Analysis Report https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_web

Overview

General Information

Sample URL:	https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_web
Analysis ID:	338140
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Allocates a big amount of memory (probably used for heap spraying)

Found iframes

Unusual large HTML page

Classification

Signatures

Phishing:

Found iframes

Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=646475192&timestamp=1610383995661
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=646475192&timestamp=1610383995661
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe

Unusual large HTML page

Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Total size: 1593805
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Total size: 1593805

Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found

Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.4:49754 version: TLS 1.2

Software Vulnerabilities:

Allocates a big amount of memory (probably used for heap spraying)

Source: iexplore.exe

Memory has grown: Private usage: 0MB later: 73MB

Source: m=v[1].js.2.dr

String found in binary or memory: var ix=function(a){N(this,a,0,-1,null,null)};L(ix,M);var yLa=function(a){return x(a,1,"https://www.youtube.com")}; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: drive-thirdparty.googleusercontent.com

Source: v-sprite33[1].svg.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: m=v[1].js.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: m=v[1].js.2.dr, m=_b,_tp[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: v-sprite33[1].svg.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: v-sprite33[1].svg.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch/ns
Source: m=v[1].js.2.dr	String found in binary or memory: http://www.broofa.com
Source: metadata[1].json.2.dr	String found in binary or memory: https://13.docs.google.com/comments/d/AAHRpnXtotJBI0o_lAZgw85osFWndMiTjGeaX1XcfEr22_VKLpdgHGJCTdaann
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://accounts.googl
Source: m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js.2.dr	String found in binary or memory: https://accounts.google.com/Logout
Source: view[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?service
Source: ~DFAFE79E2A81027319.TMP.1.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://drive.google.
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=GB&hl=en-GB
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=GB&hl=en-GB&privacy=true
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fdrive.google.com&jsh=m%3B
Source: ~DFAFE79E2A81027319.TMP.1.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://accounts.googlom/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/viewsp=drive_webe.com/ServiceLogin
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo
Source: googleapis.proxy[1].js.2.dr, view[1].htm.2.dr, cb=gapi[2].js.2.dr, callout[1].htm.2.dr, rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://apis.google.com
Source: m=v[1].js.2.dr, m=_b,_tp[1].js.2.dr, callout[1].htm.2.dr, 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/base.js
Source: m=v[1].js.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: proxy[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: postmessageRelay[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Source: view[1].htm.2.dr	String found in binary or memory: https://blobcomments-pa.clients6.google.com
Source: m=v[1].js.2.dr	String found in binary or memory: https://clients5.google.com
Source: m=v[1].js.2.dr	String found in binary or memory: https://clients5.google.com/webstore/wall/widget
Source: cb=gapi[2].js.2.dr, 2295042476-docos_binary_i18n__en_gb[1].js.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://clients6.google.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://console.developers.google.com/
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: cb=gapi[2].js.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://content.googleapis.com
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%
Source: m=v[1].js.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: view[1].htm.2.dr	String found in binary or memory: https://docs.google.com
Source: m=v[1].js.2.dr	String found in binary or memory: https://docs.google.com/picker
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: m=v[1].js.2.dr	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/
Source: view[1].htm.2.dr, callout[1].htm.2.dr	String found in binary or memory: https://drive.google.com
Source: callout[1].htm.2.dr	String found in binary or memory: https://drive.google.com"
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/
Source: m=v[1].js.2.dr	String found in binary or memory: https://drive.google.com/drive/my-drive
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBT2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTRoot
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr, view[1].htm.2.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view
Source: view[1].htm.2.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp%3Ddrive_web
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp%3Ddrive_web&followup=http
Source: ~DFAFE79E2A81027319.TMP.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_web
Source: view[1].htm.2.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_web&usp=embed_g
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_webRoot
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_webom/file/d/1RxVVB
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/viewnSSI_License_Granite_DBB04D675
Source: ~DFAFE79E2A81027319.TMP.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/viewsp=drive_web
Source: view[1].htm.2.dr	String found in binary or memory: https://drive.google.com/uc?id
Source: m=v[1].js.2.dr	String found in binary or memory: https://drive.google.com/viewer
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwA.woff)
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://g.co/recover
Source: view[1].htm.2.dr	String found in binary or memory: https://gsuite.google.com
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://lh3.googleusercontent.com/a/default-user
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr, callout[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/
