Windows Analysis Report
https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206

Overview

General Information

Sample URL:	https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206
Analysis ID:	1430444

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

HTML body contains password input but no form action

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Signatures

Found iframes

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe

HTML body contains password input but no form action

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0

HTTP Parser: <input type="password" .../> found but no <form action="...

URL contains potential PII (phishing indication)

Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction

HTTP Parser: <input type="password" .../> found

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49765 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49765 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@20/29@16/168

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.105.84	unknown	United States	15169	GOOGLEUS	false
74.125.138.139	unknown	United States	15169	GOOGLEUS	false
64.233.176.94	unknown	United States	15169	GOOGLEUS	false
142.250.105.113	play.google.com	United States	15169	GOOGLEUS	false
173.194.219.99	unknown	United States	15169	GOOGLEUS	false
173.194.219.84	unknown	United States	15169	GOOGLEUS	false
172.253.124.84	unknown	United States	15169	GOOGLEUS	false
173.194.219.95	unknown	United States	15169	GOOGLEUS	false
64.233.185.101	drive.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.185.94	unknown	United States	15169	GOOGLEUS	false
173.194.219.139	unknown	United States	15169	GOOGLEUS	false
142.251.15.94	unknown	United States	15169	GOOGLEUS	false
142.250.9.100	www3.l.google.com	United States	15169	GOOGLEUS	false
64.233.185.84	unknown	United States	15169	GOOGLEUS	false
74.125.136.103	www.google.com	United States	15169	GOOGLEUS	false
74.125.136.102	unknown	United States	15169	GOOGLEUS	false
108.177.122.95	unknown	United States	15169	GOOGLEUS	false
64.233.185.139	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.5

Contacted Domains

Name	IP	Active
www3.l.google.com	142.250.9.100	true
play.google.com	142.250.105.113	true
drive.google.com	64.233.185.101	true
www.google.com	74.125.136.103	true
accounts.youtube.com	unknown	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 13:54:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	ACC8568C9A2DC7ABF0FE75637EDB3D09	F8F00CD802D82876273B54395663F6296FAC33F6	2C8BDA7B9839FC05CC2B93822273F6EEF8A2006A2A7B3AF6EFA7F9DEED7FCDA4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 13:54:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D955E6708C7BD491C3F6AB41F87878EB	E62C0FD476C8E3A3AB74BBD5D29A4E6F5D268046	7685B5665B37F78322D177CE0B0C52FCAB5426F0C807B0E99803FEE86A6A0C72
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F520B10CD1FEA4D836C3BAAFB8FD90CD	4FA33F3AB0E67C38F291464BA0DA9CAA1DB7BDD7	7F8C21E7AE0A36A01D15BC5472A70E490D96E3218BE9102AB6A382C5AA09C378
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 13:54:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	010C52C66E41BD8DF61AD427E99FCAD4	05A2227169DB46CCF51AD2A06C999C30B4C5C58B	71BC196170A7545E4B67165BC753906918D7A9E213A4811A573FF7E1934A78D1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 13:54:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	53696A18CEF172E59734318A210A36F1	4CEC46FC7C6F0F915DA92FA57BF41C00224CB6AF	2690BBBD9E2AEA364464E59F4454E74F6240F6A232CA9E2704F083AAF7CA6D3D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 13:54:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BFE0AE125B25E9775E06298C357879B9	7DE79D5BB75980AEDA996E304F79C202E617E1DD	36704D1F9F8860C86F19E5AD2F03FDCA26EFBEB13C3627AC8E89DC5DEB749BD6
Chrome Cache Entry: 75	HTML document, ASCII text, with very long lines (682)	C18D7346DE40A0E15C7AD41BDC248E21	1AA3B333CABC332A486E1390FE223ECA98CE9BBE	555F0968B40AA581D32E1802451B0B941875D0A7571CFCDDD3703BF83FE0DF24
Chrome Cache Entry: 77	ASCII text, with very long lines (548)	21298FE158E675686471AF96D42195A5	FDFF57B0B36A53EAC9336616E1F4C84EB453232B	0396C74EE51AC3E0AAE32910435B274AE6C138ACE1E8BFCB3573B27902DA574D
Chrome Cache Entry: 78	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Chrome Cache Entry: 79	ASCII text, with very long lines (574)	F6053E7D421B4DBDA6B13AFE6A4E8331	A4040265AD3E09BEEB0B6C8EC35156831A56F9AA	666B45739C898F59D524D3C78B5FBF452E731DFE64CE2BBB5E7C1D45181EDE93
Chrome Cache Entry: 80	ASCII text, with very long lines (693)	18637A7357C35DBB1A9E667CFCF52ED0	0FD3CA9D31EA8BDBD658236A8D70421F7B22F30D	25815BE99894ED26F3B92AE4A2C542F5AE523C44C7F83CCC90E63FCE939AC50A
Chrome Cache Entry: 81	ASCII text, with very long lines (17337)	7F1E36137F600476FBA67D7F2A8A90D9	E2B04B3BA035C20A91663CD087A8756416BB76E7	1F872E67A4CC129594B7546F79255C7FF70D72E8B3F56582E7895A491D4F631E
Chrome Cache Entry: 82	SVG Scalable Vector Graphics image	AA920B32443219E3EDFA32DEF5EBD457	8A4B47D0A2CA261803AA5C1A9DDE7BA3FE15B298	E5773339E56DD15D8DAAB94CE6ED5D444D1EF0B61355E20854234605BB2E755B
Chrome Cache Entry: 83	ASCII text, with very long lines (504)	306BAA59FBF8C921E798B0D5496B3915	CB3B568B8C1F7A8187BC4146D91B3471E2152DCA	C816386F29E09DEDABBA8AC4F9A1BC06799796BE47AB9E88B1F34A3CA6CF333D
Chrome Cache Entry: 84	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0	F61F0D4D0F968D5BBA39A84C76277E1A	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
Chrome Cache Entry: 86	ASCII text, with very long lines (1631)	4E0944AA5E27FEA7B7B95D6414E3ED7C	DBB6533C5B16E82CF4B5659F16FEEC57EC223352	166B738AF44110DF77673740FD48CA6C95099F7249BED2D05A3ADC17D305BE75
Chrome Cache Entry: 87	ASCII text, with very long lines (467)	2DB6AB32BE79D1F4C092D251080FD3FF	393B0124159B4B7269CABA1991D8BB0F24EBF073	523799F3A4E2A3F4A453A43AC03CD6B01EFAC005DAB66CE87277B9CCEC7BB67F
Chrome Cache Entry: 88	ASCII text, with very long lines (775)	60908F81C5350005E490CB2A7ABB3F37	B82FC316F3035AFF1AFE2035CEB9A2CB04726876	613712129110A4869B9C63F7058D972C46A410199B8D31C821C5A79A5FC2C2E9
Chrome Cache Entry: 89	ASCII text, with very long lines (834)	C342BFA66173FE4BCC024C34B5B7BCB7	32BB20CACA08FBE056A15218A778B5DCA219134C	93127A8CDDC51F0FFA89579EBA1578F54CA2CF65701550E9F6A611362C79A1A9
Chrome Cache Entry: 90	ASCII text, with very long lines (1299)	F313DC5B5708A43B9EEEF5C24F67A10F	8DB79236A8CAECDE461C55994FE11235D7194F47	5E161ACD7EAF302818E14124B8AFD174B165238FFCB2F249B0ABF22CCBC2A6E6
Chrome Cache Entry: 91	ASCII text, with no line terminators	B3B89B9C275343BC6798E3A83564FDDB	32367475C527C3F5E5DB0BF42C348816FF4D157B	900FB968F7FD9EA55F600AC9002A89E56AB56597DA7BDE04DEAAE6CC77AEB276
Chrome Cache Entry: 92	ASCII text, with no line terminators	D4594C9D88547336B9539AE580A01EFA	C4CC6417ADE3D8C25ECA24A1A36428747883A0B7	839C13045183DCFE68DB41367AF8ACA99DCF34E9FA905091D1F07B11CB54105F
Chrome Cache Entry: 93	ASCII text, with very long lines (44613)	3EE1252B7A8F5DB2ED57D72439AEF93C	5104C7F9A0C5C15B205EAAF7768D71F332416981	ED2A37782B3C88CFC285EC75CAAED59C0869326CE0D8EE97F52D509FA642E19F
Chrome Cache Entry: 94	ASCII text, with very long lines (3684)	2EE21429B14C2A5980AB34B11A2499F3	79905473836BC0D992F26C1D580AEFA815478669	575A356B38E4403DD74ED89FE6DABE1187B0382C918753F1576B5E9EF0CA0AF6
Chrome Cache Entry: 95	ASCII text, with no line terminators	3BADCB7F83D4390A700586CDDD2D1A5A	D757C1F529A7FF1EFDDCCDDE80834B89E51611BA	A06B766756268E58553125F09A159A753897C8B1E7E400B172B1B2584580F5B4
Chrome Cache Entry: 96	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	FBE36EB2EECF1B90451A3A72701E49D2	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
Chrome Cache Entry: 97	ASCII text, with very long lines (4199)	CF3995B2563E0EBF8D485583199AA881	AD8F16F214600B1C8D4B18E6BC227CBBE7921804	D2D12D9D00DB79F5F874A8A5BF942591D4DB684901EDA33A7CDCA25E6F84377C
Chrome Cache Entry: 98	ASCII text, with very long lines (2362)	26FE0476CB5A5FD3005DB1F68A5226AF	1C354E97FA304B01211FDDCEAA4D2C618F1025F9	3759CF4FDEB1925D8E334B75014F9305721CA39798B1467805A6BA2047EDFCB1
Chrome Cache Entry: 99	ASCII text, with very long lines (405)	FFE1B082415A066E522D9B7F02EC70E6	041340B4440097D12D3EF465501E51DDC000BAD1	E7D5B7A3B13D2D5F4599251A11E72AA814CE843921DCDF38C4C0CF2EEB191A67

Found iframes

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1892161813&timestamp=1713884088924
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: Iframe src: /_/bscframe

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

URL contains potential PII (phishing indication)

Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction
Source: https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206	Sample URL: PII: xingbei348@gmail.com&sharingaction

HTTP Parser: <input type="password" .../> found

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No favicon

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="author".. found

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&followup=https%3A%2F%2Fdrive.google.com%2Fdrive%2Ffolders%2F1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w%3Fusp%3Dsharing_esl_m%26userstoinvite%3Dxingbei348%40gmail.com%26sharingaction%3Dmanageaccess%26role%3Dwriter%26ts%3D66273206&ifkv=AaSxoQzIEP8w_MwhEYBmaD-GXDnHmZcWz5lcryZyZb3fzdgt2i9SoIXgOGsDt1zm_3j-Ys1CEJyc&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096979299%3A1713884086182991&theme=mn&ddm=0	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49765 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49765 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@20/29@16/168

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1904,i,10988786531393997167,13317700438207783011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1430444
Product:	CloudBasic
Start time:	16:54:14
Start date:	23.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
https://drive.google.com/drive/folders/1yGM0dxuMhcl4cmtlVqFTdkV5uPoQZa-w?usp=sharing_esl_m&userstoinvite=xingbei348@gmail.com&sharingaction=manageaccess&role=writer&ts=66273206