Analysis Report http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut

Overview

General Information

Sample URL: http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut
Analysis ID: 433022
Infos:

Most interesting Screenshot:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Drops files with a non-matching file extension (content does not match file extension)
Found iframes
Unusual large HTML page

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Found iframes
Source: https://milanote.com/ HTTP Parser: Iframe src: https://milanote.prismic.io/toolbar/bootstrap
Source: https://milanote.com/ HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-54XWBQ4
Source: https://milanote.com/ HTTP Parser: Iframe src: https://app.milanote.com/embed/auth-status
Source: https://milanote.com/ HTTP Parser: Iframe src: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Source: https://milanote.com/ HTTP Parser: Iframe src: https://milanote.prismic.io/toolbar/bootstrap
Source: https://milanote.com/ HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-54XWBQ4
Source: https://milanote.com/ HTTP Parser: Iframe src: https://app.milanote.com/embed/auth-status
Source: https://milanote.com/ HTTP Parser: Iframe src: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1822412679&timestamp=1623419268688
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1822412679&timestamp=1623419268688
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: /_/bscframe
Unusual large HTML page
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Total size: 1716079
Source: https://milanote.com/ HTTP Parser: No <meta name="author".. found
Source: https://milanote.com/ HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="author".. found
Source: https://milanote.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://milanote.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 34.198.55.140:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.217.196.79:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.217.196.79:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.198.55.140:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 99.83.219.81:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.170.0.145:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.208:443 -> 192.168.2.3:49873 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.208:443 -> 192.168.2.3:49874 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.92.196:443 -> 192.168.2.3:49879 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.55.94.115:443 -> 192.168.2.3:49886 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.55.94.115:443 -> 192.168.2.3:49887 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.3:49893 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.244.42.5:443 -> 192.168.2.3:49898 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.215.205.165:443 -> 192.168.2.3:49894 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.215.205.165:443 -> 192.168.2.3:49895 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.99.118:443 -> 192.168.2.3:49909 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.99.113:443 -> 192.168.2.3:49924 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.55.94.115:443 -> 192.168.2.3:49928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.244.42.67:443 -> 192.168.2.3:49943 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.3:49996 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.3:49997 version: TLS 1.2
Source: global traffic HTTP traffic detected: GET /1LQWMe1tFoGL1X?p=oGL1dCkr1ut HTTP/1.1Host: app.milanote.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: Reporting and NEL.1.dr String found in binary or memory: coep_reporthttps://www.facebook.com/browser_reporting/ equals www.facebook.com (Facebook)
Source: Reporting and NEL.1.dr String found in binary or memory: coep_reporthttps://www.facebook.com/browser_reporting/r equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: unknown DNS traffic detected: queries for: app.milanote.com
Source: Current Session.0.dr, History-journal.0.dr String found in binary or memory: http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut
Source: History Provider Cache.0.dr String found in binary or memory: http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut2
Source: History-journal.0.dr String found in binary or memory: http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1utMilanote
Source: History-journal.0.dr String found in binary or memory: http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1utMilanote/#
Source: Current Session.0.dr String found in binary or memory: http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1uti$
Source: Favicons-journal.0.dr String found in binary or memory: http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1utq
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/.3/1
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 000003.log4.0.dr String found in binary or memory: http://help.milanote.com
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/O
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/?
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/k
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://o.ss2.us/0
Source: 2A7611428D62805A3E4E5BC4103D82E4_93980168F338F037DAF9798B595DCB15.1.dr String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1Jg
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://ocsp.sca1b.amazontrust.com06
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://s.ss2.us/r.crl0
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#?
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/r
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/x
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#T
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 0000000B.00000003.561717646.000000000D45C000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/%
Source: AcroRd32.exe, 0000000B.00000003.563853886.000000000D079000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/l
Source: AcroRd32.exe, 0000000B.00000002.633653537.0000000007D60000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 0000000B.00000002.633653537.0000000007D60000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 0000000B.00000002.633653537.0000000007D60000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 0000000B.00000002.633653537.0000000007D60000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 0000000B.00000002.633653537.0000000007D60000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 0000000B.00000002.633653537.0000000007D60000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 0000000B.00000002.633653537.0000000007D60000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 0000000B.00000002.633653537.0000000007D60000.00000002.00000001.sdmp String found in binary or memory: http://www.quicktime.com.Acrobat
Source: 2cc80dabc69f58b6_0.0.dr String found in binary or memory: http://x.ss2.us/x.cer0&
Source: AcroRd32.exe, 0000000B.00000003.563967088.000000000D117000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 0000000B.00000003.563967088.000000000D117000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync//
Source: AcroRd32.exe, 0000000B.00000003.563967088.000000000D117000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/9
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/8214
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/:Sma=
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Clas
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Win
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/m&c
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/se
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v2?s=%2BY3ilPQKNo0Ksp9JPr5mVUfsjGVkwMv4GNH2ZH76H7k9usHTT33EYt5gH
Source: 2d644143157c1488_0.0.dr String found in binary or memory: https://a.quora.com/qevents.js
Source: 000003.log4.0.dr String found in binary or memory: https://about.google
Source: 4739ef39d3645e5f_0.0.dr String found in binary or memory: https://about.google/
Source: c3dff2a742264e36_0.0.dr String found in binary or memory: https://about.google/assets-products/js/index.min.js?cache=992d56c
Source: Favicons-journal.0.dr String found in binary or memory: https://about.google/favicon.ico
Source: Favicons-journal.0.dr String found in binary or memory: https://about.google/favicon.ico$
Source: History-journal.0.dr String found in binary or memory: https://about.google/intl/en/products
Source: Current Session.0.dr String found in binary or memory: https://about.google/intl/en/products/
Source: Current Session.0.dr String found in binary or memory: https://about.google/intl/en/products/3Browse
Source: History-journal.0.dr String found in binary or memory: https://about.google/intl/en/products/Browse
Source: History-journal.0.dr String found in binary or memory: https://about.google/intl/en/productsBrowse
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://about.google/intl/en_IE/how-our-business-works
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://about.google/intl/en_IE/how-our-business-works)
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://about.google/intl/en_IE/how-our-business-worksT
Source: 1154c6710157da27_0.0.dr String found in binary or memory: https://about.google/l
Source: 346866bbe969e451_0.0.dr String found in binary or memory: https://about.google/s
Source: 588e6311b9075013_0.0.dr String found in binary or memory: https://about.google/sn
Source: 000003.log4.0.dr String found in binary or memory: https://accounts.google.com
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.com#
Source: bc5100b174374184_0.0.dr String found in binary or memory: https://accounts.google.com/
Source: 5e0207de1a6d50b8_0.0.dr String found in binary or memory: https://accounts.google.com/=%
Source: 0301da6c6587c074_0.0.dr String found in binary or memory: https://accounts.google.com/M
Source: Current Session.0.dr, History.0.dr String found in binary or memory: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https://policies.google.com/privac
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.com/_/bscframe
Source: 64a91c691595d7b3_0.0.dr String found in binary or memory: https://accounts.google.com/n
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: History.0.dr String found in binary or memory: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.goo
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.comh
Source: Current Session.0.dr String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1822
Source: AcroRd32.exe, 0000000B.00000003.313485230.000000000D08F000.00000004.00000001.sdmp String found in binary or memory: https://adssettings.google.com/
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://adssettings.google.com/)
Source: AcroRd32.exe, 0000000B.00000003.563420646.000000000D25C000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 0000000B.00000003.563420646.000000000D25C000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.comRL
Source: 4379a46c1df8bb34_0.0.dr, manifest.json0.0.dr, dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: c65b84782648633b_0.0.dr, 5a55e44991ac8b2b_0.0.dr String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.vQiXRrxCe40.O/m=gapi_iframes
Source: 000003.log4.0.dr String found in binary or memory: https://app.milanote.com
Source: QuotaManager.0.dr, 000003.log0.0.dr String found in binary or memory: https://app.milanote.com/
Source: 000003.log3.0.dr String found in binary or memory: https://app.milanote.com/0
Source: Current Session.0.dr String found in binary or memory: https://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut
Source: History Provider Cache.0.dr String found in binary or memory: https://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut2
Source: Favicons-journal.0.dr String found in binary or memory: https://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut8
Source: History-journal.0.dr String found in binary or memory: https://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1utMilanote
Source: History-journal.0.dr String found in binary or memory: https://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1utMilanote/#
Source: Current Session.0.dr String found in binary or memory: https://app.milanote.com/embed/auth-status
Source: Favicons-journal.0.dr, 079eca38d63b229e_0.0.dr String found in binary or memory: https://app.milanote.com/img/milanote-logo.ico
Source: 079eca38d63b229e_0.0.dr String found in binary or memory: https://app.milanote.com/img/milanote-logo.icoH
Source: Favicons-journal.0.dr String found in binary or memory: https://app.milanote.com/img/milanote-logo.icoq
Source: 88505dd35c71ab53_0.0.dr String found in binary or memory: https://app.milanote.com/img/milanote-pwa-logo-192.png
Source: 88505dd35c71ab53_0.0.dr String found in binary or memory: https://app.milanote.com/img/milanote-pwa-logo-192.pngH
Source: 000003.log3.0.dr String found in binary or memory: https://app.milanote.com/sw.js
Source: 2cc80dabc69f58b6_1.0.dr String found in binary or memory: https://app.milanote.com/sw.jsaD
Source: Current Session.0.dr String found in binary or memory: https://app.milanote.comh
Source: ac00d3e148282acc_0.0.dr String found in binary or memory: https://appleid.apple.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://appleid.cdn-apple.com/
Source: ac00d3e148282acc_0.0.dr String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js
Source: ac00d3e148282acc_0.0.dr String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.jsa
Source: ac00d3e148282acc_0.0.dr String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.jsaD
Source: e330a6b95543c8cb_0.0.dr String found in binary or memory: https://cdn.amplitude.com/libs/amplitude-4.5.2-min.gz.js
Source: d8879dbc808d2f9b_0.0.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/1.9.0/rollbar.min.js
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json1.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://clients6.google.com
Source: 30f34755fdaaef11_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-2.1.1.min.js
Source: 33e5517cffb503cf_0.0.dr String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: c9c7bbf288de874d_0.0.dr String found in binary or memory: https://connect.facebook.net/signals/config/1321292004574820?v=2.9.41&r=stable
Source: c65b84782648633b_0.0.dr, manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: Reporting and NEL.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/external
Source: Reporting and NEL.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/externalY
Source: Reporting and NEL.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi/external
Source: 186cbe35-8dd5-4972-b6cb-837d9d57825f.tmp.1.dr, dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr, 52acec72-f94a-4c88-8600-8e78aaecc4bd.tmp.1.dr String found in binary or memory: https://dns.google
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://domains.google.com/suggest/flow
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://ec.europa.eu/consumers/odr/main/index.cfm)
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32011L0083)
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: 68b3bfd079cc9fcd_0.0.dr, 5278677776ece701_0.0.dr String found in binary or memory: https://google.com/
Source: ce33077cfc7e8b01_0.0.dr String found in binary or memory: https://google.com/3
Source: 5a55e44991ac8b2b_0.0.dr String found in binary or memory: https://google.com/4Fm
Source: 0bd7a193caaa1084_0.0.dr String found in binary or memory: https://google.com/C
Source: 74d2b62ddbf87aeb_0.0.dr String found in binary or memory: https://google.com/M
Source: 3dbe54b7c92541c6_0.0.dr String found in binary or memory: https://google.com/NUp
Source: AcroRd32.exe, 0000000B.00000003.313485230.000000000D08F000.00000004.00000001.sdmp String found in binary or memory: https://google.com/contact
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://google.com/contact)
Source: 1fde12061b590deb_0.0.dr String found in binary or memory: https://google.com/k
Source: c6406bd93370392e_0.0.dr String found in binary or memory: https://google.com/yk
Source: 3dbe54b7c92541c6_0.0.dr String found in binary or memory: https://google.com/z
Source: 47a1872999e153fc_0.0.dr String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/886989311/?random=1623419241181&cv=
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: AcroRd32.exe, 0000000B.00000002.638809795.0000000009560000.00000004.00000001.sdmp String found in binary or memory: https://ims-na1.adobelogin.com
Source: f50340291dc935c2_0.0.dr String found in binary or memory: https://js.intercomcdn.com/app-modern.11abb06b.js
Source: 4fb8042086aad395_0.0.dr String found in binary or memory: https://js.intercomcdn.com/frame-modern.110399e6.js
Source: ec3f0f4389b46ea5_0.0.dr String found in binary or memory: https://js.intercomcdn.com/shim.latest.js
Source: 5db5de0446cd4591_0.0.dr String found in binary or memory: https://js.intercomcdn.com/vendor-modern.e2013c7e.js
Source: 95cc0d370b06af24_0.0.dr String found in binary or memory: https://js.intercomcdn.com/vendors~app-modern.05ffab01.js
Source: 000003.log4.0.dr String found in binary or memory: https://milanote.com
Source: a537aed7a826e6a4_0.0.dr, 0407b3ae67cd00bd_0.0.dr, 0688fad751c19b35_0.0.dr, 483052252a8d3ed9_0.0.dr, a96cdc9fcd78794f_0.0.dr, 000003.log0.0.dr String found in binary or memory: https://milanote.com/
Source: cf6f6ee08e2f7a7b_0.0.dr String found in binary or memory: https://milanote.com/0X
Source: Current Session.0.dr String found in binary or memory: https://milanote.com/4Milanote
Source: 7e43b93c9f1f9530_0.0.dr String found in binary or memory: https://milanote.com/7
Source: 0447ea93db317085_0.0.dr String found in binary or memory: https://milanote.com/=
Source: History-journal.0.dr String found in binary or memory: https://milanote.com/Milanote
Source: e330a6b95543c8cb_0.0.dr String found in binary or memory: https://milanote.com/S
Source: 5db5de0446cd4591_0.0.dr String found in binary or memory: https://milanote.com/T
Source: 033041f4d52a27a8_0.0.dr String found in binary or memory: https://milanote.com/W#
Source: Favicons-journal.0.dr String found in binary or memory: https://milanote.com/favicon.ico
Source: Favicons-journal.0.dr String found in binary or memory: https://milanote.com/favicon.ico0
Source: fd76199d31eb74e2_0.0.dr String found in binary or memory: https://milanote.com/m
Source: 33e5517cffb503cf_0.0.dr String found in binary or memory: https://milanote.com/p7z
Source: 84aaa7145897956c_0.0.dr String found in binary or memory: https://milanote.com/r
Source: Current Session.0.dr String found in binary or memory: https://milanote.comh
Source: bb7f022b781424ad_0.0.dr String found in binary or memory: https://milanote.prismic.io/...ebf61bd/javascripts/bootstrap.js
Source: fb2866bb3b0b87e7_0.0.dr String found in binary or memory: https://milanote.prismic.io/...ebf61bd/previews-router
Source: Current Session.0.dr String found in binary or memory: https://milanote.prismic.io/toolbar/bootstrap
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://myaccount.google.com/)
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://myaccount.google.com/security-checkup)
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json1.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://play.google.com
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://plus.google.com
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://plus.googleapis.com
Source: Current Session.0.dr String found in binary or memory: https://policies.google.com
Source: Current Session.0.dr String found in binary or memory: https://policies.google.com#
Source: AcroRd32.exe, 0000000B.00000003.313485230.000000000D08F000.00000004.00000001.sdmp, Network Action Predictor-journal.0.dr, Current Session.0.dr, History-journal.0.dr, google_terms_of_service_en_eu.pdf_Zone.Identifier.9.dr String found in binary or memory: https://policies.google.com/
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/)
Source: Current Session.0.dr String found in binary or memory: https://policies.google.com/?hl=en
Source: History.0.dr String found in binary or memory: https://policies.google.com/?hl=enPrivacy
Source: History-journal.0.dr String found in binary or memory: https://policies.google.com/Privacy
Source: History.0.dr String found in binary or memory: https://policies.google.com/https://policies.google.com/terms?hl=enhttps://policies.google.com/terms
Source: AcroRd32.exe, 0000000B.00000003.312599352.000000000D243000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/privacy
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/privacy)
Source: Current Session.0.dr String found in binary or memory: https://policies.google.com/privacy?hl=en
Source: Current Session.0.dr String found in binary or memory: https://policies.google.com/privacy?hl=en)Privacy
Source: History Provider Cache.0.dr String found in binary or memory: https://policies.google.com/privacy?hl=en2-Privacy
Source: History-journal.0.dr String found in binary or memory: https://policies.google.com/privacy?hl=enPrivacy
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-affiliates
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-affiliates)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-business-user
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-business-user)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-consumer
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-consumer)
Source: AcroRd32.exe, 0000000B.00000003.563967088.000000000D117000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-consumer5
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-consumer;
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-copyright
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-copyright)
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-eu-platform-to-business)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-indemnify
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-indemnify)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-indemnifyS
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-indemnifyc
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-intellectual-property-rights)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-liability
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-liability)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-liabilitya
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-organization
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-organization)
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-organizationg
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-services
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-services)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-services0
Source: AcroRd32.exe, 0000000B.00000002.638750804.0000000009519000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-servicesB
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-servicesC
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-servicesd
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-servicesj
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-warranty
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-warranty)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-warranty-
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp, AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-your-content
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#footnote-your-content)
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-your-contentJ
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-your-contentZ
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#footnote-your-contentm
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-content)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#toc-permission
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-permission)
Source: AcroRd32.exe, 0000000B.00000003.312599352.000000000D243000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#toc-problems
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-problems)
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-purpose)
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-removing)
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms#toc-service-related-comm
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-service-related-comm)
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-warranty)
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-what-we-expect)
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms#toc-what-you-expect)
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms/archive)
Source: AcroRd32.exe, 0000000B.00000003.560900915.000000000B847000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms/information-requests
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms/information-requests)
Source: AcroRd32.exe, 0000000B.00000003.313428310.000000000D0B8000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms/service-specific
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://policies.google.com/terms/service-specific)
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms/service-specificf
Source: AcroRd32.exe, 0000000B.00000003.563967088.000000000D117000.00000004.00000001.sdmp String found in binary or memory: https://policies.google.com/terms/service-specifict
Source: 000003.log7.0.dr String found in binary or memory: https://policies.google.com/terms?hl=en
Source: 000003.log7.0.dr String found in binary or memory: https://policies.google.com/terms?hl=en0
Source: 000003.log7.0.dr String found in binary or memory: https://policies.google.com/terms?hl=en0BJ
Source: Current Session.0.dr String found in binary or memory: https://policies.google.com/terms?hl=en2Google
Source: Current Session.0.dr String found in binary or memory: https://policies.google.com/terms?hl=en4
Source: History-journal.0.dr String found in binary or memory: https://policies.google.com/terms?hl=enGoogle
Source: Current Session.0.dr String found in binary or memory: https://policies.google.comh
Source: 30f34755fdaaef11_0.0.dr String found in binary or memory: https://prismic.io/
Source: fb2866bb3b0b87e7_0.0.dr String found in binary or memory: https://prismic.io/4
Source: bb7f022b781424ad_0.0.dr String found in binary or memory: https://prismic.io/f
Source: AcroRd32.exe, 0000000B.00000003.313485230.000000000D08F000.00000004.00000001.sdmp String found in binary or memory: https://safety.google/
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://safety.google/)
Source: manifest.json1.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 033041f4d52a27a8_0.0.dr String found in binary or memory: https://script.hotjar.com/modules.12f7375208c548a9407a.js
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: 0301da6c6587c074_0.0.dr, 4b7107e010a9e346_0.0.dr, 64a91c691595d7b3_0.0.dr, 5e0207de1a6d50b8_0.0.dr String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en.NllmGE6QfHM.O/am=B0BRhgUFAGEAAOAA
Source: Favicons-journal.0.dr String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: Favicons-journal.0.dr String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico2
Source: 483052252a8d3ed9_0.0.dr String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://static.cdn.prismic.io/
Source: 91474fec5988c193_0.0.dr String found in binary or memory: https://static.cdn.prismic.io/prismic.min.js
Source: 0447ea93db317085_0.0.dr String found in binary or memory: https://static.hotjar.com/c/hotjar-565550.js?sv=5
Source: 2cc80dabc69f58b6_0.0.dr, Network Action Predictor-journal.0.dr String found in binary or memory: https://static.milanote.com/
Source: 84aaa7145897956c_0.0.dr String found in binary or memory: https://static.milanote.com/autotrack.custom.js
Source: cc327d5bc93629cf_0.0.dr String found in binary or memory: https://static.milanote.com/default~workspace~board-preview-7a2e52bcccbf-modern.js
Source: 7e43b93c9f1f9530_0.0.dr String found in binary or memory: https://static.milanote.com/icons-light-large-de24cc8ce060-modern.js
Source: a96cdc9fcd78794f_0.0.dr String found in binary or memory: https://static.milanote.com/icons-light-medium-c57a53361db3-modern.js
Source: 17dc95475a6002b5_0.0.dr String found in binary or memory: https://static.milanote.com/icons-light-small-cf8ec91f5bc3-modern.js
Source: dc4b015a6a731f0a_0.0.dr String found in binary or memory: https://static.milanote.com/main-fe2c6e4ecb00-modern.js
Source: fd76199d31eb74e2_0.0.dr String found in binary or memory: https://static.milanote.com/manifest-649a4672e495-modern.js
Source: c08ee2f5e7f70cc4_0.0.dr String found in binary or memory: https://static.milanote.com/scripts-f62219e567d3aa753a87.js
Source: a6b4ffe7bcb7cf64_0.0.dr String found in binary or memory: https://static.milanote.com/shortcuts-5c266c1ccc3e-modern.js
Source: 0407b3ae67cd00bd_0.0.dr String found in binary or memory: https://static.milanote.com/vendor-40b8ab6b3936-modern.js
Source: 18b74565d095aa82_0.0.dr String found in binary or memory: https://static.milanote.com/workspace-1981a238f450-modern.js
Source: 4cb013792b196a35_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1
Source: 000003.log3.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-cacheable-response.prod.js
Source: 000003.log3.0.dr, ba23d8ecda68de77_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-core.prod.js
Source: ba23d8ecda68de77_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-core.prod.jsaD
Source: 000003.log3.0.dr, f1cdccba37924bda_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-routing.prod.js
Source: f1cdccba37924bda_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-routing.prod.jsaD
Source: 000003.log3.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-strategies.prod.js
Source: 67a473248953641b_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-strategies.prod.jsa
Source: 67a473248953641b_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-strategies.prod.jsaD
Source: 2cc80dabc69f58b6_0.0.dr, 000003.log3.0.dr, 2cc80dabc69f58b6_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-sw.js
Source: 4cb013792b196a35_1.0.dr String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/6.1.1/workbox-sw.jsaD
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://support.google.com/accounts/answer/1350409
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://support.google.com/accounts/answer/1350409)
Source: AcroRd32.exe, 0000000B.00000002.639108493.00000000096EA000.00000004.00000001.sdmp String found in binary or memory: https://support.google.com/accounts/answer/27441
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://support.google.com/accounts/answer/27441)
Source: AcroRd32.exe, 0000000B.00000002.638750804.0000000009519000.00000004.00000001.sdmp String found in binary or memory: https://support.google.com/accounts/answer/40695
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://support.google.com/accounts/answer/40695)
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://support.google.com/legal/answer/3110420)
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://support.google.com/legal/topic/4558877)
Source: AcroRd32.exe, 0000000B.00000003.312599352.000000000D243000.00000004.00000001.sdmp String found in binary or memory: https://takeout.google.com/settings/takeout
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://takeout.google.com/settings/takeout)
Source: AcroRd32.exe, 0000000B.00000003.309597311.000000000B7FC000.00000004.00000001.sdmp String found in binary or memory: https://transparencyreport.google.com/
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://transparencyreport.google.com/)
Source: Current Session.0.dr String found in binary or memory: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: AcroRd32.exe, 0000000B.00000002.638180104.0000000008C1D000.00000002.00000001.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: 1154c6710157da27_0.0.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: a537aed7a826e6a4_0.0.dr String found in binary or memory: https://www.google-analytics.com/gtm/js?id=GTM-WXRF9DG&cid=1956978501.1623419210
Source: Current Session.0.dr String found in binary or memory: https://www.google.ch/intl/en/about/products
Source: History-journal.0.dr String found in binary or memory: https://www.google.ch/intl/en/about/productsBrowse
Source: 000003.log4.0.dr String found in binary or memory: https://www.google.com
Source: manifest.json1.0.dr, 000003.log0.0.dr String found in binary or memory: https://www.google.com/
Source: AcroRd32.exe, 0000000B.00000002.638964939.0000000009634000.00000004.00000001.sdmp, google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://www.google.com/about/philosophy.html)
Source: AcroRd32.exe, 0000000B.00000003.313485230.000000000D08F000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/contact
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://www.google.com/contact)
Source: AcroRd32.exe, 0000000B.00000003.313485230.000000000D08F000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/contactt
Source: Favicons.0.dr String found in binary or memory: https://www.google.com/favicon.ico
Source: Favicons.0.dr String found in binary or memory: https://www.google.com/favicon.ico$
Source: Current Session.0.dr String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: Current Session.0.dr String found in binary or memory: https://www.google.com/intl/en/policies/privacy/&=
Source: History Provider Cache.0.dr String found in binary or memory: https://www.google.com/intl/en/policies/privacy/2-Privacy
Source: History-journal.0.dr String found in binary or memory: https://www.google.com/intl/en/policies/privacy/Privacy
Source: Current Session.0.dr String found in binary or memory: https://www.google.com/intl/en/policies/privacy/t3U
Source: Current Session.0.dr String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: History-journal.0.dr String found in binary or memory: https://www.google.com/intl/en/policies/terms/Google
Source: 9c4b2fb8ecb85057_0.0.dr String found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.js
Source: AcroRd32.exe, 0000000B.00000003.309597311.000000000B7FC000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/permissions
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://www.google.com/permissions)
Source: AcroRd32.exe, 0000000B.00000003.309597311.000000000B7FC000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/permissionsl
Source: Current Session.0.dr String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfxB4YUAAAAAAxC0Q484syBzM15bjN01XS9m1Uw&co=aHR0
Source: AcroRd32.exe, 0000000B.00000003.312599352.000000000D243000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/tools/feedback
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr String found in binary or memory: https://www.google.com/tools/feedback)
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: cf6f6ee08e2f7a7b_0.0.dr String found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: c65b84782648633b_0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: edc9c59cf26da793_0.0.dr String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-54XWBQ4
Source: 588e6311b9075013_0.0.dr String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WQZB4J
Source: dad43fa2-186b-493b-b205-32f442bf5d80.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://www.gstatic.com/
Source: 86692d4c426afd61_0.0.dr String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5
Source: a2c2b9d9a8196f25_0.0.dr, 70f3e0500aa4a1d7_0.0.dr, ed2289f19713d927_0.0.dr String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.pWi_f_o0gHU.
Source: 1d9307e50ef6b7b0_0.0.dr String found in binary or memory: https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js
Source: ef573254f07aabf4_0.0.dr String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: 4739ef39d3645e5f_0.0.dr String found in binary or memory: https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js
Source: b8c3df9b5168fca9_0.0.dr String found in binary or memory: https://www.gstatic.com/external_hosted/picturefill/picturefill.min.js
Source: 346866bbe969e451_0.0.dr String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: 4379a46c1df8bb34_0.0.dr String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: 4379a46c1df8bb34_0.0.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: 4379a46c1df8bb34_0.0.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: c6406bd93370392e_0.0.dr String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_d
Source: 4379a46c1df8bb34_0.0.dr String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_dnp
Source: 000003.log7.0.dr, google_terms_of_service_en_eu.pdf_Zone.Identifier.9.dr, History.0.dr String found in binary or memory: https://www.gstatic.com/policies/terms/pdf/20200331/ba461e2f/google_terms_of_service_en_eu.pdf
Source: 0688fad751c19b35_0.0.dr, 5278677776ece701_0.0.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: Current Session.0.dr String found in binary or memory: https://www.milanote.com/
Source: History-journal.0.dr String found in binary or memory: https://www.milanote.com/Milanote
Source: 000003.log4.0.dr String found in binary or memory: https://www.youtube-nocookie.com
Source: Current Session.0.dr String found in binary or memory: https://www.youtube-nocookie.com#
Source: 000003.log0.0.dr String found in binary or memory: https://www.youtube-nocookie.com/
Source: Current Session.0.dr String found in binary or memory: https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.0.dr String found in binary or memory: https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.0.dr String found in binary or memory: https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.0.dr String found in binary or memory: https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: 9ac3e6f186f955f7_0.0.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/a0094ae9/fetch-polyfill.vflset/fetch-polyfill.js
Source: 9f42ab8d058b5044_0.0.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/a0094ae9/player_ias.vflset/en_US/base.js
Source: 31f82312ae6d6e09_0.0.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/a0094ae9/player_ias.vflset/en_US/remote.js
Source: 5475fd3affd1e56d_0.0.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/a0094ae9/www-embed-player.vflset/www-embed-player.js
Source: 31f82312ae6d6e09_0.0.dr, ef573254f07aabf4_0.0.dr, 9f42ab8d058b5044_0.0.dr String found in binary or memory: https://youtube-nocookie.com/
Source: 5475fd3affd1e56d_0.0.dr String found in binary or memory: https://youtube-nocookie.com/u
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50182
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50190
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50193
Source: unknown Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown Network traffic detected: HTTP traffic on port 50182 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50192 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50190 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50157 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown Network traffic detected: HTTP traffic on port 50101 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown HTTPS traffic detected: 34.198.55.140:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.217.196.79:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.217.196.79:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.198.55.140:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 99.83.219.81:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.170.0.145:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.208:443 -> 192.168.2.3:49873 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.208:443 -> 192.168.2.3:49874 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.92.196:443 -> 192.168.2.3:49879 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.55.94.115:443 -> 192.168.2.3:49886 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.55.94.115:443 -> 192.168.2.3:49887 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.3:49893 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.244.42.5:443 -> 192.168.2.3:49898 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.215.205.165:443 -> 192.168.2.3:49894 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.215.205.165:443 -> 192.168.2.3:49895 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.99.118:443 -> 192.168.2.3:49909 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.99.113:443 -> 192.168.2.3:49924 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.55.94.115:443 -> 192.168.2.3:49928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.244.42.67:443 -> 192.168.2.3:49943 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.3:49996 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.3:49997 version: TLS 1.2
Source: classification engine Classification label: mal56.win@76/421@47/36
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://www.google.com/tools/feedback
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://www.google.com/contact
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-what-you-expect
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://www.google.com/permissions
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-intellectual-property-rights
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-indemnify
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://safety.google/
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-what-we-expect
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://support.google.com/legal/topic/4558877
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://myaccount.google.com/security-checkup
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-eu-platform-to-business
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://support.google.com/accounts/answer/40695
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://support.google.com/accounts/answer/1350409
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-problems
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-service-related-comm
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms/service-specific
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://www.google.com/about/philosophy.html
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://takeout.google.com/settings/takeout
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://transparencyreport.google.com/
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-copyright
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://about.google/intl/en_IE/how-our-business-works
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://eur-lex.europa.eu/legal-content/en/txt/?uri=celex%3a32011l0083
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://about.google/intl/en_ie/how-our-business-works
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-permission
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://ec.europa.eu/consumers/odr/main/index.cfm
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms/information-requests
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-your-content
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-warranty
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-liability
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://adssettings.google.com/
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://support.google.com/legal/answer/3110420
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://myaccount.google.com/
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-affiliates
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-consumer
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://support.google.com/accounts/answer/27441
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-warranty
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-purpose
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-content
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/privacy
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms/archive
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-services
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-organization
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32011L0083
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#footnote-business-user
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://google.com/contact
Source: google_terms_of_service_en_eu.pdf.crdownload.0.dr Initial sample: https://policies.google.com/terms#toc-removing
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60C36945-6C8.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\07224c7e-6fad-4796-989e-5f2606cae160.tmp Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File read: C:\Program Files (x86)\desktop.ini Jump to behavior
Source: QuotaManager.0.dr Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://app.milanote.com/1LQWMe1tFoGL1X?p=oGL1dCkr1ut'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,11621764212539941692,4938375941718598832,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1508,11621764212539941692,4938375941718598832,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=6728 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1508,11621764212539941692,4938375941718598832,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=6740 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1508,11621764212539941692,4938375941718598832,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=3156 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Downloads\google_terms_of_service_en_eu.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Downloads\google_terms_of_service_en_eu.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1688,10530306713486204241,2167271992676285589,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16344355117710085358 --mojo-platform-channel-handle=1708 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1688,10530306713486204241,2167271992676285589,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17060473708032021879 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17060473708032021879 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1688,10530306713486204241,2167271992676285589,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2108192486941613496 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2108192486941613496 --renderer-client-id=4 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1688,10530306713486204241,2167271992676285589,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=11960134190916244897 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11960134190916244897 --renderer-client-id=5 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,11621764212539941692,4938375941718598832,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1508,11621764212539941692,4938375941718598832,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=6728 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1508,11621764212539941692,4938375941718598832,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=6740 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1508,11621764212539941692,4938375941718598832,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=3156 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Downloads\google_terms_of_service_en_eu.pdf' Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Downloads\google_terms_of_service_en_eu.pdf' Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1688,10530306713486204241,2167271992676285589,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16344355117710085358 --mojo-platform-channel-handle=1708 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1688,10530306713486204241,2167271992676285589,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17060473708032021879 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17060473708032021879 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1688,10530306713486204241,2167271992676285589,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2108192486941613496 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2108192486941613496 --renderer-client-id=4 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1688,10530306713486204241,2167271992676285589,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=11960134190916244897 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11960134190916244897 --renderer-client-id=5 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe File opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfg Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File opened: C:\Windows\SysWOW64\Msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior

Persistence and Installation Behavior:

barindex
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\google_terms_of_service_en_eu.pdf.crdownload Jump to dropped file
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Anti Debugging:

barindex
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Code function: 11_2_05122110 LdrInitializeThunk, 11_2_05122110
Source: AcroRd32.exe, 0000000B.00000002.632806859.00000000059D0000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: AcroRd32.exe, 0000000B.00000002.632806859.00000000059D0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 0000000B.00000002.632806859.00000000059D0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: AcroRd32.exe, 0000000B.00000002.632806859.00000000059D0000.00000002.00000001.sdmp Binary or memory string: Progmanlock
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs