Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://shiny.documentx.workers.dev/index.html

Overview

General Information

Sample URL:https://shiny.documentx.workers.dev/index.html
Analysis ID:506551
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish10
Phishing site detected (based on logo template match)
HTML body contains low number of good links
Invalid T&C link found
Suspicious form URL found
No HTML title found
Form action URLs do not match main URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6660 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://shiny.documentx.workers.dev/index.html' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6872 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,14757565461869508063,18229539668985602812,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1936 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://shiny.documentx.workers.dev/index.htmlSlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 25855.0.pages.csv, type: HTML
Phishing site detected (based on logo template match)Show sources
Source: https://shiny.documentx.workers.dev/index.htmlMatcher: Template: microsoft matched
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: Number of links: 0
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: Number of links: 0
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: Invalid link: Privacy & Cookies
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: Invalid link: Privacy & Cookies
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: Form action: https://bachelorstoolkit.com/shady.php
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: Form action: https://bachelorstoolkit.com/shady.php
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: HTML title missing
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: HTML title missing
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: Form action: https://bachelorstoolkit.com/shady.php workers bachelorstoolkit
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: Form action: https://bachelorstoolkit.com/shady.php workers bachelorstoolkit
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: No <meta name="author".. found
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: No <meta name="author".. found
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: No <meta name="copyright".. found
Source: https://shiny.documentx.workers.dev/index.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 172.67.192.125:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.192.125:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 91.198.174.208:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: shiny.documentx.workers.dev
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: global trafficHTTP traffic detected: GET /index.html HTTP/1.1Host: shiny.documentx.workers.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: shiny.documentx.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shiny.documentx.workers.dev/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1200px-Microsoft_logo_%282012%29.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shiny.documentx.workers.dev/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: shiny.documentx.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shiny.documentx.workers.dev/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: shiny.documentx.workers.dev
Source: global trafficHTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: shiny.documentx.workers.dev
Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1200px-Microsoft_logo_%282012%29.svg.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: upload.wikimedia.org
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Oct 2021 18:57:05 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 9Connection: closeExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SW%2B%2BHV0%2FWyl7Ior2TKBNRZKiaOjJj8t8kk7caGqMpJXOYJ500ttr3QWH7%2BMpZXfV%2FsdoDrHWd81Al%2BdU63g51l9%2FI3p6rzsMjWEEOp5bxYBNTlCiLHddUj%2FiaCO6%2BH%2F4xNG9PRXQrLg4z4yXX94%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a147847af2dd6e1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Oct 2021 18:57:05 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 9Connection: closeExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aRt%2FKLhJAf5yNNajNbnucUjfeADtGz%2BeBY08GLsKShsptAvRAsSOGnukyVacYpsTVf5TX16TzGIl7%2FvFlTd156mtcb2KKXsoJkux36AQHEY4d%2BNDXgoV13iwaSDiP3d4WNTD465JvAeuh5cAp90%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a147849d95542db-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Oct 2021 18:57:06 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 9Connection: closeExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAqbchnRGRJ5xoOiFUYg%2FKm35HnqyhptnL%2BD5linTO6b0qk2xeuXiOoE0Y8%2BdpmbqlsLg3yB1ueyz5glRNrGmfkkTu1iuFHmubBLeHx4S64IvkUIFK70rxb8nBBNdbB7d3ulkXVpXMtJfQcFANQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a14784e9f9a4401-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Oct 2021 18:57:06 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 9Connection: closeExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sczvFJLst0eryRePV5%2BDV%2FBoL0DZxBoBnfbB1JPdMCbHgJoAQsA6dhwGHRhYQPeIc6%2BNjR4eDTVXiELW6ehIxQkHKTfZMrUD%2FYOSoUxnffggxUnz%2F6rkgVrR3j37X0HwrI%2FcfJJ4Va38hgxqWmc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6a14784ebb50701f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: angular.js.0.drString found in binary or memory: http://angularjs.org
Source: angular.js.0.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Reporting and NEL.2.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=aRt%2FKLhJAf5yNNajNbnucUjfeADtGz%2BeBY08GLsKShsptAvRAsSOGnu
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, manifest.json.0.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.drString found in binary or memory: https://ajax.googleapis.com
Source: data_1.2.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, manifest.json.0.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://apis.google.com
Source: mirroring_common.js.0.drString found in binary or memory: https://apis.google.com/js/client.js
Source: Current Session.0.drString found in binary or memory: https://bachelorstoolkit.com/shady.php
Source: mirroring_common.js.0.drString found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.drString found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients6.google.com
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.drString found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.2.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCVlo72sZdZUZEgk
Source: manifest.json.0.drString found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.0.dr, common.js.0.drString found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.2.drString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.2.drString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: data_3.2.dr, Reporting and NEL.2.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 615c5839-6ef7-491b-9d05-9152a1562d3a.tmp.2.dr, 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, 3b125ee5-6999-449b-9cef-f8deacbff893.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://dns.google
Source: mirroring_common.js.0.drString found in binary or memory: https://docs.google.com
Source: manifest.json.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://fonts.googleapis.com
Source: manifest.json.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://fonts.gstatic.com
Source: manifest.json.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.drString found in binary or memory: https://github.com/angular/material
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json.0.drString found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_3.2.dr, Reporting and NEL.2.drString found in binary or memory: https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c
Source: mirroring_common.js.0.drString found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.drString found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json0.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json0.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_1.2.drString found in binary or memory: https://shiny.documentx.workers.dev/_layouts/15/images/favicon.ico?rev=47
Source: data_1.2.drString found in binary or memory: https://shiny.documentx.workers.dev/_layouts/15/images/favicon.ico?rev=47Error
Source: data_1.2.drString found in binary or memory: https://shiny.documentx.workers.dev/_layouts/15/images/microsoft-logo.png
Source: data_1.2.drString found in binary or memory: https://shiny.documentx.workers.dev/_layouts/15/images/microsoft-logo.pngError
Source: Current Session.0.dr, data_1.2.dr, History.0.drString found in binary or memory: https://shiny.documentx.workers.dev/index.html
Source: History Provider Cache.0.dr, Current Session.0.drString found in binary or memory: https://shiny.documentx.workers.dev/index.html2
Source: History.0.drString found in binary or memory: https://shiny.documentx.workers.dev/index.htmlSharing
Source: data_1.2.drString found in binary or memory: https://shiny.documentx.workers.dev/index.htmln
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.drString found in binary or memory: https://spoprod-a.akamaihd.net
Source: data_1.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric-cdn-prod_20210115.001/assets/item-types/32_2x/folder.png
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr, feedback.html.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr, feedback.html.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: data_1.2.drString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1200px-Micro
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, manifest.json.0.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://www.google.com
Source: manifest.json0.0.drString found in binary or memory: https://www.google.com/
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.0.drString found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json.0.drString found in binary or memory: https://www.google.com;
Source: craw_window.js.0.dr, craw_background.js.0.dr, 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.drString found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.drString found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 415dd08c-70e3-4c90-a41c-3d53efdd5afe.tmp.2.dr, c41fc7d9-fdea-4777-808e-5733fc5671d6.tmp.2.drString found in binary or memory: https://www.gstatic.com
Source: common.js.0.drString found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json.0.drString found in binary or memory: https://www.gstatic.com;
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: unknownHTTPS traffic detected: 172.67.192.125:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.192.125:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 91.198.174.208:443 -> 192.168.2.4:49788 version: TLS 1.2