Windows Analysis Report
http://www.queleas.com/

AV Detection

Source: http://google.com

URL Reputation: Label: malware

Phishing

Source: https://www.queleas.com/

HTTP Parser: Base64 decoded: [null,null,null,3]

Source: https://www.queleas.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4838201668166700&output=html&h=280&slotname=1334458667&adk=3641038832&adf=943920009&pi=t.ma~as.1334458667&w=1074&abgtt=9&fwrn=4&fwrnh=100&lmt=1729811047&rafmt=1&format=1074x280&url=https%3A%2F%2Fwww.queleas.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811042978&bpp=58&bdt=5513&idt=4169&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8300578125854&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=95&ady=834&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=4306
Source: https://www.queleas.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4838201668166700&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1729811047&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.queleas.com%2F&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aiopts=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811043036&bpp=10&bdt=5571&idt=4260&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=1074x280&nras=1&correlator=8300578125854&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=4275
Source: https://www.queleas.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20241023/r20190131/zrt_lookup_fy2021.html
Source: https://www.queleas.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4838201668166700&output=html&h=280&slotname=1334458667&adk=3641038832&adf=943920009&pi=t.ma~as.1334458667&w=1074&abgtt=9&fwrn=4&fwrnh=100&lmt=1729811047&rafmt=1&format=1074x280&url=https%3A%2F%2Fwww.queleas.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811042978&bpp=58&bdt=5513&idt=4169&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8300578125854&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=95&ady=834&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=4306
Source: https://www.queleas.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4838201668166700&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1729811047&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.queleas.com%2F&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aiopts=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811043036&bpp=10&bdt=5571&idt=4260&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=1074x280&nras=1&correlator=8300578125854&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=4275
Source: https://www.queleas.com/	HTTP Parser: Iframe src: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Source: https://www.queleas.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4838201668166700&output=html&h=280&slotname=1334458667&adk=3641038832&adf=943920009&pi=t.ma~as.1334458667&w=1074&abgtt=9&fwrn=4&fwrnh=100&lmt=1729811047&rafmt=1&format=1074x280&url=https%3A%2F%2Fwww.queleas.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811042978&bpp=58&bdt=5513&idt=4169&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8300578125854&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=95&ady=834&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=4306
Source: https://www.queleas.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4838201668166700&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1729811047&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.queleas.com%2F&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aiopts=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811043036&bpp=10&bdt=5571&idt=4260&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=1074x280&nras=1&correlator=8300578125854&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=4275

Source: https://www.queleas.com/	HTTP Parser: No favicon
Source: https://www.queleas.com/	HTTP Parser: No favicon
Source: https://www.queleas.com/	HTTP Parser: No favicon
Source: https://www.queleas.com/	HTTP Parser: No favicon
Source: https://www.queleas.com/	HTTP Parser: No favicon
Source: https://www.queleas.com/	HTTP Parser: No favicon
Source: https://www.queleas.com/	HTTP Parser: No favicon

Source: https://www.queleas.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.queleas.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.queleas.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.queleas.com/	HTTP Parser: No <meta name="author".. found

Source: https://www.queleas.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.queleas.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.queleas.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.queleas.com/	HTTP Parser: No <meta name="copyright".. found