Source: view[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/app/so
Source: callout[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/callout
Source: view[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19016401
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19016401&pgid=19010599&puid=46b57e6661f85f&cce=1&origin=h
Source: m=v[1].js.2.dr, 2295042476-docos_binary_i18n__en_gb[1].js.2.dr, CTRY69B1.js.2.dr, ServiceLogin[1].htm.2.dr, rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://plus.google.com
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: callout[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidprofileupgrade_all_set.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_accounts.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_familylink.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_privacy.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_two_bikes.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: postmessageRelay[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/o/2801455510-postmessagerelay.js
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/account.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/family.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/personal.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/privacy.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/safe.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify-email.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.8oRFEnI-z7E.O/am=LwAAdmADGvAAQ
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: view[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png?
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/inproduct_help/guidedhelp/guide_inproduct.js
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/activityindicator/loading.svg
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/a/answer/7338880
Source: m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js.2.dr	String found in binary or memory: https://support.google.com/accounts/answer/7162782
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?hl=en-GB
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?p=existing-account
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?p=signin_privatebrowsing
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/6130773
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/chromebook/?p=familylink_accounts?hl=
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://support.google.com/docs/?p=action_items&hl=en-GB
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/docs/answer/37603
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://support.google.com/docs/answer/65129
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://support.google.com/docs?p=comments_guide
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2407404?hl=en
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2423485?hl=%s
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/7650301
Source: view[1].htm.2.dr	String found in binary or memory: https://support.google.com/drive?p
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/families/answer/7101025
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: m=v[1].js.2.dr, m=_b,_tp[1].js.2.dr, ServiceLogin[1].htm.2.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: m=v[1].js.2.dr	String found in binary or memory: https://workspace.google.com
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: view[1].htm.2.dr	String found in binary or memory: https://www.google.co.uk/intl/en-GB/about/products
Source: view[1].htm.2.dr, ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.google.com
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.google.com/chrome/browser/%3Fhl%3Den-gb%26brand%3DDLBX%26utm_source%3Den-gb-material-cal
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico~
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.google.com/images/hpp/Chrome_Owned_96x96.png
Source: CTRY69B1.js.2.dr, ServiceLogin[1].htm.2.dr, rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: m=v[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.google.com/settings/hatsv2
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.google.com/url?q
Source: view[1].htm.2.dr, callout[1].htm.2.dr	String found in binary or memory: https://www.google.com/url?q=https://www.google.com/chrome/browser/%3Fhl%3Den-gb%26brand%3DDLBX%26ut
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com
Source: view[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.en_GB.PwnGz1jGsEk.O/d=1/ct=zgms/rs=AO
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en_GB.vJ21ruAtV
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: view[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.MMm3j_DNZ_w.O/rt=j/m=qabr
Source: view[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.MMm3j_DNZ_w.O/rt=j/m=qdsh/d=1/ed=1/rs=AA2YrTvOGTt_rCD
Source: view[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.BHlBCWxz5xk.L.X.O/m=qcwid/excm=qaaw
Source: m=v[1].js.2.dr, 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/support/help/staging/main_frame/help_panel_staging_binary.js
Source: m=v[1].js.2.dr	String found in binary or memory: https://www.youtube.com
Source: view[1].htm.2.dr	String found in binary or memory: https://youtube.googleapis.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: unknown	HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@3/54@2/1

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{705C3406-542D-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFD9E42A43549C9786.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6968 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6968 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.23.1	unknown	United States		15169	GOOGLEUS	false

Contacted Domains

Name	IP	Active
googlehosted.l.googleusercontent.com	172.217.23.1	true
accounts.youtube.com	unknown	unknown
drive-thirdparty.googleusercontent.com	unknown	unknown

Phishing:

Found iframes

Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=646475192&timestamp=1610383995661
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=646475192&timestamp=1610383995661
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe

Unusual large HTML page

Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Total size: 1593805
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Total size: 1593805

Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found

Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3Ddrive_web&ec=GAZAGQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.4:49754 version: TLS 1.2

Software Vulnerabilities:

Allocates a big amount of memory (probably used for heap spraying)

Source: iexplore.exe

Memory has grown: Private usage: 0MB later: 73MB

Source: m=v[1].js.2.dr

String found in binary or memory: var ix=function(a){N(this,a,0,-1,null,null)};L(ix,M);var yLa=function(a){return x(a,1,"https://www.youtube.com")}; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: drive-thirdparty.googleusercontent.com

Source: v-sprite33[1].svg.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: m=v[1].js.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: m=v[1].js.2.dr, m=_b,_tp[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: v-sprite33[1].svg.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: v-sprite33[1].svg.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch/ns
Source: m=v[1].js.2.dr	String found in binary or memory: http://www.broofa.com
Source: metadata[1].json.2.dr	String found in binary or memory: https://13.docs.google.com/comments/d/AAHRpnXtotJBI0o_lAZgw85osFWndMiTjGeaX1XcfEr22_VKLpdgHGJCTdaann
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://accounts.googl
Source: m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js.2.dr	String found in binary or memory: https://accounts.google.com/Logout
Source: view[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?service
Source: ~DFAFE79E2A81027319.TMP.1.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://drive.google.
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=GB&hl=en-GB
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=GB&hl=en-GB&privacy=true
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fdrive.google.com&jsh=m%3B
Source: ~DFAFE79E2A81027319.TMP.1.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=wise&passive=1209600&continue=https%3A%2F%2
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://accounts.googlom/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/viewsp=drive_webe.com/ServiceLogin
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo
Source: googleapis.proxy[1].js.2.dr, view[1].htm.2.dr, cb=gapi[2].js.2.dr, callout[1].htm.2.dr, rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://apis.google.com
Source: m=v[1].js.2.dr, m=_b,_tp[1].js.2.dr, callout[1].htm.2.dr, 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/base.js
Source: m=v[1].js.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: proxy[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: postmessageRelay[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Source: view[1].htm.2.dr	String found in binary or memory: https://blobcomments-pa.clients6.google.com
Source: m=v[1].js.2.dr	String found in binary or memory: https://clients5.google.com
Source: m=v[1].js.2.dr	String found in binary or memory: https://clients5.google.com/webstore/wall/widget
Source: cb=gapi[2].js.2.dr, 2295042476-docos_binary_i18n__en_gb[1].js.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://clients6.google.com
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://console.developers.google.com/
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: cb=gapi[2].js.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://content.googleapis.com
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%
Source: m=v[1].js.2.dr, cb=gapi[1].js.2.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: view[1].htm.2.dr	String found in binary or memory: https://docs.google.com
Source: m=v[1].js.2.dr	String found in binary or memory: https://docs.google.com/picker
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: m=v[1].js.2.dr	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/
Source: view[1].htm.2.dr, callout[1].htm.2.dr	String found in binary or memory: https://drive.google.com
Source: callout[1].htm.2.dr	String found in binary or memory: https://drive.google.com"
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/
Source: m=v[1].js.2.dr	String found in binary or memory: https://drive.google.com/drive/my-drive
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBT2Ffile%2Fd%2F1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT%2Fview%3Fusp%3
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTRoot
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr, view[1].htm.2.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view
Source: view[1].htm.2.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp%3Ddrive_web
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp%3Ddrive_web&followup=http
Source: ~DFAFE79E2A81027319.TMP.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_web
Source: view[1].htm.2.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_web&usp=embed_g
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_webRoot
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_webom/file/d/1RxVVB
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/viewnSSI_License_Granite_DBB04D675
Source: ~DFAFE79E2A81027319.TMP.1.dr	String found in binary or memory: https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/viewsp=drive_web
Source: view[1].htm.2.dr	String found in binary or memory: https://drive.google.com/uc?id
Source: m=v[1].js.2.dr	String found in binary or memory: https://drive.google.com/viewer
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwA.woff)
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://g.co/recover
Source: view[1].htm.2.dr	String found in binary or memory: https://gsuite.google.com
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://lh3.googleusercontent.com/a/default-user
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr, callout[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/
Source: view[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/app/so
Source: callout[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/callout
Source: view[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19016401
Source: {705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19016401&pgid=19010599&puid=46b57e6661f85f&cce=1&origin=h
Source: m=v[1].js.2.dr, 2295042476-docos_binary_i18n__en_gb[1].js.2.dr, CTRY69B1.js.2.dr, ServiceLogin[1].htm.2.dr, rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://plus.google.com
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: callout[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidprofileupgrade_all_set.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_accounts.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_familylink.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_privacy.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_two_bikes.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: postmessageRelay[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/o/2801455510-postmessagerelay.js
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/account.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/family.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/personal.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/privacy.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/safe.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify-email.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify.svg
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.8oRFEnI-z7E.O/am=LwAAdmADGvAAQ
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: view[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
Source: imagestore.dat.2.dr	String found in binary or memory: https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png?
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/inproduct_help/guidedhelp/guide_inproduct.js
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/activityindicator/loading.svg
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/a/answer/7338880
Source: m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js.2.dr	String found in binary or memory: https://support.google.com/accounts/answer/7162782
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?hl=en-GB
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?p=existing-account
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?p=signin_privatebrowsing
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/6130773
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/chromebook/?p=familylink_accounts?hl=
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://support.google.com/docs/?p=action_items&hl=en-GB
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/docs/answer/37603
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://support.google.com/docs/answer/65129
Source: 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://support.google.com/docs?p=comments_guide
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2407404?hl=en
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/2423485?hl=%s
Source: m=v[1].js.2.dr	String found in binary or memory: https://support.google.com/drive/answer/7650301
Source: view[1].htm.2.dr	String found in binary or memory: https://support.google.com/drive?p
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/families/answer/7101025
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: m=v[1].js.2.dr, m=_b,_tp[1].js.2.dr, ServiceLogin[1].htm.2.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: m=v[1].js.2.dr	String found in binary or memory: https://workspace.google.com
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: view[1].htm.2.dr	String found in binary or memory: https://www.google.co.uk/intl/en-GB/about/products
Source: view[1].htm.2.dr, ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.google.com
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.google.com/chrome/browser/%3Fhl%3Den-gb%26brand%3DDLBX%26utm_source%3Den-gb-material-cal
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico~
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.google.com/images/hpp/Chrome_Owned_96x96.png
Source: CTRY69B1.js.2.dr, ServiceLogin[1].htm.2.dr, rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: m=v[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.google.com/settings/hatsv2
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.google.com/url?q
Source: view[1].htm.2.dr, callout[1].htm.2.dr	String found in binary or memory: https://www.google.com/url?q=https://www.google.com/chrome/browser/%3Fhl%3Den-gb%26brand%3DDLBX%26ut
Source: cb=gapi[1].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com
Source: view[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.en_GB.PwnGz1jGsEk.O/d=1/ct=zgms/rs=AO
Source: callout[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en_GB.vJ21ruAtV
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: ServiceLogin[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: view[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.MMm3j_DNZ_w.O/rt=j/m=qabr
Source: view[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.MMm3j_DNZ_w.O/rt=j/m=qdsh/d=1/ed=1/rs=AA2YrTvOGTt_rCD
Source: view[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.BHlBCWxz5xk.L.X.O/m=qcwid/excm=qaaw
Source: m=v[1].js.2.dr, 2295042476-docos_binary_i18n__en_gb[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/support/help/staging/main_frame/help_panel_staging_binary.js
Source: m=v[1].js.2.dr	String found in binary or memory: https://www.youtube.com
Source: view[1].htm.2.dr	String found in binary or memory: https://youtube.googleapis.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: unknown	HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@3/54@2/1

