Windows Analysis Report
https://drive.google.com/file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview

Overview

General Information

Sample URL:	https://drive.google.com/file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview
Analysis ID:	1461449
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

Source: https://support.google.com/docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1	HTTP Parser: No favicon
Source: https://support.google.com/docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1	HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49729 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49729 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=vhnJCzrs6tCTLSxaZbDKEPtFVazjzwgR3ibbJs172dz1MU4MXRt_Vz-q3L_50M2noEwE5vwJ0UwumdMPEIU6Ozhnga4zGSmfZvI-3qxjRvW_Q76GN2Yy5ZUuVWJklxfKIRIcmzeZRSJNzCwI8F85EzSf8tZozL_PXqa18K-0j94
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /drive/bin/answer.py?hl=en&answer=148505 HTTP/1.1Host: support.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=vhnJCzrs6tCTLSxaZbDKEPtFVazjzwgR3ibbJs172dz1MU4MXRt_Vz-q3L_50M2noEwE5vwJ0UwumdMPEIU6Ozhnga4zGSmfZvI-3qxjRvW_Q76GN2Yy5ZUuVWJklxfKIRIcmzeZRSJNzCwI8F85EzSf8tZozL_PXqa18K-0j94
Source: global traffic	HTTP traffic detected: GET /drive/answer/148505?hl=en HTTP/1.1Host: support.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=vhnJCzrs6tCTLSxaZbDKEPtFVazjzwgR3ibbJs172dz1MU4MXRt_Vz-q3L_50M2noEwE5vwJ0UwumdMPEIU6Ozhnga4zGSmfZvI-3qxjRvW_Q76GN2Yy5ZUuVWJklxfKIRIcmzeZRSJNzCwI8F85EzSf8tZozL_PXqa18K-0j94
Source: global traffic	HTTP traffic detected: GET /docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1 HTTP/1.1Host: support.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /apis/caseslist?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714245%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680%2C10803751%2C97601634&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.1.664997084.1719200251
Source: global traffic	HTTP traffic detected: GET /apis/prefinsert?v=0&helpcenter=docs&hl=en&key=support-content&request_source=1&service_configuration=&mendel_ids=10800112,1706538,1714245,10800561,10800621,10800672,10800695,10800700,10800707,10800738,10800761,10800763,10800848,10800880,10800922,10800950,10800957,10801032,10801042,10801150,10801288,10801345,10801510,10801539,10801601,10801704,10801736,10801757,10802104,10802277,10802281,10802381,10802419,10802571,10802616,10802624,10802781,10803188,10803213,10803447,10803680,10803751,97601634 HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.1.664997084.1719200251
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.JHoMBbBABZg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_6Zf8M75AJqSyaaLg_vD7Vr9kevQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.google.com/docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.3.664997084.1719200251; _gid=GA1.3.573035854.1719200255; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /apis/logjourney?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714245%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680%2C10803751%2C97601634&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.3.664997084.1719200251; _gid=GA1.3.573035854.1719200255; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.3.664997084.1719200251; _gid=GA1.3.573035854.1719200255; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-

Source: chromecache_104.2.dr	String found in binary or memory: <li>Publicly sharing videos that do not comply with the <a href="https://www.youtube.com/howyoutubeworks/policies/community-guidelines/" rel="noopener">YouTube Community Guidelines</a>.</li> equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: ;function ns(){this.part="snippet,id,contentDetails,localizations,statistics";this.Ak=new Yr({serverUrl:"https://www.googleapis.com/youtube/v3",serviceName:"youtubeDataApi"})} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: ;var Oea=wa(["//www.youtube.com/player_api"]),Pea=Eo(Oea),ps=[],Qea=!1;function qs(){if(!Qea){window.onYouTubeIframeAPIReady=Rea;var a=dq("SCRIPT");eo(a,Pea);document.head.appendChild(a);Qea=!0}} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: ;var nqa=wa(["//www.youtube.com/player_api"]),dB=4/3,oqa=16/9,eB={autoplay:1,cc_load_policy:1,controls:2,hl:"en",rel:0,playsinline:0};function fB(a){var b=a.Eb;var c=a.Fl===void 0?!1:a.Fl;a=a.playerVars===void 0?eB:a.playerVars;A.call(this,"sc.tailwind.shared.video.VideoPlayer");this.o=!1;this.ma=0;this.Eb=b;this.Fl=c;this.id=this.Eb.getId();this.playerVars=a;b=this.Eb.mediumThumbnail.width;c=this.Eb.mediumThumbnail.height;this.aspectRatio=b&&c?b/c===dB?dB:oqa:dB;this.watch(this.Eb)} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: Wa=Wa.split("-")[0].toLowerCase();if(Sa===Wa\|\|e.localizations&&e.localizations[a.ua])a.ma=!0;e="https://www.youtube.com/embed/"+encodeURIComponent(a.id);a.embedUrl=e}a.state=2;a.Ea(0);Bp("youtube_video_model/load/success");return Qa(c,0)}Ra(c);a.state=3;a.Ea(0);Bp("youtube_video_model/load/failure");Oa(c)})} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: b.open("GET","https://www.googleapis.com/youtube/v3/videos?part=snippet%2C+id&key=AIzaSyD-4tE5aKFZYIS_IrfpCDRsgQZbv5VCJZM&id="+a.ma);b.send()} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: function jB(a){if(hp())z().rs==2?window.YT&&window.YT.Player?lB(a,a.o):(ps.push(function(f){lB(this,f)}.bind(a,a.o)),qs()):op("//www.youtube.com/embed/"+a.ma+"/?rel=0&cc_load_policy=1&autoplay=1&hl="+window.sc_pageModel.lang); equals www.youtube.com (Youtube)
