Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web

Overview

General Information

Sample URL:https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Analysis ID:876168
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5288 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5508 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global trafficHTTP traffic detected: GET /js/googleapis.proxy.js?onload=startup HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global trafficHTTP traffic detected: GET /viewer2/prod-03/archive?ck=drive&ds=APznzaasIqez7CAZvd1AzdJZuQm7sAdnJFT4Z0_CBcEG2R0grRTcX1ow_i5lRsOx8Pwjj7KZ-wouRSRinrMEdiAe5R_1DNYrcKb8QFVhEBPcz_cMH29r1n_hnU8oOGhog0cddqJ_jHVH7evVvIZJvgAKAiSLfhKf3JE8uTLEpLxqnh5T-lqQm3phfEU0Ruothy555pIaKxoXlj3onLbT8dfeR8MIbNRoeqVyzbpFWx9BV1ui0FpEE8OZ-xkCGDqoQUnrvFgQJ_pb8xuzUQH6t2HmKnwZpckBi2tOBcehcwGSMafk5Z1lyc6q2nEI1KibcVn4ZnldI005nJrb_LhYxOXFCFfAj75WifM8jhamuJ_hMbkTgG6wic4lD32CBifJkJJ4oKIE1hCY&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global trafficHTTP traffic detected: GET /a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiSocsBCIurzAEI7bvMAQjMvMwBCLLBzAEIxcHMAQjWwcwBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /uc?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&export=download HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global trafficHTTP traffic detected: GET /open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global trafficHTTP traffic detected: GET /file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_open HTTP/1.1Host: drive.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global trafficHTTP traffic detected: GET /js/googleapis.proxy.js?onload=startup HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7wIf-None-Match: "f0b6cd303d5059ac"
Source: global trafficHTTP traffic detected: GET /viewer2/prod-03/archive?ck=drive&ds=APznzaZ4EnWmVlJt_JumJy33reBjJaVafEoqWavi_7pl0Gz0VsIk1PIJDEos8ZDf7dkGBiBsRZL_dKEfhJpvuv7cep5A0kCpuAGl6K6FyarLPhVXAO2p_uPsnnf_GkouiT__PKNuVQFJfh-dkxBGAIx6lOz5QJFQgv_CIlKD-GbFKhd-lm3U-RX_OPqqIPkYrxM6knd8S2_ux__co0pWYzcBB3CbRNT90t4XZkLgXiv4kl1FIo8cBA2HvnCw-K88ylE2fb9m3FqbaiMQtE0xKaLMJrumvGBM5MDWcQYleBYsJWziLdDpGZf96WCzoiPHZZohCOnfcfiJftbwY7I7jbeWq3_pwi6MsZQkXOM1g6u5Ns3FpZKEFsWWnelKaASry6bbENn-o3PW&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: chromecache_155.1.drString found in binary or memory: disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}, equals www.youtube.com (Youtube)
Source: chromecache_150.1.drString found in binary or memory: var C$a=function(a){return sh(function(){return RF(a,B$a,GKa)},function(b,c){(void 0===c||500>c)&&b.cancel()},function(b,c){(void 0===c||500>c)&&b.cancel()}).then()},D$a=function(a,b){b.then(function(){a.za=2;for(var c=p(a.C),d=c.next();!d.done;d=c.next())d.value.Vb.resolve();a.C.splice(0,a.C.length)},function(){var c=a.C.shift();c?(D$a(a,c.promise),c.Vb.resolve()):a.za=0})};var E$a=function(a){A.call(this);this.D=a;a=J(this.D);var b=I(a,zF,48)||new zF;this.C=new Ei(H(b,6,"AIzaSyDVQw45DwoYh632gvsP5vPDqEKvb-Ywnb8"),jj(a)||"0",H(b,7,"https://workspacevideo-pa.googleapis.com"),void 0,!0,void 0,!0,void 0,void 0);this.C.init();this.ia(this.C)};Q(E$a,A);var MN=function(a){xJ.call(this,a.ca());this.O=a};Q(MN,xJ);MN.prototype.D=function(){return"onYouTubeIframeAPIReady"};MN.prototype.J=function(){var a=I(J(this.O),zF,48)||new zF;return Tr(H(a,1,"https://www.youtube.com"),"iframe_api")};MN.prototype.C=function(){return Tk("YT.Player",Ui(this.ca()))};var F$a=function(a,b){EN.call(this,a,b)};Q(F$a,EN);h=F$a.prototype;h.Zj=function(){return 0};h.isPlayable=function(){return!0};h.vj=function(){if(this.Oc){var a=oia(Kc(this.Oc));a=this.Oc[a]}return a||H(this.C,3,"")||window.location.protocol+"//i.ytimg.com/vi/"+this.eo()+"/mqdefault.jpg"};h.eo=function(){return aj(this.uri,"v")}; equals www.youtube.com (Youtube)
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: chromecache_163.1.dr, chromecache_177.1.drString found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_182.1.dr, chromecache_150.1.drString found in binary or memory: http://csi.gstatic.com/csi
Source: chromecache_150.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_163.1.dr, chromecache_177.1.drString found in binary or memory: http://www.bohemiancoding.com/sketch
Source: chromecache_163.1.dr, chromecache_177.1.drString found in binary or memory: http://www.bohemiancoding.com/sketch/ns
Source: chromecache_176.1.dr, chromecache_150.1.drString found in binary or memory: http://www.broofa.com
Source: chromecache_182.1.dr, chromecache_154.1.dr, chromecache_155.1.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_182.1.dr, chromecache_155.1.drString found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_155.1.drString found in binary or memory: https://apis.google.com
Source: chromecache_156.1.dr, chromecache_150.1.drString found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_166.1.dr, chromecache_150.1.drString found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_155.1.drString found in binary or memory: https://apis.google.com/js/googleapis.proxy.js
Source: chromecache_171.1.drString found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: chromecache_150.1.drString found in binary or memory: https://apps-drive-picker-dev.corp.google.com/picker/minpick/main
Source: chromecache_155.1.drString found in binary or memory: https://classroom.google.com/sharewidget?usegapi=1
Source: chromecache_155.1.drString found in binary or memory: https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1
Source: chromecache_150.1.drString found in binary or memory: https://clients5.google.com
Source: chromecache_150.1.drString found in binary or memory: https://clients5.google.com/webstore/wall/widget
Source: chromecache_166.1.dr, chromecache_154.1.dr, chromecache_155.1.drString found in binary or memory: https://clients6.google.com
Source: chromecache_182.1.drString found in binary or memory: https://console.developers.google.com/
Source: chromecache_166.1.drString found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_166.1.drString found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_146.1.dr, chromecache_182.1.dr, chromecache_154.1.dr, chromecache_155.1.drString found in binary or memory: https://content.googleapis.com
Source: chromecache_182.1.dr, chromecache_150.1.drString found in binary or memory: https://csi.gstatic.com/csi
Source: chromecache_182.1.drString found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_155.1.drString found in binary or memory: https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1
Source: chromecache_182.1.drString found in binary or memory: https://developers.google.com/
Source: chromecache_182.1.drString found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: chromecache_182.1.drString found in binary or memory: https://developers.google.com/identity/gsi/web/guides/gis-migration)
Source: chromecache_182.1.drString found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: chromecache_150.1.drString found in binary or memory: https://docs.google.com/picker
Source: chromecache_146.1.dr, chromecache_154.1.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_150.1.drString found in binary or memory: https://drive-thirdparty.googleusercontent.com/
Source: chromecache_150.1.drString found in binary or memory: https://drive.google.com/drive/my-drive
Source: chromecache_150.1.drString found in binary or memory: https://drive.google.com/picker/minpick/main
Source: chromecache_150.1.drString found in binary or memory: https://drive.google.com/requestreview?id=
Source: chromecache_155.1.drString found in binary or memory: https://drive.google.com/savetodrivebutton?usegapi=1
Source: chromecache_150.1.drString found in binary or memory: https://drive.google.com/viewer
Source: chromecache_150.1.drString found in binary or memory: https://drivemetadata.clients6.google.com
Source: chromecache_155.1.drString found in binary or memory: https://families.google.com/webcreation?usegapi=1&usegapi=1
Source: chromecache_166.1.drString found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_166.1.drString found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_166.1.drString found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_166.1.drString found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_147.1.drString found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_156.1.drString found in binary or memory: https://fonts.gstatic.com/s/e/notoemoji/
Source: chromecache_147.1.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_150.1.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialiconsfilled/close/v19/gm_grey200-24dp/1x/gm_filled_close
Source: chromecache_166.1.drString found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_166.1.drString found in binary or memory: https://gstatic.com/uservoice/surveys/resources/%
Source: chromecache_156.1.drString found in binary or memory: https://lh3.googleusercontent.com/a/default-user
Source: chromecache_150.1.drString found in binary or memory: https://onepick-autopush.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.drString found in binary or memory: https://onepick-preprod.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.drString found in binary or memory: https://onepick-staging-drivequal.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.drString found in binary or memory: https://onepick-staging.sandbox.google.com/picker/minpick/main
Source: chromecache_155.1.drString found in binary or memory: https://pay.google.com/gp/v/widget/save
Source: chromecache_150.1.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_155.1.drString found in binary or memory: https://play.google.com/work/embedded/search?usegapi=1&usegapi=1
Source: chromecache_154.1.dr, chromecache_155.1.drString found in binary or memory: https://plus.google.com
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.drString found in binary or memory: https://plus.googleapis.com
Source: chromecache_150.1.drString found in binary or memory: https://punctual-dev.corp.google.com
Source: chromecache_166.1.drString found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_166.1.drString found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_166.1.drString found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_150.1.drString found in binary or memory: https://signaler-pa.clients6.google.com
Source: chromecache_150.1.drString found in binary or memory: https://signaler-pa.googleapis.com
Source: chromecache_150.1.drString found in binary or memory: https://signaler-pa.youtube.com
Source: chromecache_150.1.drString found in binary or memory: https://signaler-staging.sandbox.google.com
Source: chromecache_150.1.drString found in binary or memory: https://ssl.gstatic.com/docs/common/cleardot.gif
Source: chromecache_150.1.drString found in binary or memory: https://ssl.gstatic.com/docs/doclist/images/icon_10_generic_list.png
Source: chromecache_182.1.drString found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: chromecache_166.1.drString found in binary or memory: https://ssl.gstatic.com/guidedhelp/runtime/guide_inproduct.js
Source: chromecache_166.1.drString found in binary or memory: https://ssl.gstatic.com/guidedhelp/runtime_staging/guided_help.js
Source: chromecache_155.1.drString found in binary or memory: https://ssl.gstatic.com/microscope/embed/
Source: chromecache_166.1.dr, chromecache_150.1.drString found in binary or memory: https://support.google.com/
Source: chromecache_150.1.drString found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_150.1.drString found in binary or memory: https://support.google.com/docs/answer/37603
Source: chromecache_150.1.drString found in binary or memory: https://support.google.com/docs/answer/49114
Source: chromecache_156.1.drString found in binary or memory: https://support.google.com/docs/answer/65129
Source: chromecache_156.1.drString found in binary or memory: https://support.google.com/docs/answer/65129?hl=en-GB
Source: chromecache_156.1.drString found in binary or memory: https://support.google.com/docs?p=comments_guide
Source: chromecache_150.1.drString found in binary or memory: https://support.google.com/drive/answer/2407404?hl=en
Source: chromecache_150.1.drString found in binary or memory: https://support.google.com/drive/answer/2423485?hl=%s
Source: chromecache_150.1.drString found in binary or memory: https://support.google.com/drive/answer/2423694
Source: chromecache_150.1.drString found in binary or memory: https://support.google.com/drive/answer/7650301
Source: chromecache_150.1.drString found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_signer_terms
Source: chromecache_166.1.drString found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_155.1.drString found in binary or memory: https://talkgadget.google.com/:session_prefix:talkgadget/_/widget
Source: chromecache_166.1.drString found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_150.1.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_150.1.drString found in binary or memory: https://workspace.google.com
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_150.1.drString found in binary or memory: https://workspacevideo-pa.googleapis.com
Source: chromecache_166.1.drString found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_176.1.dr, chromecache_150.1.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_150.1.drString found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true
Source: chromecache_155.1.drString found in binary or memory: https://www.google.com/shopping/customerreviews/badge?usegapi=1
Source: chromecache_155.1.drString found in binary or memory: https://www.google.com/shopping/customerreviews/optin?usegapi=1
Source: chromecache_166.1.dr, chromecache_150.1.drString found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_166.1.drString found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_166.1.drString found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_182.1.drString found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: chromecache_154.1.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_154.1.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_176.1.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_176.1.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: chromecache_176.1.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_155.1.drString found in binary or memory: https://www.gstatic.com/partners/badge/templates/badge.html?usegapi=1
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_email_address_grey300.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_name_grey300.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_copy_grey300.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_cut_grey300.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/email_copy_grey300.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/info_outline_grey300.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/phone_copy_grey300.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/visibility_off_grey200.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_email_address_grey700.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_name_grey700.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_copy_grey700.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_cut_grey700.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/domain_disabled_grey900.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/email_copy_grey700.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/info_outline_grey700.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/phone_copy_grey700.svg
Source: chromecache_156.1.drString found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/visibility_off_grey700.svg
Source: chromecache_150.1.drString found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_166.1.drString found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_166.1.drString found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/%
Source: chromecache_150.1.drString found in binary or memory: https://www.youtube.com
Source: chromecache_155.1.drString found in binary or memory: https://www.youtube.com/subscribe_embed?usegapi=1
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
Source: classification engineClassification label: clean0.win@29/40@14/9
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process