Loading ...

Play interactive tourEdit tour

Windows Analysis Report brwncald.com-e-FAX-239085-pdf.htm

Overview

General Information

Sample Name:brwncald.com-e-FAX-239085-pdf.htm
Analysis ID:553355
MD5:2789a7c3900934927a3e11fcef6c4bf8
SHA1:771f40ffd4845e5aeddcd83163b600df179a2cf0
SHA256:77c97a99a8f6524c9c897ff5bdc491be43708f22f4998b666efa934a12134806
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Misleading page title found
Yara detected HtmlPhish10
HTML document with suspicious title
Phishing site detected (based on logo template match)
HTML body contains low number of good links
Invalid T&C link found
IP address seen in connection with other malware
None HTTPS page querying sensitive user data (password, username or email)
No HTML title found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6348 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\brwncald.com-e-FAX-239085-pdf.htm MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,17101817974673970121,2254609894667848228,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

barindex
Misleading page title foundShow sources
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comPage Title: Microsoft | Login
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comPage Title: Microsoft | Login
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 92810.0.pages.csv, type: HTML
Phishing site detected (based on logo template match)Show sources
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comMatcher: Template: microsoft matched
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: Invalid link: Privacy statement
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: Invalid link: Privacy statement
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/brwncald.com-e-FAX-239085-pdf.htm#bdickerson@brwncald.comHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/bg.jpg HTTP/1.1Host: todosec.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: angular.js.0.drString found in binary or memory: http://angularjs.org
Source: angular.js.0.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: http://llvm.org/):
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=FiggONnyATx92%2BB%2FOhqTvSx%2Bng2rxO%2Fv6UFdpQ%2FCE3W1BDjjg
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=pP5oaGjJ%2FbGLeGd75E6mVxf0sT5VDcG2mrTDkaiBXqz0bY%2BQ2402I%2
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=tSlG3%2BuDv%2FH%2Bv%2BESg9Vq3puq%2Fd%2FkDZfoYj%2F74fVX%2Fzr
Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: data_1.1.drString found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.icop
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, manifest.json0.0.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
Source: 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://ajax.googleapis.com
Source: data_1.1.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, manifest.json0.0.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://apis.google.com
Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.0.dr, manifest.json0.0.dr, manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: data_1.1.drString found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.1.drString found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: data_1.1.drString found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: manifest.json0.0.drString found in binary or memory: https://content.googleapis.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 7a814808-8f8e-45a2-8dde-82296cd6be0c.tmp.1.dr, a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, a50153b0-ce9e-4abe-916d-f3519da7d3c4.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://dns.google
Source: manifest.json0.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: data_1.1.drString found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: manifest.json0.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: data_2.1.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v18/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2
Source: data_2.1.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v18/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rHmsJCQ.wo
Source: data_2.1.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v18/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rXmsJCQ.wo
Source: manifest.json0.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr, angular.js.0.drString found in binary or memory: https://github.com/angular/material
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json0.0.drString found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_1.1.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://meetings.clients6.google.com
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://r4---sn-4g5lznle.gvt1.com
Source: data_1.1.drString found in binary or memory: https://r4---sn-4g5lznle.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
Source: data_1.1.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: data_1.1.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdicM
Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr, messages.json15.0.dr, messages.json66.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json29.0.dr, feedback.html.0.dr, messages.json75.0.dr, messages.json71.0.dr, messages.json73.0.dr, messages.json27.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json82.0.dr, messages.json44.0.dr, messages.json74.0.dr, messages.json0.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json14.0.dr, messages.json87.0.dr, messages.json76.0.dr, messages.json.0.dr, messages.json80.0.dr, messages.json43.0.dr, messages.json28.0.dr, messages.json10.0.dr, messages.json9.0.dr, messages.json8.0.dr, messages.json78.0.dr, messages.json2.0.dr, messages.json81.0.dr, messages.json31.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr, messages.json15.0.dr, messages.json66.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json29.0.dr, feedback.html.0.dr, messages.json75.0.dr, messages.json71.0.dr, messages.json73.0.dr, messages.json27.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json82.0.dr, messages.json44.0.dr, messages.json74.0.dr, messages.json0.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json14.0.dr, messages.json87.0.dr, messages.json76.0.dr, messages.json.0.dr, messages.json80.0.dr, messages.json43.0.dr, messages.json28.0.dr, messages.json10.0.dr, messages.json9.0.dr, messages.json8.0.dr, messages.json78.0.dr, messages.json2.0.dr, messages.json81.0.dr, messages.json31.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: data_1.1.drString found in binary or memory: https://todosec.org/images/bg.jpg
Source: data_1.1.drString found in binary or memory: https://use.fontawesome.com/releases/v5.7.0/css/all.css
Source: data_1.1.drString found in binary or memory: https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.woff2
Source: data_1.1.drString found in binary or memory: https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.woff2D
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, manifest.json0.0.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://www.google.com
Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: manifest.json0.0.drString found in binary or memory: https://www.google.com;
Source: craw_window.js.0.dr, craw_background.js.0.dr, a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: a760c419-ec09-4cf6-b2e8-35aef43892c2.tmp.1.dr, 1e01cce7-0e01-42ca-a6fc-6cd68f6e134d.tmp.1.drString found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.drString found in binary or memory: https://www.gstatic.com;