.google.com/?hl=en
Source: History.18.drString found in binary or memory: https://www.google.com/?hl=enGoogle
Source: History.18.drString found in binary or memory: https://www.google.com/?hl=enGoogle/#
Source: Current Session.18.drString found in binary or memory: https://www.google.com/?hl=enf
Source: Favicons.18.drString found in binary or memory: https://www.google.com/favicon.ico
Source: Favicons.18.drString found in binary or memory: https://www.google.com/favicon.ico$
Source: Current Session.18.drString found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: History.18.drString found in binary or memory: https://www.google.com/intl/en/policies/privacy/Privacy
Source: Current Session.18.drString found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: History.18.drString found in binary or memory: https://www.google.com/intl/en/policies/terms/Google
Source: 9c4b2fb8ecb85057_0.18.drString found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.js
Source: 9c4b2fb8ecb85057_0.18.drString found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.jsaD
Source: cab3f1698d3d2ebb_0.18.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: Current Session.18.drString found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LegzyQbAAAAAG96AXv-vMSRmT9EpT6Do0YVnzG4&co=aHR0
Source: manifest.json0.18.drString found in binary or memory: https://www.google.com;
Source: Current Session.18.drString found in binary or memory: https://www.google.comh
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.18.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.18.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.18.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.18.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.18.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.18.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.18.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.18.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.18.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: 150501eb52c82ec4_0.18.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: manifest.json0.18.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.18.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.18.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.18.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 588e6311b9075013_0.18.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WQZB4J
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.drString found in binary or memory: https://www.gstatic.com
Source: Network Action Predictor.18.drString found in binary or memory: https://www.gstatic.com/
Source: ef04e44c72581d82_0.18.drString found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5
Source: a2c2b9d9a8196f25_0.18.dr, ed2289f19713d927_0.18.dr, 70f3e0500aa4a1d7_0.18.dr, dcc9f0651f3eb1d5_0.18.dr, 0bd7a193caaa1084_0.18.drString found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.pWi_f_o0gHU.
Source: a0f00e9291262984_0.18.dr, c261bc509fbe0d4a_0.18.dr, abd4f02146639bbf_0.18.dr, 2f41af10b56fa754_0.18.drString found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.Y7LEhkj7g0U.
Source: 1d9307e50ef6b7b0_0.18.drString found in binary or memory: https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js
Source: ef573254f07aabf4_0.18.drString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: ef573254f07aabf4_0.18.drString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.jsaD
Source: 4739ef39d3645e5f_0.18.drString found in binary or memory: https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js
Source: b8c3df9b5168fca9_0.18.drString found in binary or memory: https://www.gstatic.com/external_hosted/picturefill/picturefill.min.js
Source: 346866bbe969e451_0.18.drString found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: eaea161a7305b18c_0.18.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: eaea161a7305b18c_0.18.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: eaea161a7305b18c_0.18.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: c6406bd93370392e_0.18.drString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_d
Source: eaea161a7305b18c_0.18.drString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_dnp
Source: 07f049ed7c03b867_0.18.drString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=qabr
Source: 44f60fe7ed35ed6d_0.18.dr, 5278677776ece701_0.18.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js
Source: manifest.json0.18.drString found in binary or memory: https://www.gstatic.com;
Source: 000003.log5.18.drString found in binary or memory: https://www.youtube-nocookie.com
Source: Current Session.18.drString found in binary or memory: https://www.youtube-nocookie.com#
Source: 000003.log0.18.drString found in binary or memory: https://www.youtube-nocookie.com/
Source: Current Session.18.drString found in binary or memory: https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.drString found in binary or memory: https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.drString found in binary or memory: https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.drString found in binary or memory: https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: 2b9380256e0a7a8e_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.js
Source: 2b9380256e0a7a8e_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.jsaD
Source: 0626ecbe5215288e_0.18.dr, 2ce38f300ec8bea9_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.js
Source: 2ce38f300ec8bea9_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.jsaD
Source: a68c1a61e9e21efe_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.js
Source: a68c1a61e9e21efe_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.jsaD
Source: d5509dd7f30867b1_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.js
Source: 2561f356ea6372ae_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsa
Source: 2561f356ea6372ae_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsaD
Source: 47711346e1444dcc_0.18.dr, ac0c226a3fc548ab_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.js
Source: 47711346e1444dcc_0.18.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.jsaD
Source: 0626ecbe5215288e_0.18.drString found in binary or memory: https://youtube-nocookie.com/
Source: 9c4b2fb8ecb85057_0.18.drString found in binary or memory: https://youtube-nocookie.com//
Source: a68c1a61e9e21efe_0.18.drString found in binary or memory: https://youtube-nocookie.com/EE
Source: ef573254f07aabf4_0.18.drString found in binary or memory: https://youtube-nocookie.com/S
Source: ac0c226a3fc548ab_0.18.drString found in binary or memory: https://youtube-nocookie.com/j
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
Source: unknownNetwork traffic detected: HTTP traff