Compliance

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.8:49830 version: TLS 1.2

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8T5NVdSvpx9lzXd&MD=SA+xU976 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pagead/html/r20241023/r20190131/zrt_lookup_fy2021.html HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.queleas.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-4838201668166700&output=html&h=280&slotname=1334458667&adk=3641038832&adf=943920009&pi=t.ma~as.1334458667&w=1074&abgtt=9&fwrn=4&fwrnh=100&lmt=1729811047&rafmt=1&format=1074x280&url=https%3A%2F%2Fwww.queleas.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811042978&bpp=58&bdt=5513&idt=4169&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8300578125854&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=95&ady=834&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=4306 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.queleas.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-4838201668166700&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1729811047&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.queleas.com%2F&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aiopts=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811043036&bpp=10&bdt=5571&idt=4260&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=1074x280&nras=1&correlator=8300578125854&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=4275 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.queleas.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CqVJqaNIaZ7nEKY6YjuwP6bS4mQvUyenHesDumbe0E_TCtauuARABIJKKjipgyQagAbzE-JsByAEJqAMByAPLBKoE3QFP0B3-SqaRTdrdBLznVjGlHz_36Gw8aIalPkqk-1_s_14raijXMxGAe__Zq15Di95QmiJCr7eLKdI2QgUbAU2j6FX1irGg37NowBJXUbQw4cEyhDrdDP760kXKWEmPVvEWBppT2qRp5nWmGsXOeB8cvW_uVYLqONOAYFu6g8L3eRydptPJLHEfsI77xQOluyNHcly6_7Agx79gEfcnIQPdJUPMbP3y5u7R3JamAtrB2Dmxv2gNxeAtiC2SQOgjDn14EoCE_SZJatPJzJNLifJnwuZh9xXPKQP0zHhfysAE453j2ecDiAW94-urN5IFBAgEGAGSBQQIBRgEoAYugAesu4fkAqgH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwDyBwQQ2eIE0ggoCIDhgGAQARgfMgLLAjoLgECAwICAgKCogAJIvf3BOljl_NaokKiJA5oJigJodHRwczovL3d3dy5mbGludGhpbGwub3JnLz91dG1fdGVybT0mdXRtX2NhbXBhaWduPUZlZWRlcnMrJTI2K0NvbXBldGl0aW9uJnV0bV9zb3VyY2U9YWR3b3JkcyZ1dG1fbWVkaXVtPXBwYyZoc2FfYWNjPTkwMTU0MjAwODImaHNhX2NhbT0xNDg1NTg5MzQzNyZoc2FfZ3JwPTEzMDkxNjMzOTQyNyZoc2FfYWQ9NzE3NTExMTMwMzQ5JmhzYV9zcmM9ZCZoc2FfdGd0PWt3ZC0wJmhzYV9rdz0maHNhX210PSZoc2FfbmV0PWFkd29yZHMmaHNhX3Zlcj0zJmdhZF9zb3VyY2U9NYAKAcgLAdoMEQoLEJCYuOmRmI7NwgESAgEDuBPkA9gTDdAVAYAXAbIXHgoaCAASFHB1Yi00ODM4MjAxNjY4MTY2NzAwGAAYAboXAjgBshgJEgKLVBguIgEA0BgB&sigh=_H8fkHrO0Ks&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDpaXnfuMXf17fLnBTeVT9itLV-jr5F2b7pYXhFrQSjL5rWM2cjJVkRqRgbs6h0FcNgA8gAI2Qh9wWlIq7l5POyHs5lsuqWvVGVa6WqD3AYAQ&template_id=484&vis=1&ebtr=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source, trigger=navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4838201668166700&output=html&h=280&slotname=1334458667&adk=3641038832&adf=943920009&pi=t.ma~as.1334458667&w=1074&abgtt=9&fwrn=4&fwrnh=100&lmt=1729811047&rafmt=1&format=1074x280&url=https%3A%2F%2Fwww.queleas.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811042978&bpp=58&bdt=5513&idt=4169&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8300578125854&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=95&ady=834&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLD
Source: global traffic	HTTP traffic detected: GET /btr/view?ai=CqVJqaNIaZ7nEKY6YjuwP6bS4mQvUyenHesDumbe0E_TCtauuARABIJKKjipgyQagAbzE-JsByAEJqAMByAPLBKoE3QFP0B3-SqaRTdrdBLznVjGlHz_36Gw8aIalPkqk-1_s_14raijXMxGAe__Zq15Di95QmiJCr7eLKdI2QgUbAU2j6FX1irGg37NowBJXUbQw4cEyhDrdDP760kXKWEmPVvEWBppT2qRp5nWmGsXOeB8cvW_uVYLqONOAYFu6g8L3eRydptPJLHEfsI77xQOluyNHcly6_7Agx79gEfcnIQPdJUPMbP3y5u7R3JamAtrB2Dmxv2gNxeAtiC2SQOgjDn14EoCE_SZJatPJzJNLifJnwuZh9xXPKQP0zHhfysAE453j2ecDiAW94-urN5IFBAgEGAGSBQQIBRgEoAYugAesu4fkAqgH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwDyBwQQ2eIE0ggoCIDhgGAQARgfMgLLAjoLgECAwICAgKCogAJIvf3BOljl_NaokKiJA5oJigJodHRwczovL3d3dy5mbGludGhpbGwub3JnLz91dG1fdGVybT0mdXRtX2NhbXBhaWduPUZlZWRlcnMrJTI2K0NvbXBldGl0aW9uJnV0bV9zb3VyY2U9YWR3b3JkcyZ1dG1fbWVkaXVtPXBwYyZoc2FfYWNjPTkwMTU0MjAwODImaHNhX2NhbT0xNDg1NTg5MzQzNyZoc2FfZ3JwPTEzMDkxNjMzOTQyNyZoc2FfYWQ9NzE3NTExMTMwMzQ5JmhzYV9zcmM9ZCZoc2FfdGd0PWt3ZC0wJmhzYV9rdz0maHNhX210PSZoc2FfbmV0PWFkd29yZHMmaHNhX3Zlcj0zJmdhZF9zb3VyY2U9NYAKAcgLAdoMEQoLEJCYuOmRmI7NwgESAgEDuBPkA9gTDdAVAYAXAbIXHgoaCAASFHB1Yi00ODM4MjAxNjY4MTY2NzAwGAAYAboXAjgBshgJEgKLVBguIgEA0BgB&sigh=_H8fkHrO0Ks&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDpaXnfuMXf17fLnBTeVT9itLV-jr5F2b7pYXhFrQSjL5rWM2cjJVkRqRgbs6h0FcNgA8gAI2Qh9wWlIq7l5POyHs5lsuqWvVGVa6WqD3AYAQ&template_id=484&vis=1&ibtr=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source;navigation-source, triggerReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4838201668166700&output=html&h=280&slotname=1334458667&adk=3641038832&adf=943920009&pi=t.ma~as.1334458667&w=1074&abgtt=9&fwrn=4&fwrnh=100&lmt=1729811047&rafmt=1&format=1074x280&url=https%3A%2F%2Fwww.queleas.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1729811042978&bpp=58&bdt=5513&idt=4169&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=8300578125854&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=95&ady=834&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42531706%2C95330278%2C95332586%2C95344190%2C95345271%2C31088398%2C95344979&oid=2&pvsid=1508802080077114&tmod=326354993&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt
Source: global traffic	HTTP traffic detected: GET /btr/view?ai=CqVJqaNIaZ7nEKY6YjuwP6bS4mQvUyenHesDumbe0E_TCtauuARABIJKKjipgyQagAbzE-JsByAEJqAMByAPLBKoE3QFP0B3-SqaRTdrdBLznVjGlHz_36Gw8aIalPkqk-1_s_14raijXMxGAe__Zq15Di95QmiJCr7eLKdI2QgUbAU2j6FX1irGg37NowBJXUbQw4cEyhDrdDP760kXKWEmPVvEWBppT2qRp5nWmGsXOeB8cvW_uVYLqONOAYFu6g8L3eRydptPJLHEfsI77xQOluyNHcly6_7Agx79gEfcnIQPdJUPMbP3y5u7R3JamAtrB2Dmxv2gNxeAtiC2SQOgjDn14EoCE_SZJatPJzJNLifJnwuZh9xXPKQP0zHhfysAE453j2ecDiAW94-urN5IFBAgEGAGSBQQIBRgEoAYugAesu4fkAqgH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwDyBwQQ2eIE0ggoCIDhgGAQARgfMgLLAjoLgECAwICAgKCogAJIvf3BOljl_NaokKiJA5oJigJodHRwczovL3d3dy5mbGludGhpbGwub3JnLz91dG1fdGVybT0mdXRtX2NhbXBhaWduPUZlZWRlcnMrJTI2K0NvbXBldGl0aW9uJnV0bV9zb3VyY2U9YWR3b3JkcyZ1dG1fbWVkaXVtPXBwYyZoc2FfYWNjPTkwMTU0MjAwODImaHNhX2NhbT0xNDg1NTg5MzQzNyZoc2FfZ3JwPTEzMDkxNjMzOTQyNyZoc2FfYWQ9NzE3NTExMTMwMzQ5JmhzYV9zcmM9ZCZoc2FfdGd0PWt3ZC0wJmhzYV9rdz0maHNhX210PSZoc2FfbmV0PWFkd29yZHMmaHNhX3Zlcj0zJmdhZF9zb3VyY2U9NYAKAcgLAdoMEQoLEJCYuOmRmI7NwgESAgEDuBPkA9gTDdAVAYAXAbIXHgoaCAASFHB1Yi00ODM4MjAxNjY4MTY2NzAwGAAYAboXAjgBshgJEgKLVBguIgEA0BgB&sigh=_H8fkHrO0Ks&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwDpaXnfuMXf17fLnBTeVT9itLV-jr5F2b7pYXhFrQSjL5rWM2cjJVkRqRgbs6h0FcNgA8gAI2Qh9wWlIq7l5POyHs5lsuqWvVGVa6WqD3AYAQ&template_id=484&vis=1&ibtr=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlaQwApMSXxyNMUPi7Fhdfm-qFZR7wqkk-070wyLXCeDWgODOLlrjA5wtZlnf4
Source: global traffic	HTTP traffic detected: GET /getconfig/sodar?sv=200&tid=gda&tv=r20241023&st=env HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.queleas.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.queleas.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getconfig/sodar?sv=200&tid=gda&tv=r20241023&st=env HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2/232/runner.html HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://www.queleas.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/aframe HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://www.queleas.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2.js HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20241023&jk=1508802080077114&bg=!v7ylvPPNAAbl67hexes7ADQBe5WfOO6xBJygRfcp5EogwSSr4CGxcn6BdaTnza087609J7eMuJOFNaBkADESgag5eOJvAgAAALBSAAAABGgBB34ANgRXjvh94iQ9F2CzS8Y1rOV1ldf-wyu0SjnqE3LAk3-EyIU3ZhF62o0jTHetPA9eE16CtBqdAZkCkNpVFXf_klIbvKLtFgTIepLbLDTpF7PEeRA_ayl8jBMdwB1N0VqGkkWKRu0LOhxTaEqybftXo8n8viqArcMLleZpz6r0mF1SP1briJNVE64dzmp6Bteauxl_iAAUdDrx7FaNmw32fH7XqSFHKiedN0-9Hug_iJvMUAc7aqLOiz2bw_zhL0_nSQc-_uQrDrkwvT1p16uUFu0qUfmOqeFSj2b4vqjgAZN0WoRTSaXp4SvOkFhleGiXlf-hdovubBnvcc3hmCE4CG7E-c42EX0_tti7LMgJ4YzDeokcLSermNIbRRGHsydKn_eCbwc5tmIn0dlP0Pu4UKOyoPy8X7wXtgakhqbNGcbYg9RMU5i_OvvYtlFxy7Zj5SQPlb7oUDKZlhEwE2nC9tVoBhf5ufrlr6WAVcDD8ILatdceu8HbhZNiq5Cg1AwnY3oNd5ncoGItzsvxBkvuSbX0cKkz9jNVe-uZt3Tih9f-7JyAE2UFxJlJOUp-NL0KSak1MK2PZNnm2OQ1GB2VYDUR6zeeOkG1GKP4DLxp1CjE0dV94m4tFvhYWYjfKr8LRvBPQsAFik_iwQJ6p93Ry7eINr6-1bq4iulNli9KbeeU1uXfDkVfelMK5lZ1Qe9awA-4XN-Aty9ctkS7fqSXjQf5nQ34_sY0_Lgjk3Xio0KYrKcYKe_UKW_5_x3n-n1k5lwF2cu9cHGD5GFXvDkT_ZlTpSeDNq28TYHMnxW6z32aIkbMwPhH0kD81eLp0FEUZ62uCCohtYw5wdhVMgUF3APATmeHa2Sj4fQztS9B5bWkBrv4JwsI2eoqYNLd1dbPTcwpiZQyuCKSye0UOq5Tne5bhHj8kGtAczZL4CBg822SralJeJmG_V51 HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.queleas.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8T5NVdSvpx9lzXd&MD=SA+xU976 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: chromecache_180.2.dr, chromecache_181.2.dr	String found in binary or memory: src: '//www.youtube.com/embed/%id%?autoplay=1' equals www.youtube.com (Youtube)
Source: chromecache_148.2.dr	String found in binary or memory: Facebook Page <a href="https://www.facebook.com/queleasgames/" target="_blank">Facebook</a><br /> equals www.facebook.com (Facebook)
Source: chromecache_148.2.dr	String found in binary or memory: Youtube <a href="https://www.youtube.com/channel/UCFqqEfR1DA2JZneFYrIa2Zg" target="_blank">Youtube</a><br /> equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.queleas.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: ep1.adtrafficquality.google
Source: global traffic	DNS traffic detected: DNS query: ep2.adtrafficquality.google

Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12282#comment:15
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12359
Source: chromecache_173.2.dr	String found in binary or memory: http://creativecommons.org/licenses/by/3.0/
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://dev.w3.org/csswg/cssom/#resolved-values
Source: chromecache_180.2.dr, chromecache_181.2.dr	String found in binary or memory: http://dimsemenov.com/plugins/magnific-popup/
Source: chromecache_180.2.dr, chromecache_181.2.dr	String found in binary or memory: http://dimsemenov.com/plugins/magnific-popup/documentation.html#options
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
Source: chromecache_177.2.dr, chromecache_168.2.dr	String found in binary or memory: http://flipgallery.net/fliplightbox.html
Source: chromecache_177.2.dr, chromecache_168.2.dr	String found in binary or memory: http://flipgallery.net/fliplightbox.html#download
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
Source: chromecache_148.2.dr	String found in binary or memory: http://fonts.googleapis.com/css?family=Open
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: http://google.com
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: http://googleads.g.doubleclick.net
Source: chromecache_188.2.dr, chromecache_130.2.dr, chromecache_208.2.dr, chromecache_186.2.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://javascript.nwbox.com/IEContentLoaded/
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://json.org/json2.js
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://jsperf.com/getall-vs-sizzle/2
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: http://mathiasbynens.be/
Source: chromecache_148.2.dr	String found in binary or memory: http://mixitup.io
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: http://pagead2.googlesyndication.com
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: chromecache_180.2.dr, chromecache_181.2.dr	String found in binary or memory: http://stackoverflow.com/questions/7264899/detect-css-transitions-using-javascript-and-without-moder
Source: chromecache_173.2.dr	String found in binary or memory: http://w3layouts.com
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_145.2.dr, chromecache_199.2.dr	String found in binary or memory: http://www.mixitup.io
Source: chromecache_196.2.dr, chromecache_139.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_212.2.dr, chromecache_155.2.dr	String found in binary or memory: https://adsense.com.
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://cdn.ampproject.org/amp4ads-host-v0.js
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://cdn.ampproject.org/rtv/$
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://cse.google.com/cse.js
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: https://developer.mozilla.org/en/Security/CSP)
Source: chromecache_180.2.dr, chromecache_181.2.dr	String found in binary or memory: https://developers.google.com/mobile/articles/fast_buttons
Source: chromecache_147.2.dr, chromecache_146.2.dr, chromecache_176.2.dr	String found in binary or memory: https://ep1.adtrafficquality.google/bg/
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://ep1.adtrafficquality.google/getconfig/sodar
Source: chromecache_146.2.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=231
Source: chromecache_147.2.dr, chromecache_176.2.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=232
Source: chromecache_146.2.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=231
Source: chromecache_147.2.dr, chromecache_176.2.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232
Source: chromecache_176.2.dr	String found in binary or memory: https://ep2.adtrafficquality.google
Source: chromecache_147.2.dr, chromecache_176.2.dr	String found in binary or memory: https://ep2.adtrafficquality.google/sodar/
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://ep2.adtrafficquality.google/sodar/$
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://ep3.adtrafficquality.google/ivt/worklet/caw.js
Source: chromecache_131.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Google
Source: chromecache_131.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_160.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://fundingchoicesmessages.google.com/i/$
Source: chromecache_180.2.dr, chromecache_181.2.dr	String found in binary or memory: https://github.com/dimsemenov/Magnific-Popup/issues/2
Source: chromecache_180.2.dr, chromecache_181.2.dr	String found in binary or memory: https://github.com/ftlabs/fastclick
Source: chromecache_157.2.dr, chromecache_183.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/764
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/$
Source: chromecache_148.2.dr	String found in binary or memory: https://itunes.apple.com/us/app/preschool-games-for-kids/id996232516?mt=8
Source: chromecache_131.2.dr, chromecache_193.2.dr, chromecache_136.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_147.2.dr, chromecache_146.2.dr, chromecache_176.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/bg/
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/getconfig/sodar
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&bin=
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&name=invalid_geo&context=10
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=extra&rnd=
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&lidartos
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&start&control&fle=1&s
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-fallback2
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-later2
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-pagehide2
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=
Source: chromecache_165.2.dr, chromecache_194.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=fccs&
Source: chromecache_212.2.dr, chromecache_155.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: chromecache_146.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=231
Source: chromecache_147.2.dr, chromecache_176.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=232
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/html/$
Source: chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/$
Source: chromecache_148.2.dr, chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=$
Source: chromecache_212.2.dr, chromecache_135.2.dr, chromecache_155.2.dr, chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.js
Source: chromecache_212.2.dr, chromecache_135.2.dr, chromecache_155.2.dr, chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.js
Source: chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/$
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping
Source: chromecache_131.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping?e=1
Source: chromecache_162.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?
Source: chromecache_146.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=231
Source: chromecache_147.2.dr, chromecache_176.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=232
Source: chromecache_148.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.queleas.oneohonepuzzles
Source: chromecache_148.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.queleas.preschoolgamesforkids&referrer=utm_source%
Source: chromecache_148.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.queleas.puzzlegamesforkids
Source: chromecache_148.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.queleas.wheelspuzzlesforkids
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/pagead/js/car.js
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/pagead/js/cocar.js
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Source: chromecache_176.2.dr	String found in binary or memory: https://tpc.googlesyndication.com
Source: chromecache_147.2.dr, chromecache_176.2.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/$
Source: chromecache_148.2.dr	String found in binary or memory: https://twitter.com/queleasgames
Source: chromecache_176.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_212.2.dr, chromecache_155.2.dr	String found in binary or memory: https://www.google.com/adsense
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://www.google.com/adsense/search/async-ads.js
Source: chromecache_147.2.dr, chromecache_146.2.dr, chromecache_135.2.dr, chromecache_176.2.dr, chromecache_131.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=
Source: chromecache_126.2.dr, chromecache_192.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/managed/js/activeview/
Source: chromecache_131.2.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_135.2.dr, chromecache_131.2.dr	String found in binary or memory: https://www.gstatic.com/prose/protected/$
Source: chromecache_148.2.dr	String found in binary or memory: https://www.instagram.com/queleasgames/
Source: chromecache_148.2.dr	String found in binary or memory: https://www.youtube.com/channel/UCFqqEfR1DA2JZneFYrIa2Zg

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.8:49830 version: TLS 1.2

System Summary

Source: classification engine

Classification label: mal48.win@20/144@26/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1780,i,7870229911543219832,10178106981525847804,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.queleas.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1780,i,7870229911543219832,10178106981525847804,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior