Edit tour

Windows Analysis Report
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web

Overview

General Information

Sample URL:	https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Analysis ID:	876168
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5288 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5508 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070

Source: classification engine

Classification label: clean0.win@29/40@14/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/lcreport/	0%	URL Reputation	safe
http://www.bohemiancoding.com/sketch	0%	URL Reputation	safe
http://www.bohemiancoding.com/sketch/ns	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
blobcomments-pa.clients6.google.com	142.250.203.106	true	false	high
accounts.google.com	172.217.168.45	true	false	high
plus.l.google.com	172.217.168.78	true	false	high
play.google.com	142.250.203.110	true	false	high
drive.google.com	172.217.168.14	true	false	high
www.google.com	142.250.203.100	true	false	high
clients.l.google.com	216.58.215.238	true	false	high
peoplestackwebexperiments-pa.clients6.google.com	216.58.215.234	true	false	high
googlehosted.l.googleusercontent.com	216.58.215.225	true	false	high
clients2.google.com	unknown	unknown	false	high
lh3.googleusercontent.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://apis.google.com/js/googleapis.proxy.js?onload=startup	false	high
https://drive.google.com/open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph	false	high
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_1	false	high
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/docos/p/sync?resourcekey&id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&reqid=0	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0?le=scs	false	high
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0	false	high
https://play.google.com/log?format=json&hasfast=true	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_open	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://drive.google.com/viewer2/prod-03/archive?ck=drive&ds=APznzaasIqez7CAZvd1AzdJZuQm7sAdnJFT4Z0_CBcEG2R0grRTcX1ow_i5lRsOx8Pwjj7KZ-wouRSRinrMEdiAe5R_1DNYrcKb8QFVhEBPcz_cMH29r1n_hnU8oOGhog0cddqJ_jHVH7evVvIZJvgAKAiSLfhKf3JE8uTLEpLxqnh5T-lqQm3phfEU0Ruothy555pIaKxoXlj3onLbT8dfeR8MIbNRoeqVyzbpFWx9BV1ui0FpEE8OZ-xkCGDqoQUnrvFgQJ_pb8xuzUQH6t2HmKnwZpckBi2tOBcehcwGSMafk5Z1lyc6q2nEI1KibcVn4ZnldI005nJrb_LhYxOXFCFfAj75WifM8jhamuJ_hMbkTgG6wic4lD32CBifJkJJ4oKIE1hCY&authuser=0&page=0	false	high
https://drive.google.com/viewer2/prod-03/archive?ck=drive&ds=APznzaZ4EnWmVlJt_JumJy33reBjJaVafEoqWavi_7pl0Gz0VsIk1PIJDEos8ZDf7dkGBiBsRZL_dKEfhJpvuv7cep5A0kCpuAGl6K6FyarLPhVXAO2p_uPsnnf_GkouiT__PKNuVQFJfh-dkxBGAIx6lOz5QJFQgv_CIlKD-GbFKhd-lm3U-RX_OPqqIPkYrxM6knd8S2_ux__co0pWYzcBB3CbRNT90t4XZkLgXiv4kl1FIo8cBA2HvnCw-K88ylE2fb9m3FqbaiMQtE0xKaLMJrumvGBM5MDWcQYleBYsJWziLdDpGZf96WCzoiPHZZohCOnfcfiJftbwY7I7jbeWq3_pwi6MsZQkXOM1g6u5Ns3FpZKEFsWWnelKaASry6bbENn-o3PW&authuser=0&page=0	false	high
https://lh3.googleusercontent.com/a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://signaler-staging.sandbox.google.com	chromecache_150.1.dr	false		high
http://www.broofa.com	chromecache_176.1.dr, chromecache_150.1.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://apis.google.com/js/client.js	chromecache_166.1.dr, chromecache_150.1.dr	false		high
https://feedback2-test.corp.googleusercontent.com/tools/feedback/%	chromecache_166.1.dr	false		high
https://apis.google.com/js/googleapis.proxy.js	chromecache_155.1.dr	false		high
https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1	chromecache_155.1.dr	false		high
https://support.google.com/drive/answer/2423485?hl=%s	chromecache_150.1.dr	false		high
https://onepick-autopush.sandbox.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://www.youtube.com	chromecache_150.1.dr	false		high
https://support.google.com/drive/answer/2407404?hl=en	chromecache_150.1.dr	false		high
https://pay.google.com/gp/v/widget/save	chromecache_155.1.dr	false		high
https://workspace.google.com	chromecache_150.1.dr	false		high
https://onepick-staging.sandbox.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://support.google.com/docs/answer/49114	chromecache_150.1.dr	false		high
https://support.google.com/drive/answer/2423694	chromecache_150.1.dr	false		high
https://support.google.com/google-workspace-individual/?p=esignature_signer_terms	chromecache_150.1.dr	false		high
https://drive-thirdparty.googleusercontent.com/	chromecache_150.1.dr	false		high
https://content-googleapis-test.sandbox.google.com	chromecache_166.1.dr	false		high
https://www.google.com/shopping/customerreviews/optin?usegapi=1	chromecache_155.1.dr	false		high
https://onepick-preprod.sandbox.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://developers.google.com/	chromecache_182.1.dr	false		high
https://onepick-staging-drivequal.sandbox.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://developers.google.com/identity/gsi/web/guides/gis-migration)	chromecache_182.1.dr	false		high
https://www.google.com/tools/feedback	chromecache_166.1.dr, chromecache_150.1.dr	false		high
https://sandbox.google.com/inapp/%	chromecache_166.1.dr	false		high
https://www.google.com/recaptcha/api.js?trustedtypes=true	chromecache_150.1.dr	false		high
https://apis.google.com/js/api.js	chromecache_156.1.dr, chromecache_150.1.dr	false		high
https://docs.google.com/picker	chromecache_150.1.dr	false		high
https://www.youtube.com/subscribe_embed?usegapi=1	chromecache_155.1.dr	false		high
https://feedback2-test.corp.google.com/tools/feedback/%	chromecache_166.1.dr	false		high
https://punctual-dev.corp.google.com	chromecache_150.1.dr	false		high
https://plus.google.com	chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://clients5.google.com/webstore/wall/widget	chromecache_150.1.dr	false		high
https://sandbox.google.com/tools/feedback/%	chromecache_166.1.dr	false		high
https://content-googleapis-staging.sandbox.google.com	chromecache_166.1.dr	false		high
https://support.google.com/drive/answer/7650301	chromecache_150.1.dr	false		high
https://play.google.com/work/embedded/search?usegapi=1&usegapi=1	chromecache_155.1.dr	false		high
https://drive.google.com/requestreview?id=	chromecache_150.1.dr	false		high
https://drive.google.com/drive/my-drive	chromecache_150.1.dr	false		high
https://fonts.google.com/license/googlerestricted	chromecache_147.1.dr	false		high
https://clients6.google.com	chromecache_166.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://accounts.google.com/o/oauth2/iframe	chromecache_182.1.dr, chromecache_155.1.dr	false		high
https://clients5.google.com	chromecache_150.1.dr	false		high
https://www.google.com/log?format=json&hasfast=true	chromecache_176.1.dr, chromecache_150.1.dr	false		high
https://console.developers.google.com/	chromecache_182.1.dr	false		high
https://signaler-pa.youtube.com	chromecache_150.1.dr	false		high
https://support.google.com/docs/answer/65129?hl=en-GB	chromecache_156.1.dr	false		high
https://support.google.com/inapp/%	chromecache_166.1.dr	false		high
https://accounts.google.com/o/oauth2/postmessageRelay	chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://drivemetadata.clients6.google.com	chromecache_150.1.dr	false		high
https://support.google.com/docs/answer/148505	chromecache_150.1.dr	false		high
https://support.google.com/	chromecache_166.1.dr, chromecache_150.1.dr	false		high
https://support.google.com/docs/answer/37603	chromecache_150.1.dr	false		high
https://www.google.com/shopping/customerreviews/badge?usegapi=1	chromecache_155.1.dr	false		high
https://csp.withgoogle.com/csp/lcreport/	chromecache_182.1.dr	false	URL Reputation: safe	unknown
https://drive.google.com/savetodrivebutton?usegapi=1	chromecache_155.1.dr	false		high
https://scone-pa.clients6.google.com	chromecache_166.1.dr	false		high
https://lh3.googleusercontent.com/a/default-user	chromecache_156.1.dr	false		high
https://accounts.google.com/o/oauth2/auth	chromecache_182.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://developers.google.com/api-client-library/javascript/reference/referencedocs	chromecache_182.1.dr	false		high
https://apis.google.com	chromecache_155.1.dr	false		high
https://domains.google.com/suggest/flow	chromecache_146.1.dr, chromecache_154.1.dr	false		high
https://apps-drive-picker-dev.corp.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://feedback2-test.corp.google.com/inapp/%	chromecache_166.1.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	chromecache_150.1.dr	false		high
https://signaler-pa.clients6.google.com	chromecache_150.1.dr	false		high
https://classroom.google.com/sharewidget?usegapi=1	chromecache_155.1.dr	false		high
https://support.google.com/docs/answer/65129	chromecache_156.1.dr	false		high
http://www.bohemiancoding.com/sketch	chromecache_163.1.dr, chromecache_177.1.dr	false	URL Reputation: safe	unknown
https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html	chromecache_182.1.dr	false		high
https://feedback2-test.corp.googleusercontent.com/inapp/%	chromecache_166.1.dr	false		high
https://drive.google.com/viewer	chromecache_150.1.dr	false		high
http://www.bohemiancoding.com/sketch/ns	chromecache_163.1.dr, chromecache_177.1.dr	false	URL Reputation: safe	unknown
https://www.google.cn/tools/feedback/%	chromecache_166.1.dr	false		high
https://www.google.com/tools/feedback/help_panel_binary.js	chromecache_166.1.dr	false		high
http://creativecommons.org/ns#	chromecache_163.1.dr, chromecache_177.1.dr	false		high
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_150.1.dr	false		high
https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1	chromecache_155.1.dr	false		high
https://test-scone-pa-googleapis.sandbox.google.com	chromecache_166.1.dr	false		high
https://support.google.com/docs?p=comments_guide	chromecache_156.1.dr	false		high
https://talkgadget.google.com/:session_prefix:talkgadget/_/widget	chromecache_155.1.dr	false		high
https://drive.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://www.google.com/tools/feedback/%	chromecache_166.1.dr	false		high
https://families.google.com/webcreation?usegapi=1&usegapi=1	chromecache_155.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.215.238	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.203.100	www.google.com	United States	15169	GOOGLEUS	false
216.58.215.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.203.110	play.google.com	United States	15169	GOOGLEUS	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
172.217.168.78	plus.l.google.com	United States	15169	GOOGLEUS	false
172.217.168.14	drive.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	876168
Start date and time:	2023-05-26 11:51:24 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@29/40@14/9
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://drive.google.com/open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe
Excluded IPs from analysis (whitelisted): 172.217.168.3, 34.104.35.123, 172.217.168.74, 142.250.203.99, 172.217.168.67, 142.250.203.106, 216.58.215.234, 172.217.168.10, 172.217.168.42
Excluded domains from analysis (whitelisted): fonts.googleapis.com, ssl.gstatic.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, content.googleapis.com, update.googleapis.com, clientservices.googleapis.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1530)
Category:	downloaded
Size (bytes):	114695
Entropy (8bit):	5.503626315759982
Encrypted:	false
SSDEEP:	3072:qpyvjFWER3DPbjh7f19c3cMGvMIoOZoYbgJ:UyT3DJmGvHoYbgJ
MD5:	74C0C2DCC8511894F3FCA6F0F98BFDA5
SHA1:	C3364A29B9380734073CEC8551F517C1BB173CEA
SHA-256:	5862AB09D5DB3D464EB0341AB9011DA490352223B6A02FB5F23216E15C092230
SHA-512:	87E99AB5C6A6E181FC8CA910C1F5A711D6A5AC8AF9F4A1A817F43A20B47DA31068FE70FEDD900E5DC8D5687ED324E4FED39931A8B6C5331FF25DFBE6A08898E2
Malicious:	false
Reputation:	low
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;.var ea,ia,ja,ka,la,qa,Aa;_.ca=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ea=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ia="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ja=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ka=ja(this);la=function(a,b){if(b)a:{var c=ka;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ia(c,a,{configurable:!0,writable:!0,value:b})}};.la("Symbol",function(a){if(a)return a;var b=function(f,h){this.OT=f;ia(this,"description",{configurable:!0,writable:!0,value:h})};b.p

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /js/googleapis.proxy.js?onload=startup HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /viewer2/prod-03/archive?ck=drive&ds=APznzaasIqez7CAZvd1AzdJZuQm7sAdnJFT4Z0_CBcEG2R0grRTcX1ow_i5lRsOx8Pwjj7KZ-wouRSRinrMEdiAe5R_1DNYrcKb8QFVhEBPcz_cMH29r1n_hnU8oOGhog0cddqJ_jHVH7evVvIZJvgAKAiSLfhKf3JE8uTLEpLxqnh5T-lqQm3phfEU0Ruothy555pIaKxoXlj3onLbT8dfeR8MIbNRoeqVyzbpFWx9BV1ui0FpEE8OZ-xkCGDqoQUnrvFgQJ_pb8xuzUQH6t2HmKnwZpckBi2tOBcehcwGSMafk5Z1lyc6q2nEI1KibcVn4ZnldI005nJrb_LhYxOXFCFfAj75WifM8jhamuJ_hMbkTgG6wic4lD32CBifJkJJ4oKIE1hCY&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiSocsBCIurzAEI7bvMAQjMvMwBCLLBzAEIxcHMAQjWwcwBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uc?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&export=download HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_open HTTP/1.1Host: drive.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /js/googleapis.proxy.js?onload=startup HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7wIf-None-Match: "f0b6cd303d5059ac"
Source: global traffic	HTTP traffic detected: GET /viewer2/prod-03/archive?ck=drive&ds=APznzaZ4EnWmVlJt_JumJy33reBjJaVafEoqWavi_7pl0Gz0VsIk1PIJDEos8ZDf7dkGBiBsRZL_dKEfhJpvuv7cep5A0kCpuAGl6K6FyarLPhVXAO2p_uPsnnf_GkouiT__PKNuVQFJfh-dkxBGAIx6lOz5QJFQgv_CIlKD-GbFKhd-lm3U-RX_OPqqIPkYrxM6knd8S2_ux__co0pWYzcBB3CbRNT90t4XZkLgXiv4kl1FIo8cBA2HvnCw-K88ylE2fb9m3FqbaiMQtE0xKaLMJrumvGBM5MDWcQYleBYsJWziLdDpGZf96WCzoiPHZZohCOnfcfiJftbwY7I7jbeWq3_pwi6MsZQkXOM1g6u5Ns3FpZKEFsWWnelKaASry6bbENn-o3PW&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w

Source: chromecache_155.1.dr	String found in binary or memory: disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}, equals www.youtube.com (Youtube)
Source: chromecache_150.1.dr	String found in binary or memory: var C$a=function(a){return sh(function(){return RF(a,B$a,GKa)},function(b,c){(void 0===c\|\|500>c)&&b.cancel()},function(b,c){(void 0===c\|\|500>c)&&b.cancel()}).then()},D$a=function(a,b){b.then(function(){a.za=2;for(var c=p(a.C),d=c.next();!d.done;d=c.next())d.value.Vb.resolve();a.C.splice(0,a.C.length)},function(){var c=a.C.shift();c?(D$a(a,c.promise),c.Vb.resolve()):a.za=0})};var E$a=function(a){A.call(this);this.D=a;a=J(this.D);var b=I(a,zF,48)\|\|new zF;this.C=new Ei(H(b,6,"AIzaSyDVQw45DwoYh632gvsP5vPDqEKvb-Ywnb8"),jj(a)\|\|"0",H(b,7,"https://workspacevideo-pa.googleapis.com"),void 0,!0,void 0,!0,void 0,void 0);this.C.init();this.ia(this.C)};Q(E$a,A);var MN=function(a){xJ.call(this,a.ca());this.O=a};Q(MN,xJ);MN.prototype.D=function(){return"onYouTubeIframeAPIReady"};MN.prototype.J=function(){var a=I(J(this.O),zF,48)\|\|new zF;return Tr(H(a,1,"https://www.youtube.com"),"iframe_api")};MN.prototype.C=function(){return Tk("YT.Player",Ui(this.ca()))};var F$a=function(a,b){EN.call(this,a,b)};Q(F$a,EN);h=F$a.prototype;h.Zj=function(){return 0};h.isPlayable=function(){return!0};h.vj=function(){if(this.Oc){var a=oia(Kc(this.Oc));a=this.Oc[a]}return a\|\|H(this.C,3,"")\|\|window.location.protocol+"//i.ytimg.com/vi/"+this.eo()+"/mqdefault.jpg"};h.eo=function(){return aj(this.uri,"v")}; equals www.youtube.com (Youtube)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: chromecache_163.1.dr, chromecache_177.1.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_182.1.dr, chromecache_150.1.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: chromecache_150.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_163.1.dr, chromecache_177.1.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: chromecache_163.1.dr, chromecache_177.1.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch/ns
Source: chromecache_176.1.dr, chromecache_150.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_182.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_182.1.dr, chromecache_155.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_155.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_156.1.dr, chromecache_150.1.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_166.1.dr, chromecache_150.1.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_155.1.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js
Source: chromecache_171.1.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: chromecache_150.1.dr	String found in binary or memory: https://apps-drive-picker-dev.corp.google.com/picker/minpick/main
Source: chromecache_155.1.dr	String found in binary or memory: https://classroom.google.com/sharewidget?usegapi=1
Source: chromecache_155.1.dr	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1
Source: chromecache_150.1.dr	String found in binary or memory: https://clients5.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://clients5.google.com/webstore/wall/widget
Source: chromecache_166.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_182.1.dr	String found in binary or memory: https://console.developers.google.com/
Source: chromecache_166.1.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_166.1.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_146.1.dr, chromecache_182.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_182.1.dr, chromecache_150.1.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: chromecache_182.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_155.1.dr	String found in binary or memory: https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1
Source: chromecache_182.1.dr	String found in binary or memory: https://developers.google.com/
Source: chromecache_182.1.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: chromecache_182.1.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/gis-migration)
Source: chromecache_182.1.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: chromecache_150.1.dr	String found in binary or memory: https://docs.google.com/picker
Source: chromecache_146.1.dr, chromecache_154.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_150.1.dr	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/
Source: chromecache_150.1.dr	String found in binary or memory: https://drive.google.com/drive/my-drive
Source: chromecache_150.1.dr	String found in binary or memory: https://drive.google.com/picker/minpick/main
Source: chromecache_150.1.dr	String found in binary or memory: https://drive.google.com/requestreview?id=
Source: chromecache_155.1.dr	String found in binary or memory: https://drive.google.com/savetodrivebutton?usegapi=1
Source: chromecache_150.1.dr	String found in binary or memory: https://drive.google.com/viewer
Source: chromecache_150.1.dr	String found in binary or memory: https://drivemetadata.clients6.google.com
Source: chromecache_155.1.dr	String found in binary or memory: https://families.google.com/webcreation?usegapi=1&usegapi=1
Source: chromecache_166.1.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_166.1.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_166.1.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_166.1.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_147.1.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_156.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/e/notoemoji/
Source: chromecache_147.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_150.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialiconsfilled/close/v19/gm_grey200-24dp/1x/gm_filled_close
Source: chromecache_166.1.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_166.1.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/%
Source: chromecache_156.1.dr	String found in binary or memory: https://lh3.googleusercontent.com/a/default-user
Source: chromecache_150.1.dr	String found in binary or memory: https://onepick-autopush.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.dr	String found in binary or memory: https://onepick-preprod.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.dr	String found in binary or memory: https://onepick-staging-drivequal.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.dr	String found in binary or memory: https://onepick-staging.sandbox.google.com/picker/minpick/main
Source: chromecache_155.1.dr	String found in binary or memory: https://pay.google.com/gp/v/widget/save
Source: chromecache_150.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_155.1.dr	String found in binary or memory: https://play.google.com/work/embedded/search?usegapi=1&usegapi=1
Source: chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_150.1.dr	String found in binary or memory: https://punctual-dev.corp.google.com
Source: chromecache_166.1.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_166.1.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_166.1.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://signaler-pa.clients6.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://signaler-pa.googleapis.com
Source: chromecache_150.1.dr	String found in binary or memory: https://signaler-pa.youtube.com
Source: chromecache_150.1.dr	String found in binary or memory: https://signaler-staging.sandbox.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://ssl.gstatic.com/docs/common/cleardot.gif
Source: chromecache_150.1.dr	String found in binary or memory: https://ssl.gstatic.com/docs/doclist/images/icon_10_generic_list.png
Source: chromecache_182.1.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: chromecache_166.1.dr	String found in binary or memory: https://ssl.gstatic.com/guidedhelp/runtime/guide_inproduct.js
Source: chromecache_166.1.dr	String found in binary or memory: https://ssl.gstatic.com/guidedhelp/runtime_staging/guided_help.js
Source: chromecache_155.1.dr	String found in binary or memory: https://ssl.gstatic.com/microscope/embed/
Source: chromecache_166.1.dr, chromecache_150.1.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/docs/answer/37603
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/docs/answer/49114
Source: chromecache_156.1.dr	String found in binary or memory: https://support.google.com/docs/answer/65129
Source: chromecache_156.1.dr	String found in binary or memory: https://support.google.com/docs/answer/65129?hl=en-GB
Source: chromecache_156.1.dr	String found in binary or memory: https://support.google.com/docs?p=comments_guide
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/drive/answer/2407404?hl=en
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/drive/answer/2423485?hl=%s
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/drive/answer/2423694
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/drive/answer/7650301
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_signer_terms
Source: chromecache_166.1.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_155.1.dr	String found in binary or memory: https://talkgadget.google.com/:session_prefix:talkgadget/_/widget
Source: chromecache_166.1.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_150.1.dr	String found in binary or memory: https://workspace.google.com
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_150.1.dr	String found in binary or memory: https://workspacevideo-pa.googleapis.com
Source: chromecache_166.1.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_176.1.dr, chromecache_150.1.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_150.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true
Source: chromecache_155.1.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/badge?usegapi=1
Source: chromecache_155.1.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/optin?usegapi=1
Source: chromecache_166.1.dr, chromecache_150.1.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_166.1.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_166.1.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_182.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: chromecache_154.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_154.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_176.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_176.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: chromecache_176.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_155.1.dr	String found in binary or memory: https://www.gstatic.com/partners/badge/templates/badge.html?usegapi=1
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_email_address_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_name_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_copy_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_cut_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/email_copy_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/info_outline_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/phone_copy_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/visibility_off_grey200.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_email_address_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_name_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_copy_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_cut_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/domain_disabled_grey900.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/email_copy_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/info_outline_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/phone_copy_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/visibility_off_grey700.svg
Source: chromecache_150.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_166.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_166.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/%
Source: chromecache_150.1.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_155.1.dr	String found in binary or memory: https://www.youtube.com/subscribe_embed?usegapi=1

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 26, 2023 11:52:17.776421070 CEST	62910	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:17.777230024 CEST	63863	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:17.799540997 CEST	53	62910	8.8.8.8	192.168.2.6
May 26, 2023 11:52:17.805440903 CEST	53	63863	8.8.8.8	192.168.2.6
May 26, 2023 11:52:19.328315020 CEST	54903	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:19.370168924 CEST	53	54903	8.8.8.8	192.168.2.6
May 26, 2023 11:52:20.704629898 CEST	53943	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:20.732867956 CEST	53	53943	8.8.8.8	192.168.2.6
May 26, 2023 11:52:20.965207100 CEST	56086	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:20.980113029 CEST	53	56086	8.8.8.8	192.168.2.6
May 26, 2023 11:52:21.499419928 CEST	62520	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:21.532278061 CEST	53	62520	8.8.8.8	192.168.2.6
May 26, 2023 11:52:21.662101984 CEST	55629	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:21.685375929 CEST	53	55629	8.8.8.8	192.168.2.6
May 26, 2023 11:52:21.696335077 CEST	52079	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:21.719547987 CEST	53	52079	8.8.8.8	192.168.2.6
May 26, 2023 11:52:45.333854914 CEST	55956	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:45.353858948 CEST	53	55956	8.8.8.8	192.168.2.6
May 26, 2023 11:52:46.886775017 CEST	61089	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:46.906850100 CEST	53	61089	8.8.8.8	192.168.2.6
May 26, 2023 11:53:21.308495998 CEST	51362	53	192.168.2.6	8.8.8.8
May 26, 2023 11:53:21.336286068 CEST	53	51362	8.8.8.8	192.168.2.6
May 26, 2023 11:53:21.727843046 CEST	59965	53	192.168.2.6	8.8.8.8
May 26, 2023 11:53:21.742500067 CEST	53	59965	8.8.8.8	192.168.2.6
May 26, 2023 11:54:21.787348986 CEST	57054	53	192.168.2.6	8.8.8.8
May 26, 2023 11:54:21.802145958 CEST	53	57054	8.8.8.8	192.168.2.6
May 26, 2023 11:54:21.805433035 CEST	64638	53	192.168.2.6	8.8.8.8
May 26, 2023 11:54:21.828772068 CEST	53	64638	8.8.8.8	192.168.2.6

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:18 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
2023-05-26 09:52:18 UTC	0	OUT	Data Raw: 20 Data Ascii:
2023-05-26 09:52:18 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 May 2023 09:52:18 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-0A2aDAj4MfXSyY3woQELJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:18 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-05-26 09:52:18 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:18 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.81 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-26 09:52:18 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-FzPAEWe0UmajRXwS7xofZA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 May 2023 09:52:18 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5989 X-Daystart: 10338 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:18 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 38 39 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 30 33 33 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5989" elapsed_seconds="10338"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-05-26 09:52:18 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-05-26 09:52:18 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:45 UTC	496	OUT	GET /viewer2/prod-03/archive?ck=drive&ds=APznzaasIqez7CAZvd1AzdJZuQm7sAdnJFT4Z0_CBcEG2R0grRTcX1ow_i5lRsOx8Pwjj7KZ-wouRSRinrMEdiAe5R_1DNYrcKb8QFVhEBPcz_cMH29r1n_hnU8oOGhog0cddqJ_jHVH7evVvIZJvgAKAiSLfhKf3JE8uTLEpLxqnh5T-lqQm3phfEU0Ruothy555pIaKxoXlj3onLbT8dfeR8MIbNRoeqVyzbpFWx9BV1ui0FpEE8OZ-xkCGDqoQUnrvFgQJ_pb8xuzUQH6t2HmKnwZpckBi2tOBcehcwGSMafk5Z1lyc6q2nEI1KibcVn4ZnldI005nJrb_LhYxOXFCFfAj75WifM8jhamuJ_hMbkTgG6wic4lD32CBifJkJJ4oKIE1hCY&authuser=0&page=0 HTTP/1.1 Host: drive.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:52:46 UTC	507	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 May 2023 09:52:46 GMT Content-Disposition: attachment; filename="json.txt"; filename=UTF-8''json.txt Strict-Transport-Security: max-age=31536000 Cross-Origin-Embedder-Policy-Report-Only: require-corp; report-to="AppsViewerFrontendHttp" Report-To: {"group":"AppsViewerFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AppsViewerFrontendHttp"}]} Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version= Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AppsViewerFrontendHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-rZ4sP148JCj4byRhTvk9Xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AppsViewerFrontendHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AppsViewerFrontendHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:46 UTC	509	IN	Data Raw: 31 31 0d 0a 29 5d 7d 27 0a 7b 22 62 63 6f 64 65 22 3a 33 32 7d 0d 0a Data Ascii: 11)]}'{"bcode":32}
2023-05-26 09:52:46 UTC	509	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:45 UTC	498	OUT	GET /a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64 HTTP/1.1 Host: lh3.googleusercontent.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-26 09:52:45 UTC	499	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Vary: Origin Access-Control-Allow-Origin: * Timing-Allow-Origin: * Access-Control-Expose-Headers: Content-Length ETag: "v7" Expires: Sat, 27 May 2023 09:52:45 GMT Cache-Control: public, max-age=86400, no-transform Content-Disposition: inline;filename="unnamed.jpg" X-Content-Type-Options: nosniff Date: Fri, 26 May 2023 09:52:45 GMT Server: fife Content-Length: 3652 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-05-26 09:52:45 UTC	499	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff e1 00 be 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 04 00 31 01 02 00 07 00 00 00 3e 00 00 00 3b 01 02 00 07 00 00 00 45 00 00 00 98 82 02 00 21 00 00 00 4c 00 00 00 69 87 04 00 01 00 00 00 6e 00 00 00 00 00 00 00 47 6f 6f 67 6c 65 00 43 6f 72 62 69 73 00 c2 a9 20 43 6f 72 62 69 73 2e 20 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 00 00 03 00 00 90 07 00 04 00 00 00 30 32 32 30 01 a0 03 00 01 00 00 00 01 00 00 00 05 a0 04 00 01 00 00 00 98 00 00 00 00 00 00 00 02 00 01 00 02 00 04 00 00 00 52 39 38 00 02 00 07 00 04 00 00 00 30 31 30 30 00 00 00 00 ff e1 02 5f 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 Data Ascii: JFIFExifII*1>;E!LinGoogleCorbis Corbis. All Rights Reserved.0220R980100_http://ns.adobe.com/xap/1.0/<?xpacket
2023-05-26 09:52:45 UTC	500	IN	Data Raw: 20 3c 2f 72 64 66 3a 53 65 71 3e 20 3c 2f 64 63 3a 63 72 65 61 74 6f 72 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 20 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 77 22 3f 3e ff db 00 84 00 03 02 02 03 02 0d 03 03 03 03 04 03 03 10 0d 08 0f 05 04 04 05 0f 0f 10 06 0d 10 0f 0e 0f 0b 10 0e 0d 0e 10 0f 0f 0e 0f 0a 0e 0e 10 0f 10 10 10 0b 10 0f 0f 0f 0b 0d 0e 10 0d 0f 0e 0d 0f 0d 0f 01 03 04 04 06 05 06 0a 06 06 0a 11 0e 0b 0d 11 0e 0f 12 10 0e 10 0f 0f 10 0e 0f 0f 10 0e 0f 10 0f 10 0f 0f 15 0e 0f 0d 0f 0f 0f 0f 0d 0f 10 0d 10 10 10 10 10 0f 10 0d 10 12 0f 0e 0d 0f 0d 0d 0f ff c0 00 11 08 00 40 00 40 03 01 11 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 Data Ascii: </rdf:Seq> </dc:creator> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>@@
2023-05-26 09:52:45 UTC	501	IN	Data Raw: ca 59 69 61 2c 03 88 9c c9 6e 1a 5f 58 26 e3 5b cd b6 ea 28 52 1c e4 b7 da ce d2 77 32 95 13 1a 7b a9 1a 9e b3 3b 9c 67 29 12 b4 3f e7 11 f5 31 a1 9e 1f f3 91 8b 6b 3d da 9d 2c b5 48 c9 6f 9d ca 21 c5 87 20 a7 b4 a2 23 72 60 89 92 7c 86 13 35 24 cd 24 eb ec 20 a5 86 40 81 4b 4f 15 54 70 9f 32 b1 15 3c a7 94 52 a7 b3 a4 ea b4 29 4b 4c 91 dc a5 ce a7 5d 67 17 b4 55 33 24 ad 28 40 70 54 82 46 5d c2 08 63 c3 8b eb 10 ab a8 e5 cf 96 a5 4c 2c c9 58 07 40 b4 90 ab 79 79 40 df 18 7a 51 aa e2 d5 fa c6 ba e8 d5 5d 48 00 36 14 92 03 40 12 62 04 f5 24 ee 4f 8e 9a 6f 95 57 32 77 7d 0d e3 f6 8e 77 2a 9a 4d 30 22 54 c1 e5 f7 10 12 be 2c 74 43 41 24 22 4e 65 f4 f1 f3 c5 1a 29 80 bc 5b cd ae 51 2c d6 86 1f e3 46 28 73 9a 8a b6 e9 99 d3 f1 1d 54 0f a7 5c 3a 9a 72 ae e8 24 Data Ascii: Yia,n_X&[(Rw2{;g)?1k=,Ho! #r`\|5$$ @KOTp2<R)KL]gU3$(@pTF]cL,X@yy@zQ]H6@b$OoW2w}w*M0"T,tCA$"Ne)[Q,F(sT\:r$
2023-05-26 09:52:45 UTC	502	IN	Data Raw: 39 cc d4 4c 98 a2 b9 48 ea 19 9f 9f 06 f3 3d 44 2d 8b b5 d6 d2 54 dd 45 0b 0e d4 69 96 99 2d 11 96 0f 7a 52 4a 81 e8 49 f3 99 07 0a 32 a5 ac 3a 54 5b 57 1e ec d0 c2 26 cf 4a b0 ad 00 9f fa b2 81 f4 05 ff 00 33 8b 43 c4 8e a6 43 ad 84 d4 82 4a 15 4d 5b 2d f9 84 84 a5 24 eb ac 92 09 12 41 9d 22 09 00 9b 64 6d 74 b2 bc cb 9f 28 b2 35 25 03 b4 19 42 e0 a5 6e 9b f2 0c 0f 8b 8e 4f 11 51 7f ab ab 53 39 d6 ba a8 d5 0d ad b0 b4 a0 f7 84 41 4a 63 60 42 74 1a 0e ec 2d 54 e9 48 36 67 d0 b1 3e 36 27 ce 19 4d 5a 96 a0 e4 a9 b5 18 80 e8 18 81 d5 ad 12 68 af 3f f9 26 86 de 8a 9a b9 d1 de 61 2b 98 85 14 6b d8 1d f9 40 03 36 f2 ac 32 b9 06 e5 6b 61 a3 32 7c 78 ab c4 b9 6e 51 29 15 68 2c 25 ca 0a 56 ae 4a 89 66 25 37 64 8d 58 00 1f 53 12 ee 7c 47 ea 94 bc d2 d7 4b 6c f7 9b Data Ascii: 9LH=D-TEi-zRJI2:T[W&J3CCJM[-$A"dmt(5%BnOQS9AJc`Bt-TH6g>6'MZh?&a+k@62ka2\|xnQ)h,%VJf%7dXS\|GKl