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{705C3406-542D-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFD9E42A43549C9786.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6968 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6968 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	338140
Product:	CloudBasic
Start time:	17:52:02
Start date:	11.01.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\accounts.google[1].xml	ASCII text, with no line terminators	FB76C79F7C5E2C93430AFD793DFFEB45	66425EA2712882A32A6B7DE6C6D6A8DFA813D14D	C96D1BFD93EF702966117E9879412CD9BBBFFC34904CF0F88B2128D68F498EA8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{705C3406-542D-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	9542730A3A3A16CA8DBEDC0DF5F293D2	DFD22E79A327EED4BBBE8E8B49BC7628FC8BA011	F02259A6519F2C57B90C231B7876DE575A129576F8CCB018E5B6EEE951306DAD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{705C3408-542D-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	0667DDADFA6170CEEA28DC4BD84D008E	0708C9B39405182B6E04C5F7B6441AFB3CF95E4A	83D5EFC02D3B6EE3A9D368A6EE1082707BF65E72241B1C6461AE4FA364C3EDBA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7742C457-542D-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	FF28B3A19A7FE6E9C45D11601CB60600	ADA178249FE03FE32AB443F394B75D58CEFC8A6A	4AF68E89CA48EF779C51F86FEA4D31BD4637602A88FE7F727E50C77D501274D1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	A0889ADBF73438EC56AFB7CAC3594290	3FCA0CFC164FA0330C02B64B3032562C40D3FBC2	BF96DF9B4CC2DA671EA31170BB57E6AD602B92C7831BC891A053DCF85EA0C1BC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2801455510-postmessagerelay[1].js	ASCII text, with very long lines	F2BD1D2E00DEDBD451AA5003CEDF69CC	1A368F9C023F244F6DE111C8E213F47ACEC891E5	0B38E24497A006357613322357AF9D5D3CD270F8498A1E78D773620F0910C6E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\4UabrENHsxJlGDuGo1OIlLV154tzCwA[1].woff	Web Open Font Format, TrueType, length 26216, version 1.1	D6CC7164BC67A74418DDC5334DB07720	7B92694ACF8EE4F16A745892F5475CC3D6AC9E97	37F9CFD34965C916FDB5F549F2EE8FC56C20A0AAD2C281B799595396105C4316
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\CheckConnection[1].htm	HTML document, ASCII text, with very long lines	6AEE57203937DBA53836657E9F03C51E	1F47B3E7B21A98C3662373670BA3DA3FE77BE9C9	C3BA55D5E7DDD7A957E397D208BE370ACC430A618A3C7B1968179A5D2D76D88E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\callout[1].htm	HTML document, ASCII text, with very long lines	D437FACBB1295E6B31DAFBE1A0FF72D0	4B48FCABD7A58EF963295D502087174BB82B2F70	44309CCCC03696AC32B3D9D9A9C8C26423F19D5A5EFFAE79A57327D37BEB0AA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[1].js	ASCII text, with very long lines	C0E9524A212DBFFE60A027A8775DE68E	DDE359D93BFBA539BFA183D15857CEB0AFAD3A8D	21F3ECA68A88A3C174C1DA1011A2694D4767EE5DFA69D59563C211D64A5C533F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[2].js	ASCII text, with very long lines	04EE38D70EF26E91A9B235B100609960	36BD118C3AED296F11415C7AE3C6499D30D419C5	139F92250A2E3B7BCDEA5610ED309F4D25D79F8787BA3A9BB21DBD83648AD028
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].css	ASCII text	26AF74654DD745D30F539E1169FC30BA	5FD629CBC75C6E99A37727F8AA719506BBBDA11A	69C710F842A04AD1AF6D63A1F73969E13803AC2238B4CC9AE431868E0C4FF44E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\gm_add_grey600_36dp[1].png	PNG image data, 36 x 36, 2-bit colormap, non-interlaced	9E4B3B711000FF89777C47458243FDB7	C38AE0080C66C8451AC535F7E38F358BA288D766	BB09F466C21A6C52CBDD1180C6E0D592E9A141B3FE6230596E3105B5A43B429C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl[1].js	ASCII text, with very long lines	77BA26ACC6C3678D93CDE0BF843F1CD7	1E9EB478BFFD9CD7940E89E47F6AEC0FE6371D85	F572B9318BD28E4C35740CA440901895ADB37D03E862C4EE553DC8407EFF2807
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\octet-stream[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	4FF1D3A32EF4FB230E32609C2D54B592	E940F717FAE3DCD312D72A275B1F5379C31728B0	628519B3986983140E9CCCFCB35FAE7395B57BE4CD8CB4E786A1561FA05F557C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\rs=AO0039tymOY0r_jJiutTtjdfJABMq2LBUw[1].css	ASCII text, with very long lines, with no line terminators	FDFE130238EA53B11290CCED59E9E005	10599E61923F78A458F8F64127A9F3601A153CAE	253574212D9E1271EAE4896DF96FCAD49EC14DC25585884D387FD83B2F72B32F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\view[1].htm	HTML document, ASCII text, with very long lines	241DF8329AADD61B4F012B19ECED7F09	28C6BB7BCA880C1175558FDD6DEDD3EDBDCE380B	3BB9BBDB2481658A7DC5E9799FF7A362624CEE1A23C2C489DCC56379A40237AC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\CTRY69B1.js	ASCII text, with very long lines	0ED081D197F05B334F842B1583F27740	DF8049E03F62F344B99216179C50B30EC412B24B	C9014A141CC32D43F477AB4EB9657459E082EAD4017B700EBC76776A27D2477B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Chrome_Owned_96x96[1].png	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	C101133ECB2D66F0EA98131267D2A10A	8C038B9B39FA23E0AD2226F0016BF51FA0B86E37	E3654539251DF82D59096E81C875D1244FFB7AB92DBF3CE26F63F675121D8918
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20012, version 1.1	DE8B7431B74642E830AF4D4F4B513EC9	F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C	3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\cb=gapi[1].js	ASCII text, with very long lines	4842C82192336E2603209B70D665CE1B	F4257376AF8C14CACAF191A61FD0BD10A2505641	87E9018B97D7F5FFE9B793E73BEFEC37AD23C48EA3F728A0AF2708AE4CF6BB02
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\drive_2020q4_32dp[1].png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	916C9BCCCF19525AD9D3CD1514008746	9CCCE6978D2417927B5150FFAAC22F907FF27B6E	358E814139D3ED8469B36935A071BE6696CCAD7DD9BDBFDB80C052B068AE2A50
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\googleapis.proxy[1].js	ASCII text, with very long lines	EA48FD87996FB0F28A88587F004E6FB0	C9C3978DC99B6C1FFE24FD3647DF844B35F7BAA9	3AD1AEEF90943035E2D354FAE106B8A8CA83F2C23D9DF3A7E92BA0C8EAD48204
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=ZdZQ6b[1].js	ASCII text	1DA628D37E1B2A9DDA33F6C73C144B38	47542B3DDE5FC4D4C41962EEE31981CCCC99AFCF	AD92244748720D7998AA79C99786D9E763F8F662EDEFF61F8D65AF897ED2C4C7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=sym,i5dxUd,RAnnUd,syj,syk,uu7UOe,soHxf[1].js	ASCII text, with very long lines	D51A77322325229021AE01E2CE29BBA3	E4C27F5DB83F934609B1A03AA70894482F93BEF1	CEB964DEF8E3425D83AC4C8ADBD5306A90BE75341D67D48DB8F96D013E0FE2C7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\proxy[1].htm	HTML document, ASCII text	9F42164D397D054564B76F101EBA7DE5	5B071C1F5299862168A142F59C85D4FC40F597BF	C08F127D5C7E5B4B1A9B1F21A913676088E7F2AB494F965A388A32AB811BEA31
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\rs=AA2YrTucMMNgqLmXYRNewc0YuAWHKDjStA[1].css	ASCII text, with no line terminators	463A672A4B41F84482E3006A892107A7	ED47D2FA3202645D107183691617AC5ACD3E30D8	D48E06992A89C3D7936C5C7F5E9416F6AEB9A494F7EE4A2C7926F5953D8CE965
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\rs=AA2YrTvOGTt_rCDwY7qtNXydqo2XoBaJFw[1].js	ASCII text, with very long lines	674C67AB1D83BF8DD03D111CCE34F495	878084FE404A226028DBC1F6886D35F72165BEDD	78DFFB4DF29E86B42D03D48082683F4584921074C2433368B740D6ECF3A81DB8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\2295042476-docos_binary_i18n__en_gb[1].js	HTML document, ASCII text, with very long lines	062FF425C956D7CF9BB647E75C9F7EFF	6DEB8374C9026C895F0209B08152E5562D15F1A3	F4F3CFA519F32E767608CB4C8376C5B8A84B3B965AFECEF5219DDB35C796B721
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff	Web Open Font Format, TrueType, length 26180, version 1.1	4F2E00FBE567FA5C5BE4AB02089AE5F7	5EB9054972461D93427ECAB39FA13AE59A2A19D5	1F75065DFB36706BA3DC0019397FCA1A3A435C9A0437DB038DAAADD3459335D7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff	Web Open Font Format, TrueType, length 21528, version 1.1	9680D5A0C32D2FD084E07BBC4C8B2923	8020B21E3DB55FF7A02100FAEBD92C2305E7156E	2CFE69657C55133DAC6EA017B4452EFFF2131422ABD9E90500A072DF7CA5A9C8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 19916, version 1.1	A1471D1D6431C893582A5F6A250DB3F9	FF5673D89E6C2893D24C87BC9786C632290E150E	3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 19888, version 1.1	CF6613D1ADF490972C557A8E318E0868	B2198C3FC1C72646D372F63E135E70BA2C9FED8E	468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 19824, version 1.1	BAFB105BAEB22D965C70FE52BA6B49D9	934014CC9BBE5883542BE756B3146C05844B254F	1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bscframe[1].htm	HTML document, ASCII text, with no line terminators	FE364450E1391215F596D043488F989F	D1848AA7B5CFD853609DB178070771AD67D351E9	C77E5168DFFDA66B8DC13F1425B4D3630A6656A3E5ACF707F4393277BA3C8B5E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cb=gapi[1].js	ASCII text, with very long lines	99C6F3C3E2A14AAFEE2CEAAFE3912EC6	4E32CD0F03D6A2B48C5065F5C62E676BF75F3BD3	02C0AAFF852E6114FB38BAFA13BA13DA41AF5B723E53299BF62CF4DE98302969
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=Wt6vjf,_latency,FCpbqb,WhJNk[1].js	ASCII text, with very long lines	58C3EAC6CE7891AFF0CC431251BA8E06	77FC74A4C6A4E23C7715FFD5A371EBAF94AF605E	360959ED7C194B47F9784F4CC4CD482B1780F1477A7A4F7ACE0D5DD55DE668A6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=byfTOb,lsjVmc,LEikZe[1].js	ASCII text, with very long lines	765B42DAA6D94C1AF71D7D63DA4D2515	B93B561EEC980E4B582E5FD7285260B6393AFF68	287770502E858A9D39A72581161E1082FCC97DE0577C6C526F74135BDC5CE989
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js	ASCII text, with very long lines	45BA773E21E145A5690F896365BDF5A2	703532E80D79F42CB9D8145E27DC3380CBCFF5A7	4F26A5B7DB1D42F54F15B2A14D373C9CE1C50E5AB73D40D27B362654639671FD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\postmessageRelay[1].htm	HTML document, ASCII text, with very long lines, with no line terminators	B6309C01C376D86B4F1304BFCF0A925F	DC832A9D290A2403075498A628D38A6FC4496D6E	C52B03C2DEF091F6B825325C93906FB06A4B32C2A42D2A398A1BAD4BFC98B9B6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff	Web Open Font Format, TrueType, length 26228, version 1.1	6DD4AD69D53830BDF5232A13482BD50D	6FFF1079D7E5D02A2259CB5D7833E790239E01CF	5CE48D9E9D748AD4686094D3CC33F5AE1E272A5B618F5C6D146C4D12EF02E4A6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff	Web Open Font Format, TrueType, length 26464, version 1.1	08F80DE0ACF68D82AABAB974A47D9E5F	E6F1C0F5395A9C297AA162468961C1FAF0EC1ED9	4070911A1BB9CC52C4E4CD5E85CA186DCDE89308A0517A8FAA4715C2E0A9D45E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[2].woff	Web Open Font Format, TrueType, length 26412, version 1.1	142CAD8531B3C073B7A3CA9C5D6A1422	A33B906ECF28D62EFE4941521FDA567C2B417E4E	F8F2046A2847F22383616CF8A53620E6CECDD29CF2B6044A72688C11370B2FF8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\KFOkCnqEu92Fr1MmgVxIIzQ[1].woff	Web Open Font Format, TrueType, length 19936, version 1.1	E9DBBE8A693DD275C16D32FEB101F1C1	B99D87E2F031FB4E6986A747E36679CB9BC6BD01	48433679240732ED1A9B98E195A75785607795037757E3571FF91878A20A93B2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ServiceLogin[1].htm	HTML document, ASCII text, with very long lines	59D1A46C215D38627FCEBC8715830DAA	C980DFA2F38F2B603D13962ED1609AB6888A9F23	CE2A0B5AC69A15D60EA535DE954D3F0ED2AE9477B8311593C394268C9303C6CD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	F3418A443E7D841097C714D69EC4BCB8	49263695F6B0CDD72F45CF1B775E660FDC36C606	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\m=_b,_tp[1].js	ASCII text, with very long lines	F906B95D6B39768E335DA7A6360B627D	D4B0BE3609ACC9813AD29030C12C2975691AD0E9	60AC04C61BDFE73F7C419069E07477461242E7623DD39568BDBC53BAB936C998
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\m=v[1].js	ASCII text, with very long lines	4A6EA45D8708FE81980BC3E50F1F0FCE	457DBB35CD7B7BE617EF8BB797C6C9A02A1A6F7F	944131B4510B391A5A0F29832EE7B02F4DD48DDA15CF2F6CF348DEDB931DE001
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\metadata[1].json	ASCII text, with very long lines	05DB3B46200365A1F6BCF548A88F7AF0	9BD884749982935EEC0D99959EEFCA626DB581C4	89BF208312A6DBABB4C48E019FA8315A79A119B69DC2138C9CE5D01B49BB78DB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\rpc_shindig_random[1].js	ASCII text, with very long lines	822CDA70623F99D31CE02EAF2CDCA26B	603198A0E8E97EEE68433A8EEE91BE4B4AC21FE9	392799A14B7605CC127E5AE7B525B9CAEF1BDA42337B7ABEA5F5255590898391
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\v-sprite33[1].svg	SVG Scalable Vector Graphics image	85842AFF0FBE1725BAA54DF7E2D6C1C2	63322A45D2ACA287D14765137C2F2212479C0974	BF56A15B0F52A64ED8904A32947E2057EC5C7931B4583D0BF4C118541A458AF4
C:\Users\user\AppData\Local\Temp\~DFA089160FFABE2899.TMP	data	86B9E9D22DC5AA19DDEDA7F0FC872890	0A113DA38716EC605D842BAABE92D5DC60C5142B	DC71F312D55D280B26EE8D21EE461F31727303F3C35B20BBA067F94520106205
C:\Users\user\AppData\Local\Temp\~DFAFE79E2A81027319.TMP	data	B83E8C593CC4EC7B6ECD041643C45095	0B7B604CA3469FC42DB4BE414A66DDB68312B26F	812A47AF9140D8D6BE60EA86292A488A6BEBCC5CE627DB358913AA328EAE2A0B
C:\Users\user\AppData\Local\Temp\~DFD9E42A43549C9786.TMP	data	DBBC00FEA199F7F8A8901D3C5853E2B4	5FF04E3FB5D50AB047518E1F5F5B335830975822	1C9ABDACFC25B2016C75D5F6C33F3444E20EC2DDB8E8E253B98DC2B469B61D1C

Analysis Report https://drive.google.com/file/d/1RxVVBTYMGBSabrzamAJS5QvvMY1Aq2DT/view?usp=drive_web

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains