Windows Analysis Report
https://docs.google.com/document/d/1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY/edit?usp=drive_web

Overview

General Information

Sample URL:	https://docs.google.com/document/d/1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY/edit?usp=drive_web
Analysis ID:	1466953

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Signatures

Source: about:blank	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdocs.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY%26foreignService%3Dkix%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdocs.google.com&followup=https%3A%2F%2Fdocs.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY%26foreignService%3Dkix%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdocs.google.com&ifkv=AS5LTAT9OSTr1K2SFKqYV4bRv_7CoXPZlqaefhdOBWPGPGzX2jSeW7O3hW7sA5z87HbUgGv-CVBu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2131616601%3A1720014121049645&ddm=0	HTTP Parser: No favicon
Source: https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdocs.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.iZZZ0XsR8bM.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo_0-97nH_2IxP0suYF105-PdJv4zg%2Fm%3D__features__#id=I__HC_94253229&_gfid=I__HC_94253229&parent=https%3A%2F%2Fdocs.google.com&pfname=&rpctoken=27278022	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.google.apps.document	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:64403 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: 0.docs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: peoplestack-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: contacts.google.com
Source: global traffic	DNS traffic detected: DNS query: drive-thirdparty.googleusercontent.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 64427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 64404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64341
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 64433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 64324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 64387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 64347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64418
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64411
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64410
Source: unknown	Network traffic detected: HTTP traffic on port 64432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64413
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64412
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 64426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64428
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64427
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64309
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64429
Source: unknown	Network traffic detected: HTTP traffic on port 64383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64426
Source: unknown	Network traffic detected: HTTP traffic on port 64437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 64425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64440
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64439
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64431
Source: unknown	Network traffic detected: HTTP traffic on port 64419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64430
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64433
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64434
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64437
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64436
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 64388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64330
Source: unknown	Network traffic detected: HTTP traffic on port 64420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64323
Source: unknown	Network traffic detected: HTTP traffic on port 64431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 64309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 64391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 64430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64406
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64408
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64400
Source: unknown	Network traffic detected: HTTP traffic on port 64418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64402
Source: unknown	Network traffic detected: HTTP traffic on port 64435 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64403
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64383
Source: unknown	Network traffic detected: HTTP traffic on port 64395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64384
Source: unknown	Network traffic detected: HTTP traffic on port 64400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64390
Source: unknown	Network traffic detected: HTTP traffic on port 64390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64391
Source: unknown	Network traffic detected: HTTP traffic on port 64405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64395
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64388
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64399
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64439 -> 443

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:64403 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@21/6@30/311

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docs.google.com/document/d/1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY/edit?usp=drive_web
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1900,i,16476396906441445237,14064749331699639617,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1900,i,16476396906441445237,14064749331699639617,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.46	play.google.com	United States	15169	GOOGLEUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
142.250.185.206	unknown	United States	15169	GOOGLEUS	false
172.217.18.14	unknown	United States	15169	GOOGLEUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
142.250.181.234	unknown	United States	15169	GOOGLEUS	false
216.58.206.36	unknown	United States	15169	GOOGLEUS	false
0.0.0.0	unknown	unknown	unknown	unknown	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
172.217.18.110	unknown	United States	15169	GOOGLEUS	false
142.250.186.138	unknown	United States	15169	GOOGLEUS	false
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
74.125.133.189	browserchannel-sites.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
142.250.185.110	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.238	docs.google.com	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
142.250.184.238	unknown	United States	15169	GOOGLEUS	false
172.217.16.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.184.234	peoplestack-pa.clients6.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.6
192.168.2.5

Contacted Domains

Name	IP	Active
docs.google.com	142.250.185.238	true
play.google.com	142.250.186.46	true
browserchannel-sites.l.google.com	74.125.133.189	true
plus.l.google.com	142.250.185.110	true
www.google.com	142.250.186.100	true
peoplestack-pa.clients6.google.com	142.250.184.234	true
googlehosted.l.googleusercontent.com	172.217.16.193	true
contacts.google.com	unknown	unknown
drive-thirdparty.googleusercontent.com	unknown	unknown
apis.google.com	unknown	unknown
0.docs.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://docs.google.com/document/d/1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY/edit	false		unknown
about:blank	false	Avira URL Cloud: safe	unknown
https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.google.apps.document	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:41:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F8567E361330FC9DD997385CA5052E56	9932B2A376C5BFF27F37CC463592DA8C3897C733	E258EE7012632F88499336A9A5C5B22B9D1816A1DC4050752F00707EEBDDA02C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:41:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	249730EEE8A6983A7BEF0B3EDF0D902E	6F72DA13684892E21BD502CE11745A68C5D5B8BD	9F9B6B46846001398F8ABC3239D8093D7151FD8286F8CD0F6912C24432369941
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2A65E0EE192A80BB875D98C54F89A7A8	0AB885FF7D009EDBF004523E83458B1015EF6419	0CD382B05BDD6BC47B47D87BED2757AC0A0B9182DB05384FC6FAC3AA342D6959
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:41:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2420CD3D5F9A84A3F3A50971E9323882	B2C21A7722529732A2192C3EC9D254610C9FAAD5	D90C27212D653ED1F5EE009062B85A6E03D4E2AD3DCCCD15389185099555D2B0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:41:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A807441ADFC5C5CE9161B1610098DD53	48483A9E25482C450C45341E8673964EFBCAEABE	1FAD2107AC54FE62F4545FA918306FBDF95F3BB300905BE091762B3B4868C28E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:41:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	908457A4DCCA92EAA1938D366CBB0992	EECBEF4F567454C3E19592256C363A00E80B631F	C27B5208426963AA25E30D9CDFC48B719989AE1E6EDC0927A029CB005F6EC286

Source: about:blank	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdocs.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY%26foreignService%3Dkix%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdocs.google.com&followup=https%3A%2F%2Fdocs.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY%26foreignService%3Dkix%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdocs.google.com&ifkv=AS5LTAT9OSTr1K2SFKqYV4bRv_7CoXPZlqaefhdOBWPGPGzX2jSeW7O3hW7sA5z87HbUgGv-CVBu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2131616601%3A1720014121049645&ddm=0	HTTP Parser: No favicon
Source: https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdocs.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.iZZZ0XsR8bM.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo_0-97nH_2IxP0suYF105-PdJv4zg%2Fm%3D__features__#id=I__HC_94253229&_gfid=I__HC_94253229&parent=https%3A%2F%2Fdocs.google.com&pfname=&rpctoken=27278022	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.google.apps.document	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:64403 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64297 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: 0.docs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: peoplestack-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: contacts.google.com
Source: global traffic	DNS traffic detected: DNS query: drive-thirdparty.googleusercontent.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 64427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 64404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64341
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 64433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 64324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 64387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 64347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64418
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64411
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64410
Source: unknown	Network traffic detected: HTTP traffic on port 64432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64413
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64412
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 64426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64428
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64427
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64309
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64429
Source: unknown	Network traffic detected: HTTP traffic on port 64383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64426
Source: unknown	Network traffic detected: HTTP traffic on port 64437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 64425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64440
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64439
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64431
Source: unknown	Network traffic detected: HTTP traffic on port 64419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64430
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64433
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64434
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64437
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64436
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 64388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64330
Source: unknown	Network traffic detected: HTTP traffic on port 64420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64323
Source: unknown	Network traffic detected: HTTP traffic on port 64431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 64309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 64391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 64430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64406
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64408
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64400
Source: unknown	Network traffic detected: HTTP traffic on port 64418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64402
Source: unknown	Network traffic detected: HTTP traffic on port 64435 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64403
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64383
Source: unknown	Network traffic detected: HTTP traffic on port 64395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64384
Source: unknown	Network traffic detected: HTTP traffic on port 64400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64390
Source: unknown	Network traffic detected: HTTP traffic on port 64390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64391
Source: unknown	Network traffic detected: HTTP traffic on port 64405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64395
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64388
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64399
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64439 -> 443

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:64403 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@21/6@30/311

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docs.google.com/document/d/1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY/edit?usp=drive_web
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1900,i,16476396906441445237,14064749331699639617,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1900,i,16476396906441445237,14064749331699639617,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1466953
Product:	CloudBasic
Start time:	15:41:18
Start date:	03.07.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://docs.google.com/document/d/1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY/edit?usp=drive_web

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://docs.google.com/document/d/1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY/edit?usp=drive_web

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://docs.google.com/document/d/1p8SENy-tlVtypLtVr0gj3nPar_5wwdvl8BAmaf8r6VY/edit?usp=drive_web