Edit tour

Windows Analysis Report
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web

Overview

General Information

Sample URL:	https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Analysis ID:	876168
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5288 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5508 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070

Source: classification engine

Classification label: clean0.win@29/40@14/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/lcreport/	0%	URL Reputation	safe
http://www.bohemiancoding.com/sketch	0%	URL Reputation	safe
http://www.bohemiancoding.com/sketch/ns	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
blobcomments-pa.clients6.google.com	142.250.203.106	true	false	high
accounts.google.com	172.217.168.45	true	false	high
plus.l.google.com	172.217.168.78	true	false	high
play.google.com	142.250.203.110	true	false	high
drive.google.com	172.217.168.14	true	false	high
www.google.com	142.250.203.100	true	false	high
clients.l.google.com	216.58.215.238	true	false	high
peoplestackwebexperiments-pa.clients6.google.com	216.58.215.234	true	false	high
googlehosted.l.googleusercontent.com	216.58.215.225	true	false	high
clients2.google.com	unknown	unknown	false	high
lh3.googleusercontent.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://apis.google.com/js/googleapis.proxy.js?onload=startup	false	high
https://drive.google.com/open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph	false	high
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_1	false	high
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/docos/p/sync?resourcekey&id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&reqid=0	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0?le=scs	false	high
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0	false	high
https://play.google.com/log?format=json&hasfast=true	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_open	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://drive.google.com/viewer2/prod-03/archive?ck=drive&ds=APznzaasIqez7CAZvd1AzdJZuQm7sAdnJFT4Z0_CBcEG2R0grRTcX1ow_i5lRsOx8Pwjj7KZ-wouRSRinrMEdiAe5R_1DNYrcKb8QFVhEBPcz_cMH29r1n_hnU8oOGhog0cddqJ_jHVH7evVvIZJvgAKAiSLfhKf3JE8uTLEpLxqnh5T-lqQm3phfEU0Ruothy555pIaKxoXlj3onLbT8dfeR8MIbNRoeqVyzbpFWx9BV1ui0FpEE8OZ-xkCGDqoQUnrvFgQJ_pb8xuzUQH6t2HmKnwZpckBi2tOBcehcwGSMafk5Z1lyc6q2nEI1KibcVn4ZnldI005nJrb_LhYxOXFCFfAj75WifM8jhamuJ_hMbkTgG6wic4lD32CBifJkJJ4oKIE1hCY&authuser=0&page=0	false	high
https://drive.google.com/viewer2/prod-03/archive?ck=drive&ds=APznzaZ4EnWmVlJt_JumJy33reBjJaVafEoqWavi_7pl0Gz0VsIk1PIJDEos8ZDf7dkGBiBsRZL_dKEfhJpvuv7cep5A0kCpuAGl6K6FyarLPhVXAO2p_uPsnnf_GkouiT__PKNuVQFJfh-dkxBGAIx6lOz5QJFQgv_CIlKD-GbFKhd-lm3U-RX_OPqqIPkYrxM6knd8S2_ux__co0pWYzcBB3CbRNT90t4XZkLgXiv4kl1FIo8cBA2HvnCw-K88ylE2fb9m3FqbaiMQtE0xKaLMJrumvGBM5MDWcQYleBYsJWziLdDpGZf96WCzoiPHZZohCOnfcfiJftbwY7I7jbeWq3_pwi6MsZQkXOM1g6u5Ns3FpZKEFsWWnelKaASry6bbENn-o3PW&authuser=0&page=0	false	high
https://lh3.googleusercontent.com/a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://signaler-staging.sandbox.google.com	chromecache_150.1.dr	false		high
http://www.broofa.com	chromecache_176.1.dr, chromecache_150.1.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://apis.google.com/js/client.js	chromecache_166.1.dr, chromecache_150.1.dr	false		high
https://feedback2-test.corp.googleusercontent.com/tools/feedback/%	chromecache_166.1.dr	false		high
https://apis.google.com/js/googleapis.proxy.js	chromecache_155.1.dr	false		high
https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1	chromecache_155.1.dr	false		high
https://support.google.com/drive/answer/2423485?hl=%s	chromecache_150.1.dr	false		high
https://onepick-autopush.sandbox.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://www.youtube.com	chromecache_150.1.dr	false		high
https://support.google.com/drive/answer/2407404?hl=en	chromecache_150.1.dr	false		high
https://pay.google.com/gp/v/widget/save	chromecache_155.1.dr	false		high
https://workspace.google.com	chromecache_150.1.dr	false		high
https://onepick-staging.sandbox.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://support.google.com/docs/answer/49114	chromecache_150.1.dr	false		high
https://support.google.com/drive/answer/2423694	chromecache_150.1.dr	false		high
https://support.google.com/google-workspace-individual/?p=esignature_signer_terms	chromecache_150.1.dr	false		high
https://drive-thirdparty.googleusercontent.com/	chromecache_150.1.dr	false		high
https://content-googleapis-test.sandbox.google.com	chromecache_166.1.dr	false		high
https://www.google.com/shopping/customerreviews/optin?usegapi=1	chromecache_155.1.dr	false		high
https://onepick-preprod.sandbox.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://developers.google.com/	chromecache_182.1.dr	false		high
https://onepick-staging-drivequal.sandbox.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://developers.google.com/identity/gsi/web/guides/gis-migration)	chromecache_182.1.dr	false		high
https://www.google.com/tools/feedback	chromecache_166.1.dr, chromecache_150.1.dr	false		high
https://sandbox.google.com/inapp/%	chromecache_166.1.dr	false		high
https://www.google.com/recaptcha/api.js?trustedtypes=true	chromecache_150.1.dr	false		high
https://apis.google.com/js/api.js	chromecache_156.1.dr, chromecache_150.1.dr	false		high
https://docs.google.com/picker	chromecache_150.1.dr	false		high
https://www.youtube.com/subscribe_embed?usegapi=1	chromecache_155.1.dr	false		high
https://feedback2-test.corp.google.com/tools/feedback/%	chromecache_166.1.dr	false		high
https://punctual-dev.corp.google.com	chromecache_150.1.dr	false		high
https://plus.google.com	chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://clients5.google.com/webstore/wall/widget	chromecache_150.1.dr	false		high
https://sandbox.google.com/tools/feedback/%	chromecache_166.1.dr	false		high
https://content-googleapis-staging.sandbox.google.com	chromecache_166.1.dr	false		high
https://support.google.com/drive/answer/7650301	chromecache_150.1.dr	false		high
https://play.google.com/work/embedded/search?usegapi=1&usegapi=1	chromecache_155.1.dr	false		high
https://drive.google.com/requestreview?id=	chromecache_150.1.dr	false		high
https://drive.google.com/drive/my-drive	chromecache_150.1.dr	false		high
https://fonts.google.com/license/googlerestricted	chromecache_147.1.dr	false		high
https://clients6.google.com	chromecache_166.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://accounts.google.com/o/oauth2/iframe	chromecache_182.1.dr, chromecache_155.1.dr	false		high
https://clients5.google.com	chromecache_150.1.dr	false		high
https://www.google.com/log?format=json&hasfast=true	chromecache_176.1.dr, chromecache_150.1.dr	false		high
https://console.developers.google.com/	chromecache_182.1.dr	false		high
https://signaler-pa.youtube.com	chromecache_150.1.dr	false		high
https://support.google.com/docs/answer/65129?hl=en-GB	chromecache_156.1.dr	false		high
https://support.google.com/inapp/%	chromecache_166.1.dr	false		high
https://accounts.google.com/o/oauth2/postmessageRelay	chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://drivemetadata.clients6.google.com	chromecache_150.1.dr	false		high
https://support.google.com/docs/answer/148505	chromecache_150.1.dr	false		high
https://support.google.com/	chromecache_166.1.dr, chromecache_150.1.dr	false		high
https://support.google.com/docs/answer/37603	chromecache_150.1.dr	false		high
https://www.google.com/shopping/customerreviews/badge?usegapi=1	chromecache_155.1.dr	false		high
https://csp.withgoogle.com/csp/lcreport/	chromecache_182.1.dr	false	URL Reputation: safe	unknown
https://drive.google.com/savetodrivebutton?usegapi=1	chromecache_155.1.dr	false		high
https://scone-pa.clients6.google.com	chromecache_166.1.dr	false		high
https://lh3.googleusercontent.com/a/default-user	chromecache_156.1.dr	false		high
https://accounts.google.com/o/oauth2/auth	chromecache_182.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	false		high
https://developers.google.com/api-client-library/javascript/reference/referencedocs	chromecache_182.1.dr	false		high
https://apis.google.com	chromecache_155.1.dr	false		high
https://domains.google.com/suggest/flow	chromecache_146.1.dr, chromecache_154.1.dr	false		high
https://apps-drive-picker-dev.corp.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://feedback2-test.corp.google.com/inapp/%	chromecache_166.1.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	chromecache_150.1.dr	false		high
https://signaler-pa.clients6.google.com	chromecache_150.1.dr	false		high
https://classroom.google.com/sharewidget?usegapi=1	chromecache_155.1.dr	false		high
https://support.google.com/docs/answer/65129	chromecache_156.1.dr	false		high
http://www.bohemiancoding.com/sketch	chromecache_163.1.dr, chromecache_177.1.dr	false	URL Reputation: safe	unknown
https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html	chromecache_182.1.dr	false		high
https://feedback2-test.corp.googleusercontent.com/inapp/%	chromecache_166.1.dr	false		high
https://drive.google.com/viewer	chromecache_150.1.dr	false		high
http://www.bohemiancoding.com/sketch/ns	chromecache_163.1.dr, chromecache_177.1.dr	false	URL Reputation: safe	unknown
https://www.google.cn/tools/feedback/%	chromecache_166.1.dr	false		high
https://www.google.com/tools/feedback/help_panel_binary.js	chromecache_166.1.dr	false		high
http://creativecommons.org/ns#	chromecache_163.1.dr, chromecache_177.1.dr	false		high
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_150.1.dr	false		high
https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1	chromecache_155.1.dr	false		high
https://test-scone-pa-googleapis.sandbox.google.com	chromecache_166.1.dr	false		high
https://support.google.com/docs?p=comments_guide	chromecache_156.1.dr	false		high
https://talkgadget.google.com/:session_prefix:talkgadget/_/widget	chromecache_155.1.dr	false		high
https://drive.google.com/picker/minpick/main	chromecache_150.1.dr	false		high
https://www.google.com/tools/feedback/%	chromecache_166.1.dr	false		high
https://families.google.com/webcreation?usegapi=1&usegapi=1	chromecache_155.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.215.238	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.203.100	www.google.com	United States	15169	GOOGLEUS	false
216.58.215.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.203.110	play.google.com	United States	15169	GOOGLEUS	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
172.217.168.78	plus.l.google.com	United States	15169	GOOGLEUS	false
172.217.168.14	drive.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	876168
Start date and time:	2023-05-26 11:51:24 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 42s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@29/40@14/9
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://drive.google.com/open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe
TCP Packets have been reduced to 100
Excluded IPs from analysis (whitelisted): 172.217.168.3, 34.104.35.123, 172.217.168.74, 142.250.203.99, 172.217.168.67, 142.250.203.106, 216.58.215.234, 172.217.168.10, 172.217.168.42
Excluded domains from analysis (whitelisted): fonts.googleapis.com, ssl.gstatic.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, content.googleapis.com, update.googleapis.com, clientservices.googleapis.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1530)
Category:	downloaded
Size (bytes):	114695
Entropy (8bit):	5.503626315759982
Encrypted:	false
SSDEEP:	3072:qpyvjFWER3DPbjh7f19c3cMGvMIoOZoYbgJ:UyT3DJmGvHoYbgJ
MD5:	74C0C2DCC8511894F3FCA6F0F98BFDA5
SHA1:	C3364A29B9380734073CEC8551F517C1BB173CEA
SHA-256:	5862AB09D5DB3D464EB0341AB9011DA490352223B6A02FB5F23216E15C092230
SHA-512:	87E99AB5C6A6E181FC8CA910C1F5A711D6A5AC8AF9F4A1A817F43A20B47DA31068FE70FEDD900E5DC8D5687ED324E4FED39931A8B6C5331FF25DFBE6A08898E2
Malicious:	false
Reputation:	low
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;.var ea,ia,ja,ka,la,qa,Aa;_.ca=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ea=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ia="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ja=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ka=ja(this);la=function(a,b){if(b)a:{var c=ka;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ia(c,a,{configurable:!0,writable:!0,value:b})}};.la("Symbol",function(a){if(a)return a;var b=function(f,h){this.OT=f;ia(this,"description",{configurable:!0,writable:!0,value:h})};b.p

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /js/googleapis.proxy.js?onload=startup HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.UjJbvPIecP0.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_flbzE3yQmWQ7n7N3yCQZtJt8-oA/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /viewer2/prod-03/archive?ck=drive&ds=APznzaasIqez7CAZvd1AzdJZuQm7sAdnJFT4Z0_CBcEG2R0grRTcX1ow_i5lRsOx8Pwjj7KZ-wouRSRinrMEdiAe5R_1DNYrcKb8QFVhEBPcz_cMH29r1n_hnU8oOGhog0cddqJ_jHVH7evVvIZJvgAKAiSLfhKf3JE8uTLEpLxqnh5T-lqQm3phfEU0Ruothy555pIaKxoXlj3onLbT8dfeR8MIbNRoeqVyzbpFWx9BV1ui0FpEE8OZ-xkCGDqoQUnrvFgQJ_pb8xuzUQH6t2HmKnwZpckBi2tOBcehcwGSMafk5Z1lyc6q2nEI1KibcVn4ZnldI005nJrb_LhYxOXFCFfAj75WifM8jhamuJ_hMbkTgG6wic4lD32CBifJkJJ4oKIE1hCY&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a-/AD_cMMSAfLQ3pvUn0ke3ZHFy0ZF-iRjAux4sy-U_uwY3=s64 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiSocsBCIurzAEI7bvMAQjMvMwBCLLBzAEIxcHMAQjWwcwBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uc?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph&export=download HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /open?id=1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_open HTTP/1.1Host: drive.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w
Source: global traffic	HTTP traffic detected: GET /js/googleapis.proxy.js?onload=startup HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://content.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7wIf-None-Match: "f0b6cd303d5059ac"
Source: global traffic	HTTP traffic detected: GET /viewer2/prod-03/archive?ck=drive&ds=APznzaZ4EnWmVlJt_JumJy33reBjJaVafEoqWavi_7pl0Gz0VsIk1PIJDEos8ZDf7dkGBiBsRZL_dKEfhJpvuv7cep5A0kCpuAGl6K6FyarLPhVXAO2p_uPsnnf_GkouiT__PKNuVQFJfh-dkxBGAIx6lOz5QJFQgv_CIlKD-GbFKhd-lm3U-RX_OPqqIPkYrxM6knd8S2_ux__co0pWYzcBB3CbRNT90t4XZkLgXiv4kl1FIo8cBA2HvnCw-K88ylE2fb9m3FqbaiMQtE0xKaLMJrumvGBM5MDWcQYleBYsJWziLdDpGZf96WCzoiPHZZohCOnfcfiJftbwY7I7jbeWq3_pwi6MsZQkXOM1g6u5Ns3FpZKEFsWWnelKaASry6bbENn-o3PW&authuser=0&page=0 HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.81", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.81"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "104.0.5112.81"sec-ch-ua-platform-version: "6.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CK61yQEIh7bJAQiltskBCMS2yQEIqZ3KAQiHh8sBCJKhywEIi6vMAQjtu8wBCMy8zAEIhL/MAQjxwMwBCJrBzAEIssHMAQjFwcwBCNbBzAEI2sTMAQjfxMwBCNfGzAEIgsjMAQidycwBCOPLzAE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://drive.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070; NID=511=Y4DiQqvU98_BGqYzY6tChxbLK5O6sD8wiyFiXin36jfBSkYOPOuR_FHShP-PxAOs_lcnVabOJ9FRch427VcKJK96v4TQeableItqQbKki4k1rOrkPItXaZsBs2iW5E5xJUNRxzhi86-iPo-XkoUZo7NT4vyu1s6QAg9E8ERPz7w

Source: chromecache_155.1.dr	String found in binary or memory: disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}, equals www.youtube.com (Youtube)
Source: chromecache_150.1.dr	String found in binary or memory: var C$a=function(a){return sh(function(){return RF(a,B$a,GKa)},function(b,c){(void 0===c\|\|500>c)&&b.cancel()},function(b,c){(void 0===c\|\|500>c)&&b.cancel()}).then()},D$a=function(a,b){b.then(function(){a.za=2;for(var c=p(a.C),d=c.next();!d.done;d=c.next())d.value.Vb.resolve();a.C.splice(0,a.C.length)},function(){var c=a.C.shift();c?(D$a(a,c.promise),c.Vb.resolve()):a.za=0})};var E$a=function(a){A.call(this);this.D=a;a=J(this.D);var b=I(a,zF,48)\|\|new zF;this.C=new Ei(H(b,6,"AIzaSyDVQw45DwoYh632gvsP5vPDqEKvb-Ywnb8"),jj(a)\|\|"0",H(b,7,"https://workspacevideo-pa.googleapis.com"),void 0,!0,void 0,!0,void 0,void 0);this.C.init();this.ia(this.C)};Q(E$a,A);var MN=function(a){xJ.call(this,a.ca());this.O=a};Q(MN,xJ);MN.prototype.D=function(){return"onYouTubeIframeAPIReady"};MN.prototype.J=function(){var a=I(J(this.O),zF,48)\|\|new zF;return Tr(H(a,1,"https://www.youtube.com"),"iframe_api")};MN.prototype.C=function(){return Tk("YT.Player",Ui(this.ca()))};var F$a=function(a,b){EN.call(this,a,b)};Q(F$a,EN);h=F$a.prototype;h.Zj=function(){return 0};h.isPlayable=function(){return!0};h.vj=function(){if(this.Oc){var a=oia(Kc(this.Oc));a=this.Oc[a]}return a\|\|H(this.C,3,"")\|\|window.location.protocol+"//i.ytimg.com/vi/"+this.eo()+"/mqdefault.jpg"};h.eo=function(){return aj(this.uri,"v")}; equals www.youtube.com (Youtube)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: chromecache_163.1.dr, chromecache_177.1.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_182.1.dr, chromecache_150.1.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: chromecache_150.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_163.1.dr, chromecache_177.1.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: chromecache_163.1.dr, chromecache_177.1.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch/ns
Source: chromecache_176.1.dr, chromecache_150.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_182.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_182.1.dr, chromecache_155.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_155.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_156.1.dr, chromecache_150.1.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_166.1.dr, chromecache_150.1.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: chromecache_155.1.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js
Source: chromecache_171.1.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: chromecache_150.1.dr	String found in binary or memory: https://apps-drive-picker-dev.corp.google.com/picker/minpick/main
Source: chromecache_155.1.dr	String found in binary or memory: https://classroom.google.com/sharewidget?usegapi=1
Source: chromecache_155.1.dr	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1
Source: chromecache_150.1.dr	String found in binary or memory: https://clients5.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://clients5.google.com/webstore/wall/widget
Source: chromecache_166.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_182.1.dr	String found in binary or memory: https://console.developers.google.com/
Source: chromecache_166.1.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: chromecache_166.1.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: chromecache_146.1.dr, chromecache_182.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_182.1.dr, chromecache_150.1.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: chromecache_182.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_155.1.dr	String found in binary or memory: https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1
Source: chromecache_182.1.dr	String found in binary or memory: https://developers.google.com/
Source: chromecache_182.1.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: chromecache_182.1.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/gis-migration)
Source: chromecache_182.1.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: chromecache_150.1.dr	String found in binary or memory: https://docs.google.com/picker
Source: chromecache_146.1.dr, chromecache_154.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_150.1.dr	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/
Source: chromecache_150.1.dr	String found in binary or memory: https://drive.google.com/drive/my-drive
Source: chromecache_150.1.dr	String found in binary or memory: https://drive.google.com/picker/minpick/main
Source: chromecache_150.1.dr	String found in binary or memory: https://drive.google.com/requestreview?id=
Source: chromecache_155.1.dr	String found in binary or memory: https://drive.google.com/savetodrivebutton?usegapi=1
Source: chromecache_150.1.dr	String found in binary or memory: https://drive.google.com/viewer
Source: chromecache_150.1.dr	String found in binary or memory: https://drivemetadata.clients6.google.com
Source: chromecache_155.1.dr	String found in binary or memory: https://families.google.com/webcreation?usegapi=1&usegapi=1
Source: chromecache_166.1.dr	String found in binary or memory: https://feedback2-test.corp.google.com/inapp/%
Source: chromecache_166.1.dr	String found in binary or memory: https://feedback2-test.corp.google.com/tools/feedback/%
Source: chromecache_166.1.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/inapp/%
Source: chromecache_166.1.dr	String found in binary or memory: https://feedback2-test.corp.googleusercontent.com/tools/feedback/%
Source: chromecache_147.1.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_156.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/e/notoemoji/
Source: chromecache_147.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_150.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialiconsfilled/close/v19/gm_grey200-24dp/1x/gm_filled_close
Source: chromecache_166.1.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/
Source: chromecache_166.1.dr	String found in binary or memory: https://gstatic.com/uservoice/surveys/resources/%
Source: chromecache_156.1.dr	String found in binary or memory: https://lh3.googleusercontent.com/a/default-user
Source: chromecache_150.1.dr	String found in binary or memory: https://onepick-autopush.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.dr	String found in binary or memory: https://onepick-preprod.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.dr	String found in binary or memory: https://onepick-staging-drivequal.sandbox.google.com/picker/minpick/main
Source: chromecache_150.1.dr	String found in binary or memory: https://onepick-staging.sandbox.google.com/picker/minpick/main
Source: chromecache_155.1.dr	String found in binary or memory: https://pay.google.com/gp/v/widget/save
Source: chromecache_150.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_155.1.dr	String found in binary or memory: https://play.google.com/work/embedded/search?usegapi=1&usegapi=1
Source: chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_150.1.dr	String found in binary or memory: https://punctual-dev.corp.google.com
Source: chromecache_166.1.dr	String found in binary or memory: https://sandbox.google.com/inapp/%
Source: chromecache_166.1.dr	String found in binary or memory: https://sandbox.google.com/tools/feedback/%
Source: chromecache_166.1.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://signaler-pa.clients6.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://signaler-pa.googleapis.com
Source: chromecache_150.1.dr	String found in binary or memory: https://signaler-pa.youtube.com
Source: chromecache_150.1.dr	String found in binary or memory: https://signaler-staging.sandbox.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://ssl.gstatic.com/docs/common/cleardot.gif
Source: chromecache_150.1.dr	String found in binary or memory: https://ssl.gstatic.com/docs/doclist/images/icon_10_generic_list.png
Source: chromecache_182.1.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: chromecache_166.1.dr	String found in binary or memory: https://ssl.gstatic.com/guidedhelp/runtime/guide_inproduct.js
Source: chromecache_166.1.dr	String found in binary or memory: https://ssl.gstatic.com/guidedhelp/runtime_staging/guided_help.js
Source: chromecache_155.1.dr	String found in binary or memory: https://ssl.gstatic.com/microscope/embed/
Source: chromecache_166.1.dr, chromecache_150.1.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/docs/answer/37603
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/docs/answer/49114
Source: chromecache_156.1.dr	String found in binary or memory: https://support.google.com/docs/answer/65129
Source: chromecache_156.1.dr	String found in binary or memory: https://support.google.com/docs/answer/65129?hl=en-GB
Source: chromecache_156.1.dr	String found in binary or memory: https://support.google.com/docs?p=comments_guide
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/drive/answer/2407404?hl=en
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/drive/answer/2423485?hl=%s
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/drive/answer/2423694
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/drive/answer/7650301
Source: chromecache_150.1.dr	String found in binary or memory: https://support.google.com/google-workspace-individual/?p=esignature_signer_terms
Source: chromecache_166.1.dr	String found in binary or memory: https://support.google.com/inapp/%
Source: chromecache_155.1.dr	String found in binary or memory: https://talkgadget.google.com/:session_prefix:talkgadget/_/widget
Source: chromecache_166.1.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: chromecache_150.1.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_150.1.dr	String found in binary or memory: https://workspace.google.com
Source: chromecache_146.1.dr, chromecache_154.1.dr, chromecache_155.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_150.1.dr	String found in binary or memory: https://workspacevideo-pa.googleapis.com
Source: chromecache_166.1.dr	String found in binary or memory: https://www.google.cn/tools/feedback/%
Source: chromecache_176.1.dr, chromecache_150.1.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_150.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true
Source: chromecache_155.1.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/badge?usegapi=1
Source: chromecache_155.1.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/optin?usegapi=1
Source: chromecache_166.1.dr, chromecache_150.1.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_166.1.dr	String found in binary or memory: https://www.google.com/tools/feedback/%
Source: chromecache_166.1.dr	String found in binary or memory: https://www.google.com/tools/feedback/help_panel_binary.js
Source: chromecache_182.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: chromecache_154.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_154.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_176.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_176.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: chromecache_176.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_155.1.dr	String found in binary or memory: https://www.gstatic.com/partners/badge/templates/badge.html?usegapi=1
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_email_address_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/change_name_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_copy_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/content_cut_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/email_copy_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/info_outline_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/phone_copy_grey300.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/dark_theme/visibility_off_grey200.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_email_address_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/change_name_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_copy_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/content_cut_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/domain_disabled_grey900.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/email_copy_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/info_outline_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/phone_copy_grey700.svg
Source: chromecache_156.1.dr	String found in binary or memory: https://www.gstatic.com/people/peoplekit/icons/light_theme/visibility_off_grey700.svg
Source: chromecache_150.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_166.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/
Source: chromecache_166.1.dr	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/%
Source: chromecache_150.1.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_155.1.dr	String found in binary or memory: https://www.youtube.com/subscribe_embed?usegapi=1

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 26, 2023 11:52:17.817081928 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:17.817167997 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:17.817317963 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:17.817409039 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:17.817461014 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:17.817568064 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:17.817940950 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:17.817984104 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:17.818413973 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:17.818465948 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:17.911799908 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:17.913811922 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:17.913855076 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:17.915894985 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:17.915971994 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:17.925100088 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:17.926182032 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:17.926264048 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:17.927247047 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:17.927382946 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:17.928548098 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:17.928652048 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:18.214133978 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:18.214572906 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:18.214643955 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:18.214972019 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:18.215132952 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:18.215152025 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:18.215281963 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:18.252743959 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:18.252851963 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:18.252871990 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:18.253019094 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:18.253084898 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:18.253606081 CEST	49709	443	192.168.2.6	216.58.215.238
May 26, 2023 11:52:18.253638029 CEST	443	49709	216.58.215.238	192.168.2.6
May 26, 2023 11:52:18.260288000 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:18.266479969 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:18.266510010 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:18.295067072 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:18.295207024 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:18.295254946 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:18.295407057 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:18.295475960 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:18.328648090 CEST	49710	443	192.168.2.6	172.217.168.45
May 26, 2023 11:52:18.328706026 CEST	443	49710	172.217.168.45	192.168.2.6
May 26, 2023 11:52:19.432224989 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.432301998 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.432404041 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.432882071 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.432924032 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.433784962 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.433852911 CEST	443	49713	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.433934927 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.434542894 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.434583902 CEST	443	49713	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.496968985 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.497133017 CEST	443	49713	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.497395039 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.497459888 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.497546911 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.497606993 CEST	443	49713	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.498070002 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.498178959 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.498322010 CEST	443	49713	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.498429060 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.499126911 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.499233007 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.499385118 CEST	443	49713	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.499453068 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.509076118 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.509421110 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.509430885 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.509545088 CEST	443	49713	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.510083914 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.510127068 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.549348116 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.549388885 CEST	443	49713	172.217.168.14	192.168.2.6
May 26, 2023 11:52:19.589385986 CEST	49713	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:19.635334015 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:20.206237078 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.206473112 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.206558943 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:20.206630945 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.206825972 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.206908941 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:20.206924915 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.206944942 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.207003117 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:20.207571983 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.208590031 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.208647013 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.208692074 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:20.208719015 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.208776951 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:20.209647894 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.210673094 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.210728884 CEST	443	49712	172.217.168.14	192.168.2.6
May 26, 2023 11:52:20.210756063 CEST	49712	443	192.168.2.6	172.217.168.14
May 26, 2023 11:52:20.210772038 CEST	443	49712	172.217.168.14	192.168.2.6

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 26, 2023 11:52:17.776421070 CEST	62910	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:17.777230024 CEST	63863	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:17.799540997 CEST	53	62910	8.8.8.8	192.168.2.6
May 26, 2023 11:52:17.805440903 CEST	53	63863	8.8.8.8	192.168.2.6
May 26, 2023 11:52:19.328315020 CEST	54903	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:19.370168924 CEST	53	54903	8.8.8.8	192.168.2.6
May 26, 2023 11:52:20.704629898 CEST	53943	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:20.732867956 CEST	53	53943	8.8.8.8	192.168.2.6
May 26, 2023 11:52:20.965207100 CEST	56086	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:20.980113029 CEST	53	56086	8.8.8.8	192.168.2.6
May 26, 2023 11:52:21.499419928 CEST	62520	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:21.532278061 CEST	53	62520	8.8.8.8	192.168.2.6
May 26, 2023 11:52:21.662101984 CEST	55629	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:21.685375929 CEST	53	55629	8.8.8.8	192.168.2.6
May 26, 2023 11:52:21.696335077 CEST	52079	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:21.719547987 CEST	53	52079	8.8.8.8	192.168.2.6
May 26, 2023 11:52:45.333854914 CEST	55956	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:45.353858948 CEST	53	55956	8.8.8.8	192.168.2.6
May 26, 2023 11:52:46.886775017 CEST	61089	53	192.168.2.6	8.8.8.8
May 26, 2023 11:52:46.906850100 CEST	53	61089	8.8.8.8	192.168.2.6
May 26, 2023 11:53:21.308495998 CEST	51362	53	192.168.2.6	8.8.8.8
May 26, 2023 11:53:21.336286068 CEST	53	51362	8.8.8.8	192.168.2.6
May 26, 2023 11:53:21.727843046 CEST	59965	53	192.168.2.6	8.8.8.8
May 26, 2023 11:53:21.742500067 CEST	53	59965	8.8.8.8	192.168.2.6
May 26, 2023 11:54:21.787348986 CEST	57054	53	192.168.2.6	8.8.8.8
May 26, 2023 11:54:21.802145958 CEST	53	57054	8.8.8.8	192.168.2.6
May 26, 2023 11:54:21.805433035 CEST	64638	53	192.168.2.6	8.8.8.8
May 26, 2023 11:54:21.828772068 CEST	53	64638	8.8.8.8	192.168.2.6

Target ID:	0
Start time:	11:52:15
Start date:	26/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff6f9750000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	1
Start time:	11:52:16
Start date:	26/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,4096288064433636703,17727572675558076264,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6f9750000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	2
Start time:	11:52:18
Start date:	26/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web
Imagebase:	0x7ff6f9750000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	13175
Entropy (8bit):	5.592164369000966
Encrypted:	false
SSDEEP:	192:o9XnWVG9yf1HwiqWzHk9s8JV5a101cbiNJzc29euvVf47G1OViTvzOr:CO5LMxjxbfvtk
MD5:	057322E1547A7C64ACE48E17502DD9B7
SHA1:	A3DC7D3745978E3421347E46223BBA9C2B513115
SHA-256:	3D7644E531AF0ACFA2E8A51057464362F2144E4A0742409CCEA03799E7016AB8
SHA-512:	2A0B56AB56AD03CFDD7D10AB67FABEE1CB584723A11C36D5EDA1B30832AE2DA1399EF8CBFCEC86076B60EFAC43EFAA286CDF6B61D90B245A03F31993F574520D
Malicious:	false
Reputation:	low
URL:	"https://fonts.googleapis.com/css?family=Google+Sans_old:300,400,500,700"
Preview:	/. See: https://fonts.google.com/license/googlerestricted. /./ armenian /.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPiIUvaYr.woff2) format('woff2');. unicode-range: U+0308, U+0530-058F, U+2010, U+2024, U+25CC, U+FB13-FB17;.}./ cyrillic /.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ devanagari */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjMUvaYr.woff2) format('woff2');. unicode-range: U+0900-097F, U+1CD0-1CF9, U+200C-200

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (585)
Category:	downloaded
Size (bytes):	1357470
Entropy (8bit):	5.571831016968806
Encrypted:	false
SSDEEP:	12288:MX0Av3U/CxM4IVs6GdENhFi2c1Sn7307N7Yb7Jbkbwt7FY:jA24As6GaNXi2c1I307N7YbNQkI
MD5:	0289DA937E282A20FF8EA61574917C4A
SHA1:	7467F7093BE9E29142AF3A6D06F518EB3F586FE8
SHA-256:	1F183975B70B6BBF53ECC3B2400F266A0C41EE0B2D579EA1A5A88D9CE96F529F
SHA-512:	EFBCE5EACD1012E0DA35FCF4868B35802950F7C69661C54FCB4458A2869855A14D019B47A64B56BC41BAAC0725DC044132D8F7B419703F3262A30FF23A5056D2
Malicious:	false
Reputation:	low
URL:	"https://www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.en_GB.9qdjxbpIjH4.O/am=AAAC/d=1/rs=AO0039tRi3xSxgh5nYQ8l2yLn0fJCJAQgg/m=v,wb"
Preview:	try{./.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2011 Google LLC.. SPDX-License-Identifier: Apache-2.0././... Copyright (c) 2015-2018 Google, Inc., Netflix, Inc., Microsoft Corp. and contributors.. Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. See the License for the specific language governing permissions and. limitations under the License.././. SPDX-License-Identifier: Apache-2.0 /./. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././*.. SPDX-Li

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1594
Entropy (8bit):	7.862952554761723
Encrypted:	false
SSDEEP:	24:M5DhErRsW6OTfolVFt/qRyFQCB0RxgawoIqH4B36zPiX9/YhtdHft7:M5dIWGbofFBq+GR2eITI6sf9
MD5:	C66F20F2E39EB2F6A0A4CDBE0D955E5F
SHA1:	575EF086CE461E0EF83662E3ACB3C1A789EBB0A8
SHA-256:	2AB9CD0FFDDDF7BF060620AE328FE626BFA2C004739ADEDB74EC894FAF9BEE31
SHA-512:	B9C44A2113FB078D83E968DC0AF2E78995BB6DD4CA25ABFF31E9AB180849C5DE3036B69931CCA295AC64155D5B168B634E35B7699F3FE65D4A30E9058A2639BD
Malicious:	false
Reputation:	low
URL:	https://ssl.gstatic.com/docs/doclist/images/drive_2022q3_32dp.png
Preview:	.PNG........IHDR... ... .....szz.....IDATX.WkLSg.....65..A-f....lOk..."2..f[T...9.3q.q.....CnaKX.4.A/\D.l....m1qY....~ik+..F.i..;.A..,.<.NN......~..B..1.f..V....7....?.R..<.r3./...d.....A..h....S.......W^...`...0.......?_M...L.....`M.V.muG.$.e.J+.~Y........B.g?aF.+..M1..[.1. .?2O ...n.y.......XuQ.H. ...A.....+.....b..D..D.y......E.....M o4....R.w..b;`...R..#.\.t.%..]..[....%X<.L.Eo5Umm?..F.Oa1...W`uU:..L<..k..C....7a..1../QD3..U.D.l.T.5H......4...v......=t.."D?b.Pr.~....d#.Q.R.......)9'F/B. ....U.k'...p.!..J...O4.J.)G./"9.6.)@....4.h.(B2I.fB...AD.........7eK.%.O$gP.v.... y.t"9.E...h[...z{.C..[....7.......4......-....X......tJ...a.y....o<P..."..H\MI(Y....Y..A.,.D.$6B..`.Y..B......y..q.m..ci..,F.w......^h&.t...Y.]/......H...d<..cl.c...6N4..8FI....h%.[&u....cd.L.\|...M......."n...&.....d.'t:...c5..{~/7E.(`.`...>V7.RXS.k%..9...l....eRm...%..i...~.@.B..?.".../.v.0.@.c{.(.^w.=....:t=.>........V..}P..`...}.!u..k...p.ye...6.'..,.....Y..........

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, software=Google], baseline, precision 8, 64x64, components 3
Category:	dropped
Size (bytes):	3652
Entropy (8bit):	7.6849645750973625
Encrypted:	false
SSDEEP:	48:02E4knNrH7uhTnFUF7P2gqTrYUHKcdJ/eXBDQT5fL0HJN5Hs5ivlkuKRyFl:3knNTahRK7PLqT8UH3KBD45f6vDlkuZ
MD5:	2C5D279433276B451E100C464D4A10A3
SHA1:	90BBC2F1FCF5407EFE7561E9937F7D6F16C26DD7
SHA-256:	18B09260BEA886FF56F294EFF842E2DB3F3B8ED4A5562FD97C78C16F555E000B
SHA-512:	7F60B8330E20CFCB0B3471497AD14BF7AFEDDA649B621C53F00630A737ADF21360E29916EF28DD981E0674B4DF1493962B1CDB7DCBF509CB5D167F81D6CD54AC
Malicious:	false
Reputation:	low
Preview:	......JFIF..............Exif..II*.......1.......>...;.......E.......!...L...i.......n.......Google.Corbis.. Corbis. All Rights Reserved.............0220......................................R98.........0100......._http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.5.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmp:CreatorTool="Google"> <dc:rights> <rdf:Alt> <rdf:li xml:lang="x-default">. Corbis. All Rights Reserved.</rdf:li> </rdf:Alt> </dc:rights> <dc:creator> <rdf:Seq> <rdf:li>Corbis</rdf:li> </rdf:Seq> </dc:creator> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>............................................................................................................................................@.@....................................

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Windows Analysis Report
https://drive.google.com/file/d/1Aau7Aza1Kdf_IYLUiT_3CLuLEAY5qdph/view?usp=drive_web