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:46 UTC	509	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 2486 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:52:46 UTC	511	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 30 2c 30 5d 5d 5d 2c 31 38 39 2c 5b 5b 22 31 36 38 35 31 32 37 31 36 36 35 33 30 22 2c 6e 75 6c 6c 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 5b 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 36 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,0,0]]],189,[["1685127166530",null,[],null,null,null,null,"[[[null,null,16,null,[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
2023-05-26 09:52:46 UTC	515	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://drive.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 May 2023 09:52:46 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:46 UTC	516	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2023-05-26 09:52:46 UTC	516	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	13175
Entropy (8bit):	5.592164369000966
Encrypted:	false
SSDEEP:	192:o9XnWVG9yf1HwiqWzHk9s8JV5a101cbiNJzc29euvVf47G1OViTvzOr:CO5LMxjxbfvtk
MD5:	057322E1547A7C64ACE48E17502DD9B7
SHA1:	A3DC7D3745978E3421347E46223BBA9C2B513115
SHA-256:	3D7644E531AF0ACFA2E8A51057464362F2144E4A0742409CCEA03799E7016AB8
SHA-512:	2A0B56AB56AD03CFDD7D10AB67FABEE1CB584723A11C36D5EDA1B30832AE2DA1399EF8CBFCEC86076B60EFAC43EFAA286CDF6B61D90B245A03F31993F574520D
Malicious:	false
Reputation:	low
URL:	"https://fonts.googleapis.com/css?family=Google+Sans_old:300,400,500,700"
Preview:	/. See: https://fonts.google.com/license/googlerestricted. /./ armenian /.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPiIUvaYr.woff2) format('woff2');. unicode-range: U+0308, U+0530-058F, U+2010, U+2024, U+25CC, U+FB13-FB17;.}./ cyrillic /.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ devanagari */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjMUvaYr.woff2) format('woff2');. unicode-range: U+0900-097F, U+1CD0-1CF9, U+200C-200

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (585)
Category:	downloaded
Size (bytes):	1357470
Entropy (8bit):	5.571831016968806
Encrypted:	false
SSDEEP:	12288:MX0Av3U/CxM4IVs6GdENhFi2c1Sn7307N7Yb7Jbkbwt7FY:jA24As6GaNXi2c1I307N7YbNQkI
MD5:	0289DA937E282A20FF8EA61574917C4A
SHA1:	7467F7093BE9E29142AF3A6D06F518EB3F586FE8
SHA-256:	1F183975B70B6BBF53ECC3B2400F266A0C41EE0B2D579EA1A5A88D9CE96F529F
SHA-512:	EFBCE5EACD1012E0DA35FCF4868B35802950F7C69661C54FCB4458A2869855A14D019B47A64B56BC41BAAC0725DC044132D8F7B419703F3262A30FF23A5056D2
Malicious:	false
Reputation:	low
URL:	"https://www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.en_GB.9qdjxbpIjH4.O/am=AAAC/d=1/rs=AO0039tRi3xSxgh5nYQ8l2yLn0fJCJAQgg/m=v,wb"
Preview:	try{./.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2011 Google LLC.. SPDX-License-Identifier: Apache-2.0././... Copyright (c) 2015-2018 Google, Inc., Netflix, Inc., Microsoft Corp. and contributors.. Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. See the License for the specific language governing permissions and. limitations under the License.././. SPDX-License-Identifier: Apache-2.0 /./. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././*.. SPDX-Li

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, software=Google], baseline, precision 8, 64x64, components 3
Category:	dropped
Size (bytes):	3652
Entropy (8bit):	7.6849645750973625
Encrypted:	false
SSDEEP:	48:02E4knNrH7uhTnFUF7P2gqTrYUHKcdJ/eXBDQT5fL0HJN5Hs5ivlkuKRyFl:3knNTahRK7PLqT8UH3KBD45f6vDlkuZ
MD5:	2C5D279433276B451E100C464D4A10A3
SHA1:	90BBC2F1FCF5407EFE7561E9937F7D6F16C26DD7
SHA-256:	18B09260BEA886FF56F294EFF842E2DB3F3B8ED4A5562FD97C78C16F555E000B
SHA-512:	7F60B8330E20CFCB0B3471497AD14BF7AFEDDA649B621C53F00630A737ADF21360E29916EF28DD981E0674B4DF1493962B1CDB7DCBF509CB5D167F81D6CD54AC
Malicious:	false
Reputation:	low
Preview:	......JFIF..............Exif..II*.......1.......>...;.......E.......!...L...i.......n.......Google.Corbis.. Corbis. All Rights Reserved.............0220......................................R98.........0100......._http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.5.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmp:CreatorTool="Google"> <dc:rights> <rdf:Alt> <rdf:li xml:lang="x-default">. Corbis. All Rights Reserved.</rdf:li> </rdf:Alt> </dc:rights> <dc:creator> <rdf:Seq> <rdf:li>Corbis</rdf:li> </rdf:Seq> </dc:creator> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>............................................................................................................................................@.@....................................

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1594
Entropy (8bit):	7.862952554761723
Encrypted:	false
SSDEEP:	24:M5DhErRsW6OTfolVFt/qRyFQCB0RxgawoIqH4B36zPiX9/YhtdHft7:M5dIWGbofFBq+GR2eITI6sf9
MD5:	C66F20F2E39EB2F6A0A4CDBE0D955E5F
SHA1:	575EF086CE461E0EF83662E3ACB3C1A789EBB0A8
SHA-256:	2AB9CD0FFDDDF7BF060620AE328FE626BFA2C004739ADEDB74EC894FAF9BEE31
SHA-512:	B9C44A2113FB078D83E968DC0AF2E78995BB6DD4CA25ABFF31E9AB180849C5DE3036B69931CCA295AC64155D5B168B634E35B7699F3FE65D4A30E9058A2639BD
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....IDATX.WkLSg.....65..A-f....lOk..."2..f[T...9.3q.q.....CnaKX.4.A/\D.l....m1qY....~ik+..F.i..;.A..,.<.NN......~..B..1.f..V....7....?.R..<.r3./...d.....A..h....S.......W^...`...0.......?_M...L.....`M.V.muG.$.e.J+.~Y........B.g?aF.+..M1..[.1. .?2O ...n.y.......XuQ.H. ...A.....+.....b..D..D.y......E.....M o4....R.w..b;`...R..#.\.t.%..]..[....%X<.L.Eo5Umm?..F.Oa1...W`uU:..L<..k..C....7a..1../QD3..U.D.l.T.5H......4...v......=t.."D?b.Pr.~....d#.Q.R.......)9'F/B. ....U.k'...p.!..J...O4.J.)G./"9.6.)@....4.h.(B2I.fB...AD.........7eK.%.O$gP.v.... y.t"9.E...h[...z{.C..[....7.......4......-....X......tJ...a.y....o<P..."..H\MI(Y....Y..A.,.D.$6B..`.Y..B......y..q.m..ci..,F.w......^h&.t...Y.]/......H...d<..cl.c...6N4..8FI....h%.[&u....cd.L.\|...M......."n...&.....d.'t:...c5..{~/7E.(`.`...>V7.RXS.k%..9...l....eRm...%..i...~.@.B..?.".../.v.0.@.c{.(.^w.=....:t=.>........V..}P..`...}.!u..k...p.ye...6.'..,.....Y..........

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:46 UTC	517	OUT	POST /file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/docos/p/sync?resourcekey&id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&reqid=0 HTTP/1.1 Host: drive.google.com Connection: keep-alive Content-Length: 77 X-Build: apps-fileview.texmex_20230518.01_p0 X-Same-Domain: 1 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:52:46 UTC	518	OUT	Data Raw: 70 3d 25 35 42 25 35 42 25 35 44 25 32 43 6e 75 6c 6c 25 32 43 6e 75 6c 6c 25 32 43 6e 75 6c 6c 25 32 43 25 32 32 31 41 61 75 37 41 7a 61 31 4b 64 66 5f 49 59 4c 55 69 54 5f 33 43 4c 75 4c 45 41 59 35 71 64 70 68 25 32 32 25 35 44 Data Ascii: p=%5B%5B%5D%2Cnull%2Cnull%2Cnull%2C%221Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph%22%5D
2023-05-26 09:52:47 UTC	518	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 X-Robots-Tag: noindex, nofollow, nosnippet Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 May 2023 09:52:47 GMT Content-Disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:47 UTC	519	IN	Data Raw: 35 36 0d 0a 29 5d 7d 27 0a 0a 5b 5b 22 73 72 22 2c 5b 5d 2c 31 36 38 35 30 39 34 31 36 37 31 32 34 5d 2c 5b 22 64 69 22 2c 34 39 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5d 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5d 2c 5b 5d 2c 5b 5d 5d 5d 0d 0a Data Ascii: 56)]}'[["sr",[],1685094167124],["di",49,null,null,null,null,[],[],null,null,[],[],[]]]
2023-05-26 09:52:47 UTC	519	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:56 UTC	519	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 825 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:52:56 UTC	520	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 30 2c 30 5d 5d 5d 2c 31 32 35 30 2c 5b 5b 22 31 36 38 35 31 32 37 31 36 36 36 35 37 22 2c 6e 75 6c 6c 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 6e 75 6c 6c 2c 5c 22 33 33 75 31 79 77 36 38 32 76 5c 22 2c 33 30 30 2c 31 2c 30 2c 33 2c 31 5d 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 32 35 32 30 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5d 2c 31 2c 6e 75 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,0,0]]],1250,[["1685127166657",null,[],null,null,null,null,"[null,\"33u1yw682v\",300,1,0,3,1]",null,null,null,null,null,null,25200,null,null,null,null,[],1,nu
2023-05-26 09:52:57 UTC	522	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://drive.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 May 2023 09:52:57 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:57 UTC	523	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2023-05-26 09:52:57 UTC	523	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:57 UTC	524	OUT	GET /uc?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&export=download HTTP/1.1 Host: drive.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:52:58 UTC	525	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 May 2023 09:52:58 GMT Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'report-sample' 'nonce-Nd157iizDpoItgylIEqxeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:58 UTC	526	IN	Data Raw: 38 64 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 47 6f 6f 67 6c 65 20 44 72 69 76 65 20 2d 20 56 69 72 75 73 20 73 63 61 6e 20 77 61 72 6e 69 6e 67 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 63 47 57 43 34 74 7a 41 71 6d 51 2d 37 43 56 5a 45 54 76 70 67 22 3e 2e 67 6f 6f 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a Data Ascii: 8df<!DOCTYPE html><html><head><title>Google Drive - Virus scan warning</title><meta http-equiv="content-type" content="text/html; charset=utf-8"/><style nonce="kcGWC4tzAqmQ-7CVZETvpg">.goog-inline-block{position:relative;display:-moz-inline-box;display:
2023-05-26 09:52:58 UTC	528	IN	Data Raw: 69 76 20 69 64 3d 22 75 63 2d 74 65 78 74 22 3e 3c 70 20 63 6c 61 73 73 3d 22 75 63 2d 77 61 72 6e 69 6e 67 2d 63 61 70 74 69 6f 6e 22 3e 47 6f 6f 67 6c 65 20 44 72 69 76 65 20 63 61 6e 27 74 20 73 63 61 6e 20 74 68 69 73 20 66 69 6c 65 20 66 6f 72 20 76 69 72 75 73 65 73 2e 3c 2f 70 3e 3c 70 20 63 6c 61 73 73 3d 22 75 63 2d 77 61 72 6e 69 6e 67 2d 73 75 62 63 61 70 74 69 6f 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 75 63 2d 6e 61 6d 65 2d 73 69 7a 65 22 3e 3c 61 20 68 72 65 66 3d 22 2f 6f 70 65 6e 3f 69 64 3d 31 41 61 75 37 41 7a 61 31 4b 64 66 5f 49 59 4c 55 69 54 5f 33 43 4c 75 4c 45 41 59 35 71 64 70 68 22 3e 53 42 33 32 2e 7a 69 70 3c 2f 61 3e 20 28 31 31 32 4d 29 3c 2f 73 70 61 6e 3e 20 69 73 20 74 6f 6f 20 6c 61 72 67 65 20 66 6f 72 20 47 6f Data Ascii: iv id="uc-text"><p class="uc-warning-caption">Google Drive can't scan this file for viruses.</p><p class="uc-warning-subcaption"><span class="uc-name-size"><a href="/open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph">SB32.zip</a> (112M)</span> is too large for Go
2023-05-26 09:52:58 UTC	529	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:53:08 UTC	529	OUT	GET /open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph HTTP/1.1 Host: drive.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "104.0.5112.81" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "6.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:53:08 UTC	530	IN	HTTP/1.1 307 Temporary Redirect Content-Type: application/binary Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 May 2023 09:53:08 GMT Location: https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_open Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: unsafe-none Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveOpenHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-F8WaZQd_lizDVhS_hKquKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveOpenHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveOpenHttp/cspreport/allowlist Cross-Origin-Resource-Policy: same-site Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:53:09 UTC	599	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 699 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:53:09 UTC	601	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 30 2c 30 5d 5d 5d 2c 31 38 39 2c 5b 5b 22 31 36 38 35 31 32 37 31 38 39 33 30 30 22 2c 6e 75 6c 6c 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 5b 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 2c 31 36 38 35 31 32 37 31 38 39 32 39 38 30 30 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 31 36 38 35 31 32 37 31 38 39 32 39 38 30 30 30 5d 2c 6e 75 6c 6c 2c 31 5d 2c 6e 75 6c 6c 2c 37 31 36 2c 6e 75 6c 6c 2c 31 2c 31 5d 5d 2c 5b 5c 22 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,0,0]]],189,[["1685127189300",null,[],null,null,null,null,"[[[null,null,1,1685127189298000,null,null,null,[[1685127189298000],null,1],null,716,null,1,1]],[\"0
2023-05-26 09:53:09 UTC	601	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://drive.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 May 2023 09:53:09 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:53:09 UTC	602	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2023-05-26 09:53:09 UTC	602	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:53:10 UTC	606	OUT	GET /js/googleapis.proxy.js?onload=startup HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://content.googleapis.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w If-None-Match: "f0b6cd303d5059ac"
2023-05-26 09:53:10 UTC	607	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript Access-Control-Allow-Origin: * Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team" Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]} Timing-Allow-Origin: * Content-Length: 17605 Date: Fri, 26 May 2023 09:53:10 GMT Expires: Fri, 26 May 2023 09:53:10 GMT Cache-Control: private, max-age=1800, stale-while-revalidate=1800 ETag: "118deba8d8aa404b" X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-05-26 09:53:10 UTC	608	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 2c 67 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c Data Ascii: (function(){var da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},g="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.val
2023-05-26 09:53:10 UTC	608	IN	Data Raw: 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 67 6c 6f 62 61 6c 20 6f 62 6a 65 63 74 22 29 3b 0a 7d 2c 66 61 3d 65 61 28 74 68 69 73 29 2c 68 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 63 3d 66 61 3b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 2d 31 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 61 5b 64 5d 3b 69 66 28 21 28 65 20 69 6e 20 63 29 29 62 72 65 61 6b 20 61 3b 63 3d 63 5b 65 5d 7d 61 3d 61 5b 61 2e 6c 65 6e Data Ascii: obal];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},fa=ea(this),h=function(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.len
2023-05-26 09:53:10 UTC	609	IN	Data Raw: 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 68 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 64 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 Data Ascii: lue for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regular expression");return a+""};h("String.prototype.endsWith",function(a){return a?a:funct
2023-05-26 09:53:10 UTC	611	IN	Data Raw: 70 69 2e 46 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 6e 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 70 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 31 45 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3e 3e 3e 30 29 2c 6b 61 3d 30 2c 6c 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 7d 63 2e 70 72 6f 74 6f 74 79 70 65 3d 62 2e 70 72 6f 74 6f 74 79 70 65 3b 61 2e 48 3d 62 2e 70 72 6f 74 6f 74 79 70 65 3b 61 2e 70 72 6f 74 6f 74 79 70 65 Data Ascii: pi.F=(new Date).getTime();/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0/var n=this\|\|self,p="closure_uid_"+(1E9Math.random()>>>0),ka=0,la=function(a,b){function c(){}c.prototype=b.prototype;a.H=b.prototype;a.prototype
2023-05-26 09:53:10 UTC	612	IN	Data Raw: 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 29 7d 3b 46 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 76 61 72 20 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 6c 65 76 65 6c 3d 6e 75 6c 6c 3b 74 68 69 73 2e 43 3d 5b 5d 3b 74 68 69 73 2e 70 61 72 65 6e 74 3d 28 76 6f 69 64 20 30 3d 3d 3d 62 3f 6e 75 6c 6c 3a 62 29 7c 7c 6e 75 6c 6c 3b 74 68 69 73 2e 63 68 69 6c 64 72 65 6e 3d 5b 5d 3b 74 68 69 73 2e 44 3d 7b 69 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 7d 7d 7d 2c 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 2e 6c 65 76 65 6c 29 72 65 74 75 72 6e 20 61 2e 6c 65 76 65 6c 3b 69 66 28 61 2e 70 61 72 65 6e 74 29 72 65 74 75 72 6e 20 72 61 28 61 2e 70 61 72 65 6e 74 Data Ascii: ,void 0,void 0)};F.prototype.reset=function(){};var qa=function(a,b){this.level=null;this.C=[];this.parent=(void 0===b?null:b)\|\|null;this.children=[];this.D={i:function(){return a}}},ra=function(a){if(a.level)return a.level;if(a.parent)return ra(a.parent
2023-05-26 09:53:10 UTC	613	IN	Data Raw: 64 65 5c 5d 2f 2c 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 61 5b 62 5d 3d 61 5b 62 5d 7c 7c 63 7d 2c 41 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 6f 72 74 28 29 3b 66 6f 72 28 76 61 72 20 62 3d 5b 5d 2c 63 3d 76 6f 69 64 20 30 2c 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 61 5b 64 5d 3b 65 21 3d 63 26 26 62 2e 70 75 73 68 28 65 29 3b 63 3d 65 7d 72 65 74 75 72 6e 20 62 7d 2c 4d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3b 69 66 28 28 61 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 29 26 26 79 61 2e 74 65 73 74 28 61 29 29 61 3d 61 28 6e 75 6c 6c 29 3b 65 6c 73 65 7b 61 3d 7b 7d 3b 66 6f 72 28 76 61 72 20 62 20 69 6e 20 61 29 61 5b 62 5d 3d 76 6f 69 64 20 30 7d 72 65 Data Ascii: de\]/,L=function(a,b,c){return a[b]=a[b]\|\|c},Aa=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},M=function(){var a;if((a=Object.create)&&ya.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}re
2023-05-26 09:53:10 UTC	614	IN	Data Raw: 73 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 20 69 6e 20 61 29 69 66 28 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 63 3f 51 5b 62 5d 3d 4c 28 51 2c 62 2c 5b 5d 29 2e 63 6f 6e 63 61 74 28 63 29 3a 4c 28 51 2c 62 2c 63 29 7d 69 66 28 62 3d 61 2e 75 29 61 3d 4c 28 51 2c 22 75 73 22 2c 5b 5d 29 2c 61 2e 70 75 73 68 28 62 29 2c 28 62 3d 2f 5e 68 74 74 70 73 3a 28 2e 2a 29 24 2f 2e 65 78 65 63 28 62 29 29 26 26 61 2e 70 75 73 68 28 22 68 74 74 70 3a 22 2b 62 5b 31 5d 29 7d 5d 29 3b 76 61 72 20 48 61 3d 2f 5e 28 5c 2f 5b 61 2d 7a 41 2d 5a 30 2d 39 5f 5c 2d 5d 2b 29 Data Ascii: sl",function(a){for(var b in a)if(Object.prototype.hasOwnProperty.call(a,b)){var c=a[b];"object"==typeof c?Q[b]=L(Q,b,[]).concat(c):L(Q,b,c)}if(b=a.u)a=L(Q,"us",[]),a.push(b),(b=/^https:(.*)$/.exec(b))&&a.push("http:"+b[1])}]);var Ha=/^(\/[a-zA-Z0-9_\-]+)
2023-05-26 09:53:10 UTC	616	IN	Data Raw: 70 6c 61 63 65 28 2f 25 32 46 2f 67 2c 22 2f 22 29 2c 22 2f 6b 3d 22 2c 65 28 61 2e 76 65 72 73 69 6f 6e 29 2c 22 2f 6d 3d 22 2c 65 28 62 29 2c 64 3f 22 2f 65 78 6d 3d 22 2b 65 28 64 29 3a 22 22 2c 22 2f 72 74 3d 6a 2f 73 76 3d 31 2f 64 3d 31 2f 65 64 3d 31 22 2c 61 2e 6a 3f 22 2f 61 6d 3d 22 2b 65 28 61 2e 6a 29 3a 22 22 2c 61 2e 76 3f 22 2f 72 73 3d 22 2b 65 28 61 2e 76 29 3a 22 22 2c 61 2e 41 3f 22 2f 74 3d 22 2b 65 28 61 2e 41 29 3a 22 22 2c 22 2f 63 62 3d 22 2c 65 28 63 29 5d 2e 6a 6f 69 6e 28 22 22 29 7d 2c 51 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 22 2f 22 21 3d 3d 61 2e 63 68 61 72 41 74 28 30 29 26 26 57 28 22 72 65 6c 61 74 69 76 65 20 70 61 74 68 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 61 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2e 73 70 6c 69 Data Ascii: place(/%2F/g,"/"),"/k=",e(a.version),"/m=",e(b),d?"/exm="+e(d):"","/rt=j/sv=1/d=1/ed=1",a.j?"/am="+e(a.j):"",a.v?"/rs="+e(a.v):"",a.A?"/t="+e(a.A):"","/cb=",e(c)].join("")},Qa=function(a){"/"!==a.charAt(0)&&W("relative path");for(var b=a.substring(1).spli
2023-05-26 09:53:10 UTC	617	IN	Data Raw: 41 2d 5a 61 2d 7a 5d 2b 3d 7b 30 2c 32 7d 24 2f 2c 55 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 5b 5d 2c 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 64 29 7b 76 61 72 20 65 3d 61 5b 64 5d 2c 66 3b 69 66 28 66 3d 65 29 7b 61 3a 7b 66 6f 72 28 66 3d 30 3b 66 3c 62 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 69 66 28 62 5b 66 5d 3d 3d 3d 65 29 62 72 65 61 6b 20 61 3b 66 3d 2d 31 7d 66 3d 30 3e 66 7d 66 26 26 63 2e 70 75 73 68 28 65 29 7d 72 65 74 75 72 6e 20 63 7d 2c 56 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 51 2e 6e 6f 6e 63 65 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 61 3f 61 26 26 61 3d 3d 3d 53 74 72 69 6e 67 28 61 29 26 26 61 2e 6d 61 74 63 68 28 54 61 29 3f 61 3a 51 2e 6e 6f 6e 63 65 3d 6e Data Ascii: A-Za-z]+={0,2}$/,Ua=function(a,b){for(var c=[],d=0;d<a.length;++d){var e=a[d],f;if(f=e){a:{for(f=0;f<b.length;f++)if(b[f]===e)break a;f=-1}f=0>f}f&&c.push(e)}return c},Va=function(){var a=Q.nonce;return void 0!==a?a&&a===String(a)&&a.match(Ta)?a:Q.nonce=n
2023-05-26 09:53:10 UTC	618	IN	Data Raw: 68 69 6e 74 22 29 3b 24 61 28 62 7c 7c 5b 5d 2c 63 2c 61 29 7d 2c 24 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 21 21 51 2e 67 6c 72 70 3b 61 3d 41 61 28 61 29 7c 7c 5b 5d 3b 76 61 72 20 65 3d 62 2e 63 61 6c 6c 62 61 63 6b 2c 66 3d 62 2e 63 6f 6e 66 69 67 2c 6b 3d 62 2e 74 69 6d 65 6f 75 74 2c 6d 3d 62 2e 6f 6e 74 69 6d 65 6f 75 74 2c 6c 3d 62 2e 6f 6e 65 72 72 6f 72 2c 71 3d 76 6f 69 64 20 30 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6c 26 26 28 71 3d 6c 29 3b 76 61 72 20 41 3d 6e 75 6c 6c 2c 61 61 3d 21 31 3b 69 66 28 6b 26 26 21 6d 7c 7c 21 6b 26 26 6d 29 74 68 72 6f 77 22 54 69 6d 65 6f 75 74 20 72 65 71 75 69 72 65 73 20 62 6f 74 68 20 74 68 65 20 74 69 6d 65 6f 75 74 20 70 61 72 61 6d 65 74 65 72 20 61 Data Ascii: hint");$a(b\|\|[],c,a)},$a=function(a,b,c){var d=!!Q.glrp;a=Aa(a)\|\|[];var e=b.callback,f=b.config,k=b.timeout,m=b.ontimeout,l=b.onerror,q=void 0;"function"==typeof l&&(q=l);var A=null,aa=!1;if(k&&!m\|\|!k&&m)throw"Timeout requires both the timeout parameter a
2023-05-26 09:53:10 UTC	619	IN	Data Raw: 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 61 2e 6d 65 73 73 61 67 65 29 7d 62 62 3d 63 62 3b 76 61 72 20 5a 3d 62 62 3b 76 61 72 20 59 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 51 2e 68 65 65 26 26 30 3c 51 2e 68 65 6c 29 74 72 79 7b 72 65 74 75 72 6e 20 61 28 29 7d 63 61 74 63 68 28 63 29 7b 62 26 26 62 28 63 29 2c 51 2e 68 65 6c 2d 2d 2c 61 62 28 22 64 65 62 75 67 5f 65 72 72 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 77 69 6e 64 6f 77 2e 5f 5f 5f 6a 73 6c 2e 68 65 66 6e 28 63 29 7d 63 61 74 63 68 28 64 29 7b 74 68 72 6f 77 20 63 3b 7d 7d 29 7d 65 6c 73 65 20 74 72 79 7b 72 65 74 75 72 6e 20 61 28 29 7d 63 61 74 63 68 28 63 29 7b 74 68 72 6f 77 20 62 26 26 62 28 63 29 2c 63 3b 7d 7d 3b 76 61 72 20 65 62 3d 50 2e 6c 6f 61 Data Ascii: .console.error(a.message)}bb=cb;var Z=bb;var Ya=function(a,b){if(Q.hee&&0<Q.hel)try{return a()}catch(c){b&&b(c),Q.hel--,ab("debug_error",function(){try{window.___jsl.hefn(c)}catch(d){throw c;}})}else try{return a()}catch(c){throw b&&b(c),c;}};var eb=P.loa
2023-05-26 09:53:10 UTC	620	IN	Data Raw: 67 6f 6f 67 6c 65 2e 63 6f 6d 22 7d 2c 69 6e 6c 69 6e 65 3a 7b 63 73 73 3a 31 7d 2c 0a 64 69 73 61 62 6c 65 52 65 61 6c 74 69 6d 65 43 61 6c 6c 62 61 63 6b 3a 21 31 2c 64 72 69 76 65 5f 73 68 61 72 65 3a 7b 73 6b 69 70 49 6e 69 74 43 6f 6d 6d 61 6e 64 3a 21 30 7d 2c 63 73 69 3a 7b 72 61 74 65 3a 2e 30 31 7d 2c 63 6c 69 65 6e 74 3a 7b 63 6f 72 73 3a 21 31 7d 2c 73 69 67 6e 49 6e 44 65 70 72 65 63 61 74 69 6f 6e 3a 7b 72 61 74 65 3a 30 7d 2c 69 6e 63 6c 75 64 65 5f 67 72 61 6e 74 65 64 5f 73 63 6f 70 65 73 3a 21 30 2c 6c 6c 61 6e 67 3a 22 65 6e 22 2c 69 66 72 61 6d 65 73 3a 7b 79 6f 75 74 75 62 65 3a 7b 70 61 72 61 6d 73 3a 7b 6c 6f 63 61 74 69 6f 6e 3a 5b 22 73 65 61 72 63 68 22 2c 22 68 61 73 68 22 5d 7d 2c 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 Data Ascii: google.com"},inline:{css:1},disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost
2023-05-26 09:53:10 UTC	622	IN	Data Raw: 6f 72 2e 63 6f 72 70 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 75 69 2f 77 69 64 67 65 74 76 69 65 77 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 73 75 72 76 65 79 6f 70 74 69 6e 3a 7b 75 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 68 6f 70 70 69 6e 67 2f 63 75 73 74 6f 6d 65 72 72 65 76 69 65 77 73 2f 6f 70 74 69 6e 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 73 68 6f 72 74 6c 69 73 74 73 3a 7b 75 72 6c 3a 22 22 7d 2c 68 61 6e 67 6f 75 74 3a 7b 75 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 74 61 6c 6b 67 61 64 67 65 74 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3a 73 65 73 73 Data Ascii: or.corp.google.com/:session_prefix:ui/widgetview?usegapi=1"},surveyoptin:{url:"https://www.google.com/shopping/customerreviews/optin?usegapi=1"},":socialhost:":"https://apis.google.com",shortlists:{url:""},hangout:{url:"https://talkgadget.google.com/:sess
2023-05-26 09:53:10 UTC	622	IN	Data Raw: 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 3a 69 6d 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 73 68 61 72 65 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 70 6c 75 73 6f 6e 65 3a 7b 70 61 72 61 6d 73 3a 7b 63 6f 75 6e 74 3a 22 22 2c 73 69 7a 65 3a 22 22 2c 75 72 6c 3a 22 22 7d 2c 0a 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 3a 73 65 3a 5f 2f 2b 31 2f 66 61 73 74 62 75 74 74 6f 6e 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 63 6f 6d 6d 65 6e 74 73 3a 7b 70 61 72 61 6d 73 3a 7b 6c 6f 63 61 74 69 6f 6e 3a 5b 22 73 65 61 72 63 68 22 2c 22 68 61 73 68 22 5d 7d 2c 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 Data Ascii: ssion_prefix::im_prefix:_/widget/render/share?usegapi=1"},plusone:{params:{count:"",size:"",url:""},url:":socialhost:/:session_prefix::se:_/+1/fastbutton?usegapi=1"},comments:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget
2023-05-26 09:53:10 UTC	624	IN	Data Raw: 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 62 61 64 67 65 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 66 61 6d 69 6c 79 5f 63 72 65 61 74 69 6f 6e 3a 7b 70 61 72 61 6d 73 3a 7b 75 72 6c 3a 22 22 7d 2c 75 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 66 61 6d 69 6c 69 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 77 65 62 63 72 65 61 74 69 6f 6e 3f 75 73 65 67 61 70 69 3d 31 26 75 73 65 67 61 70 69 3d 31 22 7d 2c 63 6f 6d 6d 65 6e 74 63 6f 75 6e 74 3a 7b 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 63 6f 6d 6d 65 6e 74 63 6f 75 6e 74 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 63 6f 6e 66 69 67 75 72 61 74 6f 72 3a 7b 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 Data Ascii: widget/render/badge?usegapi=1"},family_creation:{params:{url:""},url:"https://families.google.com/webcreation?usegapi=1&usegapi=1"},commentcount:{url:":socialhost:/:session_prefix:_/widget/render/commentcount?usegapi=1"},configurator:{url:":socialhost:/:s
2023-05-26 09:53:10 UTC	625	IN	Data Raw: 73 68 61 72 65 74 6f 63 6c 61 73 73 72 6f 6f 6d 20 73 68 6f 72 74 6c 69 73 74 73 20 73 69 67 6e 69 6e 32 20 73 75 72 76 65 79 6f 70 74 69 6e 20 76 69 73 69 62 69 6c 69 74 79 20 79 6f 75 74 75 62 65 20 79 74 73 75 62 73 63 72 69 62 65 20 7a 6f 6f 6d 61 62 6c 65 69 6d 61 67 65 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 0a 61 6e 6e 6f 74 61 74 69 6f 6e 3a 5b 22 69 6e 74 65 72 61 63 74 69 76 65 70 6f 73 74 22 2c 22 72 65 63 6f 62 61 72 22 2c 22 73 69 67 6e 69 6e 32 22 2c 22 61 75 74 6f 63 6f 6d 70 6c 65 74 65 22 5d 7d 7d 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 0a Data Ascii: sharetoclassroom shortlists signin2 surveyoptin visibility youtube ytsubscribe zoomableimage".split(" "),annotation:["interactivepost","recobar","signin2","autocomplete"]}});}).call(this);

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:53:11 UTC	637	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 473 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:53:11 UTC	638	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 31 2c 30 5d 5d 5d 2c 31 32 35 30 2c 5b 5b 22 31 36 38 35 31 32 37 31 39 30 36 35 30 22 2c 6e 75 6c 6c 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 6e 75 6c 6c 2c 5c 22 36 62 65 39 70 63 67 33 68 37 5c 22 2c 37 30 30 2c 31 2c 30 2c 33 2c 31 5d 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 32 35 32 30 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5d 2c 31 2c 6e 75 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,1,0]]],1250,[["1685127190650",null,[],null,null,null,null,"[null,\"6be9pcg3h7\",700,1,0,3,1]",null,null,null,null,null,null,25200,null,null,null,null,[],1,nu
2023-05-26 09:53:11 UTC	640	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://drive.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 May 2023 09:53:11 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:53:11 UTC	640	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2023-05-26 09:53:11 UTC	640	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:53:12 UTC	643	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1807 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:53:12 UTC	645	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 30 2c 30 5d 5d 5d 2c 31 38 39 2c 5b 5b 22 31 36 38 35 31 32 37 31 39 32 33 30 32 22 2c 6e 75 6c 6c 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 5b 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 37 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,0,0]]],189,[["1685127192302",null,[],null,null,null,null,"[[[null,null,17,null,[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
2023-05-26 09:53:12 UTC	646	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://drive.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 May 2023 09:53:12 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:53:12 UTC	647	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2023-05-26 09:53:12 UTC	647	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:53:21 UTC	647	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1855 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:53:21 UTC	648	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 30 2c 30 5d 5d 5d 2c 31 38 39 2c 5b 5b 22 31 36 38 35 31 32 37 32 30 31 30 37 34 22 2c 6e 75 6c 6c 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 5b 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 32 32 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,0,0]]],189,[["1685127201074",null,[],null,null,null,null,"[[[null,null,22,null,[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nu
2023-05-26 09:53:21 UTC	650	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://drive.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 May 2023 09:53:21 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:53:21 UTC	650	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2023-05-26 09:53:21 UTC	651	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:21 UTC	269	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 699 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:52:21 UTC	270	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 30 2c 30 5d 5d 5d 2c 31 38 39 2c 5b 5b 22 31 36 38 35 31 32 37 31 34 30 37 33 31 22 2c 6e 75 6c 6c 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 5b 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 2c 31 36 38 35 31 32 37 31 34 30 37 32 39 30 30 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 31 36 38 35 31 32 37 31 34 30 37 32 39 30 30 30 5d 2c 6e 75 6c 6c 2c 31 5d 2c 6e 75 6c 6c 2c 37 31 36 2c 6e 75 6c 6c 2c 31 2c 31 5d 5d 2c 5b 5c 22 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,0,0]]],189,[["1685127140731",null,[],null,null,null,null,"[[[null,null,1,1685127140729000,null,null,null,[[1685127140729000],null,1],null,716,null,1,1]],[\"0
2023-05-26 09:52:21 UTC	395	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://drive.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 May 2023 09:52:21 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:21 UTC	396	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2023-05-26 09:52:21 UTC	396	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Windows Analysis Report
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:21 UTC	400	OUT	GET /js/googleapis.proxy.js?onload=startup HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://content.googleapis.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:52:23 UTC	401	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript Access-Control-Allow-Origin: * Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team" Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]} Timing-Allow-Origin: * Content-Length: 18394 Date: Fri, 26 May 2023 09:52:23 GMT Expires: Fri, 26 May 2023 09:52:23 GMT Cache-Control: private, max-age=1800, stale-while-revalidate=1800 ETag: "f0b6cd303d5059ac" X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-05-26 09:52:23 UTC	402	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 2c 67 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c Data Ascii: (function(){var aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},g="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.val
2023-05-26 09:52:23 UTC	402	IN	Data Raw: 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 67 6c 6f 62 61 6c 20 6f 62 6a 65 63 74 22 29 3b 0a 7d 2c 66 61 3d 65 61 28 74 68 69 73 29 2c 68 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 63 3d 66 61 3b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 2d 31 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 61 5b 64 5d 3b 69 66 28 21 28 65 20 69 6e 20 63 29 29 62 72 65 61 6b 20 61 3b 63 3d 63 5b 65 5d 7d 61 3d 61 5b 61 2e 6c 65 6e Data Ascii: obal];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},fa=ea(this),h=function(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.len
2023-05-26 09:52:23 UTC	404	IN	Data Raw: 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 68 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 64 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 Data Ascii: lue for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regular expression");return a+""};h("String.prototype.endsWith",function(a){return a?a:funct
2023-05-26 09:52:23 UTC	405	IN	Data Raw: 70 69 2e 4b 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 6e 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 70 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 31 45 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3e 3e 3e 30 29 2c 6b 61 3d 30 2c 6c 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 7d 63 2e 70 72 6f 74 6f 74 79 70 65 3d 62 2e 70 72 6f 74 6f 74 79 70 65 3b 61 2e 4d 3d 62 2e 70 72 6f 74 6f 74 79 70 65 3b 61 2e 70 72 6f 74 6f 74 79 70 65 Data Ascii: pi.K=(new Date).getTime();/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0/var n=this\|\|self,p="closure_uid_"+(1E9Math.random()>>>0),ka=0,la=function(a,b){function c(){}c.prototype=b.prototype;a.M=b.prototype;a.prototype
2023-05-26 09:52:23 UTC	406	IN	Data Raw: 70 61 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 48 2e 74 6f 53 74 72 69 6e 67 28 29 7d 3b 6e 65 77 20 70 61 3b 76 61 72 20 71 61 3d 7b 7d 2c 72 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 71 61 21 3d 3d 71 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 53 61 66 65 53 74 79 6c 65 53 68 65 65 74 20 69 73 20 6e 6f 74 20 6d 65 61 6e 74 20 74 6f 20 62 65 20 62 75 69 6c 74 20 64 69 72 65 63 74 6c 79 22 29 3b 74 68 69 73 2e 47 3d 22 22 7d 3b 72 61 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 47 2e 74 6f 53 74 72 69 6e 67 28 29 7d 3b 6e 65 77 20 72 61 3b 76 61 72 20 73 61 3d 7b 7d 2c 74 61 3d Data Ascii: pa.prototype.toString=function(){return this.H.toString()};new pa;var qa={},ra=function(){if(qa!==qa)throw Error("SafeStyleSheet is not meant to be built directly");this.G=""};ra.prototype.toString=function(){return this.G.toString()};new ra;var sa={},ta=
2023-05-26 09:52:23 UTC	407	IN	Data Raw: 76 61 72 20 63 3d 61 2e 65 6e 74 72 69 65 73 5b 62 5d 3b 69 66 28 63 29 72 65 74 75 72 6e 20 63 3b 63 3d 49 28 61 2c 62 2e 73 6c 69 63 65 28 30 2c 4d 61 74 68 2e 6d 61 78 28 62 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2e 22 29 2c 30 29 29 29 3b 76 61 72 20 64 3d 0a 6e 65 77 20 78 61 28 62 2c 63 29 3b 61 2e 65 6e 74 72 69 65 73 5b 62 5d 3d 64 3b 63 2e 63 68 69 6c 64 72 65 6e 2e 70 75 73 68 28 64 29 3b 72 65 74 75 72 6e 20 64 7d 2c 4a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 48 7c 7c 28 48 3d 6e 65 77 20 41 61 29 3b 72 65 74 75 72 6e 20 48 7d 3b 2f 2a 0a 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 42 61 3d 5b 5d 2c 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 Data Ascii: var c=a.entries[b];if(c)return c;c=I(a,b.slice(0,Math.max(b.lastIndexOf("."),0)));var d=new xa(b,c);a.entries[b]=d;c.children.push(d);return d},J=function(){H\|\|(H=new Aa);return H};/* SPDX-License-Identifier: Apache-2.0*/var Ba=[],Ca=function(a){var
2023-05-26 09:52:23 UTC	408	IN	Data Raw: 68 3d 28 5b 5e 26 23 5d 2a 29 22 2c 22 67 22 29 3b 69 66 28 61 3d 61 26 26 28 63 2e 65 78 65 63 28 61 29 7c 7c 64 2e 65 78 65 63 28 61 29 29 29 74 72 79 7b 62 3d 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 5b 32 5d 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 72 65 74 75 72 6e 20 62 7d 2c 4a 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 4d 28 52 2c 22 50 51 22 2c 5b 5d 29 3b 52 2e 50 51 3d 5b 5d 3b 76 61 72 20 63 3d 62 2e 6c 65 6e 67 74 68 3b 69 66 28 30 3d 3d 3d 63 29 61 28 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 64 3d 30 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 2b 2b 64 3d 3d 3d 63 26 26 61 28 29 7d 2c 66 3d 30 3b 66 3c 63 3b 66 2b 2b 29 62 5b 66 5d 28 65 29 7d 2c 53 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e Data Ascii: h=([^&#]*)","g");if(a=a&&(c.exec(a)\|\|d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},Ja=function(a){var b=M(R,"PQ",[]);R.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},S=function(a){return
2023-05-26 09:52:23 UTC	410	IN	Data Raw: 20 70 72 6f 63 65 73 73 6f 72 20 66 6f 72 3a 20 22 2b 6b 29 3b 6c 7c 7c 57 28 22 66 61 69 6c 65 64 20 74 6f 20 67 65 6e 65 72 61 74 65 20 6c 6f 61 64 20 75 72 6c 22 29 3b 62 3d 6c 3b 63 3d 62 2e 6d 61 74 63 68 28 55 61 29 3b 28 64 3d 62 2e 6d 61 74 63 68 28 56 61 29 29 26 26 31 3d 3d 3d 64 2e 6c 65 6e 67 74 68 26 26 57 61 2e 74 65 73 74 28 62 29 26 26 63 26 26 31 3d 3d 3d 63 2e 6c 65 6e 67 74 68 7c 7c 57 28 22 66 61 69 6c 65 64 20 73 61 6e 69 74 79 3a 20 22 2b 61 29 3b 74 72 79 7b 61 3d 22 3f 22 3b 69 66 28 65 26 26 30 3c 65 2e 6c 65 6e 67 74 68 29 7b 63 3d 62 3d 30 3b 66 6f 72 28 64 3d 7b 7d 3b 63 3c 65 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 71 3d 65 5b 63 2b 2b 5d 3b 66 3d 76 6f 69 64 20 30 3b 6b 3d 74 79 70 65 6f 66 20 71 3b 66 3d 22 6f 62 6a 65 63 Data Ascii: processor for: "+k);l\|\|W("failed to generate load url");b=l;c=b.match(Ua);(d=b.match(Va))&&1===d.length&&Wa.test(b)&&c&&1===c.length\|\|W("failed sanity: "+a);try{a="?";if(e&&0<e.length){c=b=0;for(d={};c<e.length;){var q=e[c++];f=void 0;k=typeof q;f="objec
2023-05-26 09:52:23 UTC	411	IN	Data Raw: 2c 6b 3d 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 66 5b 30 5d 29 2c 6d 3d 0a 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 66 5b 31 5d 29 3b 32 3d 3d 66 2e 6c 65 6e 67 74 68 26 26 6b 26 26 6d 26 26 28 61 5b 6b 5d 3d 61 5b 6b 5d 7c 7c 6d 29 7d 62 3d 22 2f 22 2b 63 2e 6a 6f 69 6e 28 22 2f 22 29 3b 50 61 2e 74 65 73 74 28 62 29 7c 7c 57 28 22 69 6e 76 61 6c 69 64 5f 70 72 65 66 69 78 22 29 3b 63 3d 30 3b 66 6f 72 28 64 3d 51 61 2e 6c 65 6e 67 74 68 3b 63 3c 64 3b 2b 2b 63 29 51 61 5b 63 5d 2e 74 65 73 74 28 62 29 26 26 57 28 22 69 6e 76 61 6c 69 64 5f 70 72 65 66 69 78 22 29 3b 63 3d 58 28 61 2c 22 6b 22 2c 21 30 29 3b 64 3d 58 28 61 2c 22 61 6d 22 29 3b 65 3d 58 28 61 2c 22 72 73 22 29 3b 61 3d 58 28 61 2c 22 74 22 29 3b 72 65 74 Data Ascii: ,k=decodeURIComponent(f[0]),m=decodeURIComponent(f[1]);2==f.length&&k&&m&&(a[k]=a[k]\|\|m)}b="/"+c.join("/");Pa.test(b)\|\|W("invalid_prefix");c=0;for(d=Qa.length;c<d;++c)Qa[c].test(b)&&W("invalid_prefix");c=X(a,"k",!0);d=X(a,"am");e=X(a,"rs");a=X(a,"t");ret
2023-05-26 09:52:23 UTC	412	IN	Data Raw: 0a 65 6c 73 65 7b 76 61 72 20 62 3d 63 62 28 29 2c 63 3d 22 22 3b 6e 75 6c 6c 21 3d 3d 62 26 26 28 63 3d 27 20 6e 6f 6e 63 65 3d 22 27 2b 62 2b 27 22 27 29 3b 61 3d 22 3c 22 2b 59 2b 27 20 73 72 63 3d 22 27 2b 65 6e 63 6f 64 65 55 52 49 28 61 29 2b 27 22 27 2b 63 2b 22 3e 3c 2f 22 2b 59 2b 22 3e 22 3b 4c 2e 77 72 69 74 65 28 5a 3f 5a 2e 63 72 65 61 74 65 48 54 4d 4c 28 61 29 3a 61 29 7d 7d 2c 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 4c 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 59 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 5a 3f 5a 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 3b 61 3d 63 62 28 29 3b 6e 75 6c 6c 21 3d 3d 61 26 26 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e Data Ascii: else{var b=cb(),c="";null!==b&&(c=' nonce="'+b+'"');a="<"+Y+' src="'+encodeURI(a)+'"'+c+"></"+Y+">";L.write(Z?Z.createHTML(a):a)}},db=function(a){var b=L.createElement(Y);b.setAttribute("src",Z?Z.createScriptURL(a):a);a=cb();null!==a&&b.setAttribute("non
2023-05-26 09:52:23 UTC	413	IN	Data Raw: 29 2e 75 70 64 61 74 65 3b 46 3f 46 28 66 29 3a 66 26 26 4d 28 52 2c 22 63 75 22 2c 5b 5d 29 2e 70 75 73 68 28 66 29 3b 69 66 28 45 29 7b 55 28 22 6d 65 30 22 2c 78 2c 4f 29 3b 74 72 79 7b 67 62 28 45 2c 63 2c 71 29 7d 66 69 6e 61 6c 6c 79 7b 55 28 22 6d 65 31 22 2c 78 2c 4f 29 7d 7d 72 65 74 75 72 6e 20 31 7d 3b 30 3c 6b 26 26 28 41 3d 4b 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 62 61 3d 21 30 3b 6d 28 29 7d 2c 6b 29 29 3b 76 61 72 20 72 3d 62 62 28 61 2c 63 61 29 3b 69 66 28 72 2e 6c 65 6e 67 74 68 29 7b 72 3d 62 62 28 61 2c 6c 29 3b 76 61 72 20 75 3d 4d 28 52 2c 22 43 50 22 2c 5b 5d 29 2c 76 3d 75 2e 6c 65 6e 67 74 68 3b 75 5b 76 5d 3d 66 75 6e 63 74 69 6f 6e 28 78 29 7b 69 66 28 21 78 29 72 65 74 75 72 6e 20 30 3b 55 28 22 Data Ascii: ).update;F?F(f):f&&M(R,"cu",[]).push(f);if(E){U("me0",x,O);try{gb(E,c,q)}finally{U("me1",x,O)}}return 1};0<k&&(A=K.setTimeout(function(){ba=!0;m()},k));var r=bb(a,ca);if(r.length){r=bb(a,l);var u=M(R,"CP",[]),v=u.length;u[v]=function(x){if(!x)return 0;U("
2023-05-26 09:52:23 UTC	415	IN	Data Raw: 3d 61 2e 6c 65 6e 67 74 68 7c 7c 28 61 3d 61 2e 73 75 62 73 74 72 28 62 29 2e 73 70 6c 69 74 28 22 3a 22 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 21 5b 22 61 70 69 22 2c 22 70 6c 61 74 66 6f 72 6d 22 5d 2e 69 6e 63 6c 75 64 65 73 28 64 29 7d 29 2c 63 2e 66 65 61 74 75 72 65 73 3d 61 29 29 7d 5d 29 3b 4b 61 2e 62 73 30 3d 77 69 6e 64 6f 77 2e 67 61 70 69 2e 5f 62 73 7c 7c 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 4d 61 28 22 62 73 30 22 29 3b 4b 61 2e 62 73 31 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 4d 61 28 22 62 73 31 22 29 3b 64 65 6c 65 74 65 20 77 69 6e 64 6f 77 2e 67 61 70 69 2e 5f 62 73 3b 77 69 6e 64 6f 77 2e 67 61 70 69 2e 6c 6f 61 64 28 22 22 2c 7b 63 61 6c 6c Data Ascii: =a.length\|\|(a=a.substr(b).split(":").filter(function(d){return!["api","platform"].includes(d)}),c.features=a))}]);Ka.bs0=window.gapi._bs\|\|(new Date).getTime();Ma("bs0");Ka.bs1=(new Date).getTime();Ma("bs1");delete window.gapi._bs;window.gapi.load("",{call
2023-05-26 09:52:23 UTC	416	IN	Data Raw: 69 6f 6e 5f 70 72 65 66 69 78 3a 3a 73 65 3a 5f 2f 77 69 64 67 65 74 2f 70 6c 75 73 2f 63 69 72 63 6c 65 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 70 6c 75 73 5f 73 68 61 72 65 3a 7b 70 61 72 61 6d 73 3a 7b 75 72 6c 3a 22 22 7d 2c 0a 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 3a 73 65 3a 5f 2f 2b 31 2f 73 68 61 72 65 62 75 74 74 6f 6e 3f 70 6c 75 73 53 68 61 72 65 3d 74 72 75 65 26 75 73 65 67 61 70 69 3d 31 22 7d 2c 72 62 72 5f 73 3a 7b 70 61 72 61 6d 73 3a 7b 75 72 6c 3a 22 22 7d 2c 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 3a 73 65 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 72 65 63 6f 62 61 72 73 69 6d 70 6c 65 73 63 72 6f 6c 6c Data Ascii: ion_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""},url:":socialhost:/:session_prefix::se:_/+1/sharebutton?plusShare=true&usegapi=1"},rbr_s:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/render/recobarsimplescroll
2023-05-26 09:52:23 UTC	417	IN	Data Raw: 6c 61 74 65 73 2f 62 61 64 67 65 2e 68 74 6d 6c 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 64 61 74 61 63 6f 6e 6e 65 63 74 6f 72 3a 7b 75 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 64 61 74 61 63 6f 6e 6e 65 63 74 6f 72 2e 63 6f 72 70 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 75 69 2f 77 69 64 67 65 74 76 69 65 77 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 73 75 72 76 65 79 6f 70 74 69 6e 3a 7b 75 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 68 6f 70 70 69 6e 67 2f 63 75 73 74 6f 6d 65 72 72 65 76 69 65 77 73 2f 6f 70 74 69 6e 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 73 Data Ascii: lates/badge.html?usegapi=1"},dataconnector:{url:"https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1"},surveyoptin:{url:"https://www.google.com/shopping/customerreviews/optin?usegapi=1"},":socialhost:":"https://apis.google.com",s
2023-05-26 09:52:23 UTC	418	IN	Data Raw: 62 69 6c 69 74 79 3a 7b 70 61 72 61 6d 73 3a 7b 75 72 6c 3a 22 22 7d 2c 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 76 69 73 69 62 69 6c 69 74 79 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3a 7b 70 61 72 61 6d 73 3a 7b 75 72 6c 3a 22 22 7d 2c 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 61 75 74 6f 63 6f 6d 70 6c 65 74 65 22 7d 2c 0a 22 3a 73 69 67 6e 75 70 68 6f 73 74 3a 22 3a 22 68 74 74 70 73 3a 2f 2f 70 6c 75 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 72 61 74 69 6e 67 62 61 64 67 65 3a 7b 75 72 6c 3a 22 68 74 74 Data Ascii: bility:{params:{url:""},url:":socialhost:/:session_prefix:_/widget/render/visibility?usegapi=1"},autocomplete:{params:{url:""},url:":socialhost:/:session_prefix:_/widget/render/autocomplete"},":signuphost:":"https://plus.google.com",ratingbadge:{url:"htt
2023-05-26 09:52:23 UTC	419	IN	Data Raw: 3d 31 22 7d 2c 73 61 76 65 74 6f 77 61 6c 6c 65 74 3a 7b 75 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 70 61 79 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 67 70 2f 76 2f 77 69 64 67 65 74 2f 73 61 76 65 22 7d 2c 0a 70 65 72 73 6f 6e 3a 7b 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 74 3a 2f 3a 73 65 73 73 69 6f 6e 5f 70 72 65 66 69 78 3a 5f 2f 77 69 64 67 65 74 2f 72 65 6e 64 65 72 2f 70 65 72 73 6f 6e 3f 75 73 65 67 61 70 69 3d 31 22 7d 2c 73 61 76 65 74 6f 64 72 69 76 65 3a 7b 75 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 64 72 69 76 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 61 76 65 74 6f 64 72 69 76 65 62 75 74 74 6f 6e 3f 75 73 65 67 61 70 69 3d 31 22 2c 6d 65 74 68 6f 64 73 3a 5b 22 73 61 76 65 22 5d 7d 2c 70 61 67 65 3a 7b 75 72 6c 3a 22 3a 73 6f 63 69 61 6c 68 6f 73 Data Ascii: =1"},savetowallet:{url:"https://pay.google.com/gp/v/widget/save"},person:{url:":socialhost:/:session_prefix:_/widget/render/person?usegapi=1"},savetodrive:{url:"https://drive.google.com/savetodrivebutton?usegapi=1",methods:["save"]},page:{url:":socialhos

Timestamp	kBytes transferred	Direction	Data
2023-05-26 09:52:24 UTC	420	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1805 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://drive.google.com X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://drive.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
2023-05-26 09:52:24 UTC	421	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 30 2c 30 5d 5d 5d 2c 31 38 39 2c 5b 5b 22 31 36 38 35 31 32 37 31 34 33 39 33 38 22 2c 6e 75 6c 6c 2c 5b 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 5b 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 38 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,[1,0,0]]],189,[["1685127143938",null,[],null,null,null,null,"[[[null,null,8,null,[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nul
2023-05-26 09:52:24 UTC	423	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://drive.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 May 2023 09:52:24 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-26 09:52:24 UTC	423	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2023-05-26 09:52:24 UTC	424	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	11:52:15
Start date:	26/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff6f9750000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	1
Start time:	11:52:16
Start date:	26/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6f9750000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	2
Start time:	11:52:18
Start date:	26/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Imagebase:	0x7ff6f9750000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre