IOC Report
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 146
ASCII text, with very long lines (1530)
downloaded
Chrome Cache Entry: 147
ASCII text
downloaded
Chrome Cache Entry: 148
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 149
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 150
ASCII text, with very long lines (585)
downloaded
Chrome Cache Entry: 151
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 152
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 153
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 154
ASCII text, with very long lines (3588)
downloaded
Chrome Cache Entry: 155
ASCII text, with very long lines (2054)
downloaded
Chrome Cache Entry: 156
ASCII text, with very long lines (557)
downloaded
Chrome Cache Entry: 157
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, software=Google], baseline, precision 8, 64x64, components 3
dropped
Chrome Cache Entry: 158
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 159
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 160
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 161
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 162
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 163
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 164
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 165
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 166
ASCII text, with very long lines (2323)
downloaded
Chrome Cache Entry: 167
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 168
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 169
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 170
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 171
HTML document, ASCII text
downloaded
Chrome Cache Entry: 172
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 173
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 174
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, software=Google], baseline, precision 8, 64x64, components 3
downloaded
Chrome Cache Entry: 175
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 176
ASCII text, with very long lines (2120)
downloaded
Chrome Cache Entry: 177
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 178
ASCII text, with very long lines (922)
downloaded
Chrome Cache Entry: 179
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 180
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 181
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 182
ASCII text, with very long lines (1674)
downloaded
Chrome Cache Entry: 183
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 184
Web Open Font Format (Version 2), TrueType, length 29728, version 1.0
downloaded
Chrome Cache Entry: 185
JSON data
downloaded
There are 31 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web

URLs

Name
IP
Malicious
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
https://apis.google.com/js/googleapis.proxy.js?onload=startup
172.217.168.78
https://signaler-staging.sandbox.google.com
unknown
http://www.broofa.com
unknown
https://apis.google.com/js/client.js
unknown
https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
unknown
https://apis.google.com/js/googleapis.proxy.js
unknown
https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1
unknown
https://support.google.com/drive/answer/2423485?hl=%s
unknown
https://drive.google.com/open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph
172.217.168.14
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://onepick-autopush.sandbox.google.com/picker/minpick/main
unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
https://www.youtube.com
unknown
https://support.google.com/drive/answer/2407404?hl=en
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_1
172.217.168.78
https://pay.google.com/gp/v/widget/save
unknown
https://workspace.google.com
unknown
https://onepick-staging.sandbox.google.com/picker/minpick/main
unknown
https://support.google.com/docs/answer/49114
unknown
https://support.google.com/drive/answer/2423694
unknown
https://support.google.com/google-workspace-individual/?p=esignature_signer_terms
unknown
https://drive-thirdparty.googleusercontent.com/
unknown
https://content-googleapis-test.sandbox.google.com
unknown
https://www.google.com/shopping/customerreviews/optin?usegapi=1
unknown
https://onepick-preprod.sandbox.google.com/picker/minpick/main
unknown
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/docos/p/sync?resourcekey&id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&reqid=0
172.217.168.14
https://developers.google.com/
unknown
https://onepick-staging-drivequal.sandbox.google.com/picker/minpick/main
unknown
https://developers.google.com/identity/gsi/web/guides/gis-migration)
unknown
https://www.google.com/tools/feedback
unknown
https://sandbox.google.com/inapp/%
unknown
https://www.google.com/recaptcha/api.js?trustedtypes=true
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0?le=scs
172.217.168.78
https://apis.google.com/js/api.js
unknown
https://docs.google.com/picker
unknown
https://www.youtube.com/subscribe_embed?usegapi=1
unknown
https://feedback2-test.corp.google.com/tools/feedback/%
unknown
https://punctual-dev.corp.google.com
unknown
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
172.217.168.14
https://plus.google.com
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0
172.217.168.78
https://play.google.com/log?format=json&hasfast=true
142.250.203.110
https://clients5.google.com/webstore/wall/widget
unknown
https://sandbox.google.com/tools/feedback/%
unknown
https://content-googleapis-staging.sandbox.google.com
unknown
https://support.google.com/drive/answer/7650301
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
216.58.215.238
https://play.google.com/work/embedded/search?usegapi=1&usegapi=1
unknown
https://drive.google.com/requestreview?id=
unknown
https://drive.google.com/drive/my-drive
unknown
https://fonts.google.com/license/googlerestricted
unknown
https://clients6.google.com
unknown
https://accounts.google.com/o/oauth2/iframe
unknown
https://clients5.google.com
unknown
https://www.google.com/log?format=json&hasfast=true
unknown
https://console.developers.google.com/
unknown
https://signaler-pa.youtube.com
unknown
https://support.google.com/docs/answer/65129?hl=en-GB
unknown
https://support.google.com/inapp/%
unknown
https://accounts.google.com/o/oauth2/postmessageRelay
unknown
https://drivemetadata.clients6.google.com
unknown
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_open
172.217.168.14
https://support.google.com/docs/answer/148505
unknown
https://support.google.com/
unknown
https://support.google.com/docs/answer/37603
unknown
https://www.google.com/shopping/customerreviews/badge?usegapi=1
unknown
https://csp.withgoogle.com/csp/lcreport/
unknown
https://drive.google.com/savetodrivebutton?usegapi=1
unknown
https://scone-pa.clients6.google.com
unknown
https://lh3.googleusercontent.com/a/default-user
unknown
https://accounts.google.com/o/oauth2/auth
unknown
https://developers.google.com/api-client-library/javascript/reference/referencedocs
unknown
https://apis.google.com
unknown
https://domains.google.com/suggest/flow
unknown
https://apps-drive-picker-dev.corp.google.com/picker/minpick/main
unknown
https://feedback2-test.corp.google.com/inapp/%
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://signaler-pa.clients6.google.com
unknown
https://classroom.google.com/sharewidget?usegapi=1
unknown
https://support.google.com/docs/answer/65129
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
172.217.168.45
http://www.bohemiancoding.com/sketch
unknown
https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
unknown
https://feedback2-test.corp.googleusercontent.com/inapp/%
unknown
https://drive.google.com/viewer
unknown
https://drive.google.com/viewer2/prod-03/archive?ck=drive&ds=APznzaasIqez7CAZvd1AzdJZuQm7sAdnJFT4Z0_CBcEG2R0grRTcX1ow_i5lRsOx8Pwjj7KZ-wouRSRinrMEdiAe5R_1DNYrcKb8QFVhEBPcz_cMH29r1n_hnU8oOGhog0cddqJ_jHVH7evVvIZJvgAKAiSLfhKf3JE8uTLEpLxqnh5T-lqQm3phfEU0Ruothy555pIaKxoXlj3onLbT8dfeR8MIbNRoeqVyzbpFWx9BV1ui0FpEE8OZ-xkCGDqoQUnrvFgQJ_pb8xuzUQH6t2HmKnwZpckBi2tOBcehcwGSMafk5Z1lyc6q2nEI1KibcVn4ZnldI005nJrb_LhYxOXFCFfAj75WifM8jhamuJ_hMbkTgG6wic4lD32CBifJkJJ4oKIE1hCY&authuser=0&page=0
172.217.168.14
https://drive.google.com/viewer2/prod-03/archive?ck=drive&ds=APznzaZ4EnWmVlJt_JumJy33reBjJaVafEoqWavi_7pl0Gz0VsIk1PIJDEos8ZDf7dkGBiBsRZL_dKEfhJpvuv7cep5A0kCpuAGl6K6FyarLPhVXAO2p_uPsnnf_GkouiT__PKNuVQFJfh-dkxBGAIx6lOz5QJFQgv_CIlKD-GbFKhd-lm3U-RX_OPqqIPkYrxM6knd8S2_ux__co0pWYzcBB3CbRNT90t4XZkLgXiv4kl1FIo8cBA2HvnCw-K88ylE2fb9m3FqbaiMQtE0xKaLMJrumvGBM5MDWcQYleBYsJWziLdDpGZf96WCzoiPHZZohCOnfcfiJftbwY7I7jbeWq3_pwi6MsZQkXOM1g6u5Ns3FpZKEFsWWnelKaASry6bbENn-o3PW&authuser=0&page=0
172.217.168.14
http://www.bohemiancoding.com/sketch/ns
unknown
https://www.google.cn/tools/feedback/%
unknown
https://www.google.com/tools/feedback/help_panel_binary.js
unknown
http://creativecommons.org/ns#
unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
unknown
https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1
unknown
https://test-scone-pa-googleapis.sandbox.google.com
unknown
https://support.google.com/docs?p=comments_guide
unknown
https://talkgadget.google.com/:session_prefix:talkgadget/_/widget
unknown
https://drive.google.com/picker/minpick/main
unknown
https://www.google.com/tools/feedback/%
unknown
https://lh3.googleusercontent.com/a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64
216.58.215.225
https://families.google.com/webcreation?usegapi=1&usegapi=1
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
blobcomments-pa.clients6.google.com
142.250.203.106
accounts.google.com
172.217.168.45
plus.l.google.com
172.217.168.78
play.google.com
142.250.203.110
drive.google.com
172.217.168.14
www.google.com
142.250.203.100
clients.l.google.com
216.58.215.238
peoplestackwebexperiments-pa.clients6.google.com
216.58.215.234
googlehosted.l.googleusercontent.com
216.58.215.225
clients2.google.com
unknown
lh3.googleusercontent.com
unknown
apis.google.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
216.58.215.238
clients.l.google.com
United States
142.250.203.100
www.google.com
United States
216.58.215.225
googlehosted.l.googleusercontent.com
United States
142.250.203.110
play.google.com
United States
172.217.168.45
accounts.google.com
United States
172.217.168.78
plus.l.google.com
United States
172.217.168.14
drive.google.com
United States
239.255.255.250
unknown
Reserved

DOM / HTML

URL
Malicious
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view
https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.UjJbvPIecP0.O%2Fd%3D1%2Frs%3DAHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA%2Fm%3D__features__#parent=https%3A%2F%2Fdrive.google.com&rpctoken=405025435
https://drive.google.com/uc?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&export=download
https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.UjJbvPIecP0.O%2Fd%3D1%2Frs%3DAHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA%2Fm%3D__features__#parent=https%3A%2F%2Fdrive.google.com&rpctoken=620156614
There are 5 hidden doms, click here to show them.