Source: chromecache_96.2.dr	String found in binary or memory: hf=w(["https://sandbox.google.com/tools/feedback/"]),jf=w(["https://www.google.cn/tools/feedback/"]),kf=w(["https://help.youtube.com/tools/feedback/"]),lf=w(["https://asx-frontend-staging.corp.google.com/inapp/"]),mf=w(["https://asx-frontend-staging.corp.google.com/tools/feedback/"]),nf=w(["https://localhost.corp.google.com/inapp/"]),of=w(["https://localhost.proxy.googlers.com/inapp/"]),pf=T(Re),qf=[T(Se),T(Te)],rf=[T(Ue),T(Ve),T(We),T(Xe),T(Ye),T(Ze),T($e),T(af),T(bf),T(cf)],sf=[T(df),T(ef)],tf= equals www.youtube.com (Youtube)
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: return b}yD.J="internal.enableAutoEventOnTimer";var ic=la(["data-gtm-yt-inspected-"]),AD=["www.youtube.com","www.youtube-nocookie.com"],BD,CD=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: support.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: unknown

HTTP traffic detected: POST /apis/caseslist?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714245%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680%2C10803751%2C97601634&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveContent-Length: 2sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-Type: application/json+protobufX-SupportContent-AllowApiCookieAuth: trueX-SupportContent-XsrfToken: sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://support.google.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://support.google.com/docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 24 Jun 2024 03:37:05 GMTContent-Type: text/html; charset=utf-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-H4eF8FCoSemlf-Na0DObMQ' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/viewer/Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-ttReferrer-Policy: strict-origin-when-cross-originX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSESet-Cookie: NID=515=vhnJCzrs6tCTLSxaZbDKEPtFVazjzwgR3ibbJs172dz1MU4MXRt_Vz-q3L_50M2noEwE5vwJ0UwumdMPEIU6Ozhnga4zGSmfZvI-3qxjRvW_Q76GN2Yy5ZUuVWJklxfKIRIcmzeZRSJNzCwI8F85EzSf8tZozL_PXqa18K-0j94; expires=Tue, 24-Dec-2024 03:37:05 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked

Source: chromecache_96.2.dr	String found in binary or memory: http://localhost.corp.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: http://localhost.proxy.googlers.com/inapp/
Source: chromecache_83.2.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_104.2.dr	String found in binary or memory: http://www.google.com/support/websearch/bin/answer.py?hl=
Source: chromecache_88.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_88.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_105.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_109.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_83.2.dr, chromecache_88.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_104.2.dr, chromecache_88.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_88.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_88.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_104.2.dr	String found in binary or memory: https://drive.google.com/
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback-pa.clients6.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/annotator.css
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/render_frame2.html
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_113.2.dr, chromecache_76.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmZjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmdjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmtjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmxjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmZjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmdjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmtjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmxjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qE52i1dC.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qER2i1dC.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEV2i1dC.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEl2i1dC.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2)
Source: chromecache_83.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_83.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_83.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_83.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.0.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.1.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.10.w
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.2.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.3.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.4.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.5.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.6.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.7.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.8.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.9.wo
Source: chromecache_76.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2)
Source: chromecache_76.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2)
Source: chromecache_76.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2)
Source: chromecache_76.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2)
Source: chromecache_96.2.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_104.2.dr	String found in binary or memory: https://guidebooks.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://help.youtube.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://localhost.corp.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://localhost.proxy.googlers.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://moltron-pa.clients6.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://myaccount.google.com/privacypolicy?hl=
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_104.2.dr	String found in binary or memory: https://play.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://play.google.com/about/developer-content-policy/
Source: chromecache_104.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_88.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_104.2.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_104.2.dr	String found in binary or memory: https://policies.google.com/terms/generative-ai
Source: chromecache_104.2.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_104.2.dr	String found in binary or memory: https://policies.google.com/terms?hl=
Source: chromecache_104.2.dr	String found in binary or memory: https://safebrowsing.google.com/#policies
Source: chromecache_96.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_96.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_104.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_96.2.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://stagingqual-feedback-pa-googleapis.sandbox.google.com
Source: chromecache_105.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_109.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com
Source: chromecache_96.2.dr, chromecache_104.2.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/communities/answer/7424249
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/communities/answer/7425194
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_109.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_96.2.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_104.2.dr, chromecache_85.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_109.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_109.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_109.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_105.2.dr, chromecache_104.2.dr, chromecache_85.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/accounts/TOS?hl=en&loc=US
Source: chromecache_109.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/policies/terms/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&onload=
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&render=explicit&onload=
Source: chromecache_96.2.dr, chromecache_104.2.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_88.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_88.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_104.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3
Source: chromecache_104.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3/videos?part=snippet%2C
Source: chromecache_85.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_109.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_104.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-H30R9PNQFN
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_83.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_83.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_83.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_105.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_104.2.dr	String found in binary or memory: https://www.youtube.com/embed/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.youtube.com/howyoutubeworks/policies/community-guidelines/

Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/77@16/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2364,i,6859509374505570292,12830168475801442784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2364,i,6859509374505570292,12830168475801442784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.78	docs.google.com	United States	15169	GOOGLEUS	false
172.217.16.206	drive.google.com	United States	15169	GOOGLEUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.142	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
docs.google.com	142.250.185.78	true
play.google.com	142.250.185.78	true
plus.l.google.com	142.250.185.142	true
drive.google.com	172.217.16.206	true
www.google.com	172.217.18.4	true
support.google.com	142.250.185.78	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
apis.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/generate_204	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.google.com/apis/prefinsert?v=0&helpcenter=docs&hl=en&key=support-content&request_source=1&service_configuration=&mendel_ids=10800112,1706538,1714245,10800561,10800621,10800672,10800695,10800700,10800707,10800738,10800761,10800763,10800848,10800880,10800922,10800950,10800957,10801032,10801042,10801150,10801288,10801345,10801510,10801539,10801601,10801704,10801736,10801757,10802104,10802277,10802281,10802381,10802419,10802571,10802616,10802624,10802781,10803188,10803213,10803447,10803680,10803751,97601634	false	Avira URL Cloud: safe	unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.JHoMBbBABZg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_6Zf8M75AJqSyaaLg_vD7Vr9kevQ/cb=gapi.loaded_0	false	URL Reputation: safe	unknown
https://drive.google.com/file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview	false		unknown
https://support.google.com/docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1	false		unknown
https://support.google.com/apis/caseslist?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714245%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680%2C10803751%2C97601634&authuser=0&v=1&helpcenter=docs	false	Avira URL Cloud: safe	unknown
https://play.google.com/log?format=json&hasfast=true	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
https://support.google.com/drive/bin/answer.py?hl=en&answer=148505	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.google.com/drive/answer/148505?hl=en	false	Avira URL Cloud: safe	unknown
https://support.google.com/favicon.ico	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.google.com/apis/logjourney?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714245%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680%2C10803751%2C97601634&authuser=0&v=1&helpcenter=docs	false	Avira URL Cloud: safe	unknown
https://docs.google.com/favicon.ico	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 24 02:37:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	93E58EF37032992282734C3DA9C78CD2	30FD46CB9C543C6B378276D1411A5D2FCC907758	A736E544BB7733829208308D734D5A9EA64270EAEDA180B3BDA5DCCF24A24606
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 24 02:37:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	520C10411FEB100A399C90EE765BFC95	61CE643BCD6F9DAB822CC6AE6E8B3C808A493DD4	3D97228341DF845B59DBB370C6643D8A5D46F41EE708DE497DE2601C3CD1E0C6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FD1B62F23CEE149819A58FCD26BD907D	A001687CD67DE3D8138DA6556850AA873F751DC9	10B77DABCC622C46C35B8AB172C6F4ABC9B12C34D19FAAA2A4C8B166BC93F922
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 24 02:37:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7AD24C081088BE60EAA1052CAD139AF2	7E425D2BA572C5778A869EB44132599B51995F35	20A2690F9EA25FAAA727CAEC979D1AC68D3DAFE7ED18F55AFB0118E69E8F5215
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 24 02:37:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7CC35DBAFC819D7B59259EF419AB9D45	09B17A829B59A2421D619569B3551493293D5E6D	316ECC6CF80A0C824BFCC28EC8729575A0E94CE78C312CEFCF8BAD79087BE272
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 24 02:37:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	AA91220AF78DF625DBCAC4EBE7FF728D	45705A33721A02008DA0BAD29DB1E30FB2C88631	5F6F7430FF841058FE555B6465BFFBD2AEAE0200459154D77B6FC6F2C9DE43C0
Chrome Cache Entry: 100	ASCII text, with very long lines (4876), with no line terminators	6A912CB853722819FEA5E573BEE7CE9C	D5D7AAC77D792E50BFB6B4C08E8B33643F8BCC56	CA5A2FDF2AA3C139E5313D677F5F0CE1CE79CFEAC6E16EDCCF1B9A6FCB46BD0C
Chrome Cache Entry: 101	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Chrome Cache Entry: 102	Web Open Font Format (Version 2), TrueType, length 14796, version 1.0	675DF44DB2BAFC60DF7052DA41F6C94B	8B766EB9F1DC9F4F6B6C81028570FD03A5F59509	8300BA70904617A47A80E9098FE00B3F7AEFD328519318C420289B0BBDFB5E2C
Chrome Cache Entry: 103	PNG image data, 116 x 41, 8-bit/color RGBA, non-interlaced	A62A4E4A142FBC4A6583B50C154AA1BD	105DAF8E2CCDD2AD5C18D507CDAE5926FBA0E764	A9CEF4D58336842DC12848055C5E8D17A02B2FEF3EEC87E5AD171DC699D49D23
Chrome Cache Entry: 104	HTML document, Unicode text, UTF-8 text, with very long lines (54627)	CC503E1D7AB6BB48B8C5AA2E17416C1B	7DB05719244A1325E0A34B104ACDAD0ED97F1D28	C274A779005C46A383E729138BE2EB064A2BE4E5D796F2CBE46F88C01A9528EF
Chrome Cache Entry: 105	ASCII text, with very long lines (5945)	06EC7DB07776F2E4246E46943228DF9E	B5DFE922CCFE301D42A6A5FC9D032BCB1660117A	38A799489733DDC826667FB2A0CDDF070F19D4AC99EB6678EFB5CDCF871B1434
Chrome Cache Entry: 106	Web Open Font Format (Version 2), TrueType, length 9832, version 1.0	4904E4512C44FF90A67249421A174F8D	6FF8BFAB9C2AD320BF52A628F35861790C75A23E	8589F8DE6CFF2670DEBC131476EFDD070303664BCE3A0B7E231EF16A0BFB6BB9
Chrome Cache Entry: 107	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Chrome Cache Entry: 108	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 109	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 110	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 111	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 112	Web Open Font Format (Version 2), TrueType, length 35060, version 1.0	0360DBC6E8C09DCE9183A1FD78F3BE2E	6CD4B65A94707AE941D78B12F082C968CB05EC92	2DB6BC36808D43FA89029C652636E206FA3E889B35ECF71814AB85F8BA944AF3
Chrome Cache Entry: 113	ASCII text	C8FFC386DE3B2056FB79BE94F3D30F1F	E401F137EEADD957077148B0520EB7161E63BEE2	7F750D218718DBC45D41A9908008A1BA5B0D32CBA9FA57E0691E30E9ABC7DF29
Chrome Cache Entry: 74	SVG Scalable Vector Graphics image	678F0DD4F96ED208AE638043469A4F84	B94FA6E66F07BBD17ED18586448078D25E687F57	66CEF6A86EA1B23495619C0B32764347E13B162A7FA57BACE6D3E1598C47FEA1
Chrome Cache Entry: 75	Web Open Font Format (Version 2), TrueType, length 7764, version 1.0	840275CCD07904AE4081556FD92B784F	3599B52C76D614FF957CEE2606AC67D61E8F50A8	4053825BF798F2D0CAF91D40483D4447ECEADEE819DB6AC1C7DC498B9AD41F49
Chrome Cache Entry: 76	ASCII text	B939B48641DD382769F5A921A51354D1	3E649193F051D481FCA5EB499FCB451ED6DB14C2	87DE156E2BD6004CC029BDEC39839C051DC935899C041DD6CA96E98C2585C402
Chrome Cache Entry: 77	ASCII text, with very long lines (1203)	073DACAAD1F71A1B60CB6C73BE21A940	5D58B96FBF447E3EDAA6BE0E06AD7386EC66C2E6	D83F983E6D22A2A2D37E3EE9D2E119BFFF7EF1C8E7B8671DF73BEA8BC93F9FC2
Chrome Cache Entry: 78	Web Open Font Format (Version 2), TrueType, length 11772, version 1.0	6F4D4A8899EE0298DB1717070AE4761E	44F0F6B77E5AB005E6F74C4EC65DC7600503B4E2	CC3DCEB979B73443783E4E0837A1609009CBB7F6C31683B5171BC9A930F7D7AD
Chrome Cache Entry: 79	Web Open Font Format (Version 2), TrueType, length 5164, version 1.0	E1D4C2969A3DD92F91FEA51F652831EF	FF3BE3617B93FCA22D758F43920ABFA313337BC2	570D2DC2CE988D8AE09147EE2ECA5EC53F8D5F036E84E3212BF03503374054E5
Chrome Cache Entry: 80	Web Open Font Format (Version 2), TrueType, length 8700, version 1.0	2FE42D3535DA679F04F3D17C6365A3B3	64DA6FE900FDBB59AB97F956ECDE4E57F9848403	1B36C0B0A947C1A484C4384FDE4735E3FBE8F0EAAA04B058B74C83425B08D4B0
Chrome Cache Entry: 81	Web Open Font Format (Version 2), TrueType, length 21552, version 1.0	EA2C3CF1BE388BD3FBE9D0CD8AFEE11C	6647CBAF7BFEDD842F806549F5C3433A19EAB1AB	1CF04407E728EA1EBF82DC1C6B45D12632CB3202FF8F4556F380B16E57484F27
Chrome Cache Entry: 82	PNG image data, 116 x 41, 8-bit/color RGBA, non-interlaced	A62A4E4A142FBC4A6583B50C154AA1BD	105DAF8E2CCDD2AD5C18D507CDAE5926FBA0E764	A9CEF4D58336842DC12848055C5E8D17A02B2FEF3EEC87E5AD171DC699D49D23
Chrome Cache Entry: 83	ASCII text, with very long lines (2297)	E98446119D91D531DB4EDADCB9CD9F96	2B93F402643D258DC13D7629C58A75ABEFD0E5D7	1C2F3E74864754CF1D9F9992CC3BC16781B9745B7DF27148911A3A3F070FE126
Chrome Cache Entry: 84	ASCII text, with no line terminators	7C75EAA17B37BC1FB911C80DBC99E4EB	447C43B1F1801D3923E154C8745100ED0B915012	0105D84E88CE0378E75A047F73F4B7845054BE0440FC588428B0A15F4ADE3C05
Chrome Cache Entry: 85	ASCII text, with very long lines (1822)	E186C17A7AEEF626E73DF2AD0CDB2DA8	190AA85C3A095375BA462FCBAA6A44BCD71E3DCC	380FDFAD19F4896B69E09DB1B9ACDF2A5B3B55FEC60F528ABCFDF70D491B9530
Chrome Cache Entry: 86	Web Open Font Format (Version 2), TrueType, length 21716, version 1.0	D4FF90DB5DA894C833F356F47A16E408	30606044507D81B996C992895AB16B8A8D68BE97	F2C761EE3CE27469F940A05B64E38A829A400427727CD0BDBB4E36F1D572AFD7
Chrome Cache Entry: 87	Web Open Font Format (Version 2), TrueType, length 15436, version 1.0	037D830416495DEF72B7881024C14B7B	619389190B3CAFAFB5DB94113990350ACC8A0278	1D5B7C64458F4AF91DCFEE0354BE47ADDE1F739B5ADED03A7AB6068A1BB6CA97
Chrome Cache Entry: 88	ASCII text, with very long lines (2140)	F36443AFF59269C1F830294760230795	F3CDA9EBBC1E8CBC873386A305BDA4A883EA75A9	EE74A56BAFE09978B8744A71246CB5C9D77EE849E300DC2D48AF8BD3067F82EC
Chrome Cache Entry: 89	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	916C9BCCCF19525AD9D3CD1514008746	9CCCE6978D2417927B5150FFAAC22F907FF27B6E	358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50
Chrome Cache Entry: 90	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	916C9BCCCF19525AD9D3CD1514008746	9CCCE6978D2417927B5150FFAAC22F907FF27B6E	358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50
Chrome Cache Entry: 91	SVG Scalable Vector Graphics image	678F0DD4F96ED208AE638043469A4F84	B94FA6E66F07BBD17ED18586448078D25E687F57	66CEF6A86EA1B23495619C0B32764347E13B162A7FA57BACE6D3E1598C47FEA1
Chrome Cache Entry: 92	ASCII text, with no line terminators	7C75EAA17B37BC1FB911C80DBC99E4EB	447C43B1F1801D3923E154C8745100ED0B915012	0105D84E88CE0378E75A047F73F4B7845054BE0440FC588428B0A15F4ADE3C05
Chrome Cache Entry: 93	ASCII text, with no line terminators	819B69E39EB07A33260D1CB7C6602B65	1460D3775DB13956E5BBCA4E2AC1D6D3194B575C	B08241EBF122168672648B99F3398E5EDBA7592567E9A7C3F502789E8DECB183
Chrome Cache Entry: 94	Web Open Font Format (Version 2), TrueType, length 15208, version 1.0	CD05F978145C3B6F58B800C1FB5EF436	916E50A357512D525C2850C8429E1E091574C9C9	F36242B1AB1AC1316640455B84D157E26487BFBB2B847C6DD4107D6CA071617F
Chrome Cache Entry: 95	Web Open Font Format (Version 2), TrueType, length 14796, version 1.0	BB9D1306FBA272771A89683EA3B0A4FC	7CAD32EAF7748F5AC06CDA557739FC9D5AEC6D9C	483F202789ED694C70F16E9CA008533BE41FC8F9DDC44D832F5818CEF0AC85F2
Chrome Cache Entry: 96	ASCII text, with very long lines (3383)	99A0EDCE52AEBCA5255387E568FB7C2B	0308CE25F4D30D23C7E7588D257CC9E0F32B59B1	24D2E916F361F4BD9360173A34F83FC46F2E02801C9F82DC679CFAF31A5DC7C3
Chrome Cache Entry: 97	Web Open Font Format (Version 2), TrueType, length 3744, version 1.0	76401C24E5DADD117E47C8A3AED24721	2D08A624B4CAA7EEAAEC148D879554DE049C1623	7DDA16A4834B7CD8B77EBEE5723D5AB9090E0F7AE0C6A8280588A92468618933
Chrome Cache Entry: 98	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 99	ASCII text, with no line terminators	7C75EAA17B37BC1FB911C80DBC99E4EB	447C43B1F1801D3923E154C8745100ED0B915012	0105D84E88CE0378E75A047F73F4B7845054BE0440FC588428B0A15F4ADE3C05

Source: https://support.google.com/docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1	HTTP Parser: No favicon
Source: https://support.google.com/docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1	HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49729 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49729 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=vhnJCzrs6tCTLSxaZbDKEPtFVazjzwgR3ibbJs172dz1MU4MXRt_Vz-q3L_50M2noEwE5vwJ0UwumdMPEIU6Ozhnga4zGSmfZvI-3qxjRvW_Q76GN2Yy5ZUuVWJklxfKIRIcmzeZRSJNzCwI8F85EzSf8tZozL_PXqa18K-0j94
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /drive/bin/answer.py?hl=en&answer=148505 HTTP/1.1Host: support.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=vhnJCzrs6tCTLSxaZbDKEPtFVazjzwgR3ibbJs172dz1MU4MXRt_Vz-q3L_50M2noEwE5vwJ0UwumdMPEIU6Ozhnga4zGSmfZvI-3qxjRvW_Q76GN2Yy5ZUuVWJklxfKIRIcmzeZRSJNzCwI8F85EzSf8tZozL_PXqa18K-0j94
Source: global traffic	HTTP traffic detected: GET /drive/answer/148505?hl=en HTTP/1.1Host: support.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=vhnJCzrs6tCTLSxaZbDKEPtFVazjzwgR3ibbJs172dz1MU4MXRt_Vz-q3L_50M2noEwE5vwJ0UwumdMPEIU6Ozhnga4zGSmfZvI-3qxjRvW_Q76GN2Yy5ZUuVWJklxfKIRIcmzeZRSJNzCwI8F85EzSf8tZozL_PXqa18K-0j94
Source: global traffic	HTTP traffic detected: GET /docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1 HTTP/1.1Host: support.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /apis/caseslist?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714245%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680%2C10803751%2C97601634&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.1.664997084.1719200251
Source: global traffic	HTTP traffic detected: GET /apis/prefinsert?v=0&helpcenter=docs&hl=en&key=support-content&request_source=1&service_configuration=&mendel_ids=10800112,1706538,1714245,10800561,10800621,10800672,10800695,10800700,10800707,10800738,10800761,10800763,10800848,10800880,10800922,10800950,10800957,10801032,10801042,10801150,10801288,10801345,10801510,10801539,10801601,10801704,10801736,10801757,10802104,10802277,10802281,10802381,10802419,10802571,10802616,10802624,10802781,10803188,10803213,10803447,10803680,10803751,97601634 HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.1.664997084.1719200251
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.JHoMBbBABZg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_6Zf8M75AJqSyaaLg_vD7Vr9kevQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.google.com/docs/answer/148505?visit_id=638547970485293380-790599392&hl=en&rd=1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.3.664997084.1719200251; _gid=GA1.3.573035854.1719200255; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /apis/logjourney?hl=en&key=support-content&request_source=1&mendel_ids=10800112%2C1706538%2C1714245%2C10800561%2C10800621%2C10800672%2C10800695%2C10800700%2C10800707%2C10800738%2C10800761%2C10800763%2C10800848%2C10800880%2C10800922%2C10800950%2C10800957%2C10801032%2C10801042%2C10801150%2C10801288%2C10801345%2C10801510%2C10801539%2C10801601%2C10801704%2C10801736%2C10801757%2C10802104%2C10802277%2C10802281%2C10802381%2C10802419%2C10802571%2C10802616%2C10802624%2C10802781%2C10803188%2C10803213%2C10803447%2C10803680%2C10803751%2C97601634&authuser=0&v=1&helpcenter=docs HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.3.664997084.1719200251; _gid=GA1.3.573035854.1719200255; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-; SUPPORT_CONTENT=638547970495382778-483282763; _ga_H30R9PNQFN=GS1.1.1719200251.1.0.1719200251.0.0.0; _ga=GA1.3.664997084.1719200251; _gid=GA1.3.573035854.1719200255; _gat_gtag_UA_175894890_5=1
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=mcy1GugGnMZ5MbJ8UqNu-ZGX2t1TuAEWUcVWKP39i7qk8_1ZpHdBUJQpb3MAH5taMLjtU_xFxc4YnFr8CwJcak5eEmoDQHhu4BTyyLmvHcoV2QydpIieaziDWv4bggDnEh5Rh7R_XDLyti_xacQpLK78X4ZmghfFmpEFDqO8-acWofFGM3GeAHBDQjk-

Source: chromecache_104.2.dr	String found in binary or memory: <li>Publicly sharing videos that do not comply with the <a href="https://www.youtube.com/howyoutubeworks/policies/community-guidelines/" rel="noopener">YouTube Community Guidelines</a>.</li> equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: ;function ns(){this.part="snippet,id,contentDetails,localizations,statistics";this.Ak=new Yr({serverUrl:"https://www.googleapis.com/youtube/v3",serviceName:"youtubeDataApi"})} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: ;var Oea=wa(["//www.youtube.com/player_api"]),Pea=Eo(Oea),ps=[],Qea=!1;function qs(){if(!Qea){window.onYouTubeIframeAPIReady=Rea;var a=dq("SCRIPT");eo(a,Pea);document.head.appendChild(a);Qea=!0}} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: ;var nqa=wa(["//www.youtube.com/player_api"]),dB=4/3,oqa=16/9,eB={autoplay:1,cc_load_policy:1,controls:2,hl:"en",rel:0,playsinline:0};function fB(a){var b=a.Eb;var c=a.Fl===void 0?!1:a.Fl;a=a.playerVars===void 0?eB:a.playerVars;A.call(this,"sc.tailwind.shared.video.VideoPlayer");this.o=!1;this.ma=0;this.Eb=b;this.Fl=c;this.id=this.Eb.getId();this.playerVars=a;b=this.Eb.mediumThumbnail.width;c=this.Eb.mediumThumbnail.height;this.aspectRatio=b&&c?b/c===dB?dB:oqa:dB;this.watch(this.Eb)} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: Wa=Wa.split("-")[0].toLowerCase();if(Sa===Wa\|\|e.localizations&&e.localizations[a.ua])a.ma=!0;e="https://www.youtube.com/embed/"+encodeURIComponent(a.id);a.embedUrl=e}a.state=2;a.Ea(0);Bp("youtube_video_model/load/success");return Qa(c,0)}Ra(c);a.state=3;a.Ea(0);Bp("youtube_video_model/load/failure");Oa(c)})} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: b.open("GET","https://www.googleapis.com/youtube/v3/videos?part=snippet%2C+id&key=AIzaSyD-4tE5aKFZYIS_IrfpCDRsgQZbv5VCJZM&id="+a.ma);b.send()} equals www.youtube.com (Youtube)
Source: chromecache_104.2.dr	String found in binary or memory: function jB(a){if(hp())z().rs==2?window.YT&&window.YT.Player?lB(a,a.o):(ps.push(function(f){lB(this,f)}.bind(a,a.o)),qs()):op("//www.youtube.com/embed/"+a.ma+"/?rel=0&cc_load_policy=1&autoplay=1&hl="+window.sc_pageModel.lang); equals www.youtube.com (Youtube)
Source: chromecache_96.2.dr	String found in binary or memory: hf=w(["https://sandbox.google.com/tools/feedback/"]),jf=w(["https://www.google.cn/tools/feedback/"]),kf=w(["https://help.youtube.com/tools/feedback/"]),lf=w(["https://asx-frontend-staging.corp.google.com/inapp/"]),mf=w(["https://asx-frontend-staging.corp.google.com/tools/feedback/"]),nf=w(["https://localhost.corp.google.com/inapp/"]),of=w(["https://localhost.proxy.googlers.com/inapp/"]),pf=T(Re),qf=[T(Se),T(Te)],rf=[T(Ue),T(Ve),T(We),T(Xe),T(Ye),T(Ze),T($e),T(af),T(bf),T(cf)],sf=[T(df),T(ef)],tf= equals www.youtube.com (Youtube)
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: return b}yD.J="internal.enableAutoEventOnTimer";var ic=la(["data-gtm-yt-inspected-"]),AD=["www.youtube.com","www.youtube-nocookie.com"],BD,CD=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: support.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: unknown

Source: global traffic

Source: chromecache_96.2.dr	String found in binary or memory: http://localhost.corp.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: http://localhost.proxy.googlers.com/inapp/
Source: chromecache_83.2.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_104.2.dr	String found in binary or memory: http://www.google.com/support/websearch/bin/answer.py?hl=
Source: chromecache_88.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_88.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_105.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_109.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_83.2.dr, chromecache_88.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.co.uk/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.google.de/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-frontend-staging.corp.google.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://asx-help-frontend-autopush.corp.youtube.com/tools/feedback/
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_104.2.dr, chromecache_88.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_88.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_88.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_104.2.dr	String found in binary or memory: https://drive.google.com/
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback-pa.clients6.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/annotator.css
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback.googleusercontent.com/resources/render_frame2.html
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_96.2.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_113.2.dr, chromecache_76.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmZjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmdjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmtjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmxjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmZjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmdjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmtjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmxjtiu7.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qE52i1dC.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qER2i1dC.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEV2i1dC.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEl2i1dC.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2)
Source: chromecache_83.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_83.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_83.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_83.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.0.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.1.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.10.w
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.2.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.3.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.4.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.5.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.6.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.7.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.8.wo
Source: chromecache_77.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/notocoloremoji/v30/Yq6P-KqIXTD0t4D9z1ESnKM3-HpFabsE4tq3luCC7p-aXxcn.9.wo
Source: chromecache_76.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2)
Source: chromecache_76.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2)
Source: chromecache_76.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2)
Source: chromecache_76.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v19/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2)
Source: chromecache_96.2.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_104.2.dr	String found in binary or memory: https://guidebooks.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://help.youtube.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://localhost.corp.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://localhost.proxy.googlers.com/inapp/
Source: chromecache_104.2.dr	String found in binary or memory: https://moltron-pa.clients6.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://myaccount.google.com/privacypolicy?hl=
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_104.2.dr	String found in binary or memory: https://play.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://play.google.com/about/developer-content-policy/
Source: chromecache_104.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_88.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_104.2.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_104.2.dr	String found in binary or memory: https://policies.google.com/terms/generative-ai
Source: chromecache_104.2.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_104.2.dr	String found in binary or memory: https://policies.google.com/terms?hl=
Source: chromecache_104.2.dr	String found in binary or memory: https://safebrowsing.google.com/#policies
Source: chromecache_96.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_96.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_104.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_96.2.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_96.2.dr	String found in binary or memory: https://stagingqual-feedback-pa-googleapis.sandbox.google.com
Source: chromecache_105.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_109.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com
Source: chromecache_96.2.dr, chromecache_104.2.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/communities/answer/7424249
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/communities/answer/7425194
Source: chromecache_104.2.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/inapp/
Source: chromecache_96.2.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_109.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_96.2.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_88.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_104.2.dr, chromecache_85.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_109.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_109.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_109.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_105.2.dr, chromecache_104.2.dr, chromecache_85.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/accounts/TOS?hl=en&loc=US
Source: chromecache_109.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/policies/terms/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&onload=
Source: chromecache_104.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&render=explicit&onload=
Source: chromecache_96.2.dr, chromecache_104.2.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_96.2.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_105.2.dr, chromecache_85.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_88.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_88.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_104.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3
Source: chromecache_104.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3/videos?part=snippet%2C
Source: chromecache_85.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_109.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_104.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-H30R9PNQFN
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_83.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_83.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_83.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_104.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_105.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_104.2.dr	String found in binary or memory: https://www.youtube.com/embed/
Source: chromecache_104.2.dr	String found in binary or memory: https://www.youtube.com/howyoutubeworks/policies/community-guidelines/

Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/77@16/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2364,i,6859509374505570292,12830168475801442784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2364,i,6859509374505570292,12830168475801442784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1461449
Product:	CloudBasic
Start time:	05:36:09
Start date:	24.06.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://drive.google.com/file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://drive.google.com/file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://drive.google.com/file/d/1Up5eWOx2RUpqZynZGVd1PF8ihD3WJTfX/preview