Windows Analysis Report
http://scbqroup.com/hhwtaobppbduaxet?login

Overview

General Information

Sample URL: http://scbqroup.com/hhwtaobppbduaxet?login
Analysis ID: 1487408
Infos:

Detection

Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Phishing site detected (based on favicon image match)
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML title does not match URL
Invalid T&C link found
None HTTPS page querying sensitive user data (password, username or email)
Stores files to the Windows start menu directory

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: http://scbqroup.com/hhwtaobppbduaxet?login Avira URL Cloud: detection malicious, Label: phishing
Source: http://scbqroup.com/hhwtaobppbduaxet?login SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: http://scbqroup.com/js/analyse.js Avira URL Cloud: Label: phishing
Source: https://scbqroup.com/obfuscate?path=js/analyse.js Avira URL Cloud: Label: phishing
Source: http://scbqroup.com/js/timeme.min.js Avira URL Cloud: Label: phishing
Source: http://scbqroup.com/public/campaign/36/39/11/static/0.jpg Avira URL Cloud: Label: phishing
Source: https://scbqroup.com/obfuscate?path=js/timeme.min.js Avira URL Cloud: Label: phishing
Multi AV Scanner detection for domain / URL
Source: scbqroup.com Virustotal: Detection: 14% Perma Link
Multi AV Scanner detection for submitted file
Source: http://scbqroup.com/hhwtaobppbduaxet?login Virustotal: Detection: 20% Perma Link

Phishing
barindex
AI detected phishing page
Source: http://scbqroup.com/hhwtaobppbduaxet?login LLM: Score: 8 Reasons: The domain'scbqroup.com' appears to be a misspelling of'scbgroup.com', which raises suspicion. The design and content seem professional, but the domain discrepancy is concerning. Further investigation into the legitimacy of the domain and the site's security measures is advised. The brand name does not match the legitimate domain associated with the identified brand, and the URL contains a suspicious misspelling. These factors increase the likelihood of the site being a phishing attempt. However, the design and content are professional, which makes it less likely to be a completely fake site. Therefore, the phishing score is 8 out of 10, indicating a high likelihood of being a phishing site, but not a completely fake site. DOM: 0.0.pages.csv
Phishing site detected (based on favicon image match)
Source: http://scbqroup.com Matcher: Template: microsoft matched with high similarity
Source: http://scbqroup.com/hhwtaobppbduaxet?login Matcher: Template: microsoft matched with high similarity
Phishing site detected (based on image similarity)
Source: http://scbqroup.com/hhwtaobppbduaxet?login Matcher: Found strong image similarity, brand: MICROSOFT
HTML body contains low number of good links
Source: http://scbqroup.com/hhwtaobppbduaxet?login HTTP Parser: Number of links: 0
HTML title does not match URL
Source: http://scbqroup.com/hhwtaobppbduaxet?login HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Invalid T&C link found
Source: http://scbqroup.com/hhwtaobppbduaxet?login HTTP Parser: Invalid link: Terms of use
Source: http://scbqroup.com/hhwtaobppbduaxet?login HTTP Parser: Invalid link: Privacy & cookies
None HTTPS page querying sensitive user data (password, username or email)
Source: http://scbqroup.com/hhwtaobppbduaxet?login HTTP Parser: Has password / email / username input fields
Source: http://scbqroup.com/hhwtaobppbduaxet?login HTTP Parser: <input type="password" .../> found
Source: http://scbqroup.com/hhwtaobppbduaxet?login HTTP Parser: No <meta name="author".. found
Source: http://scbqroup.com/hhwtaobppbduaxet?login HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 03 Aug 2024 22:46:21 GMTServer: LucyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=dicn73j1oac8jerbli809qnrp6; path=/; secure; HttpOnlySet-Cookie: link=hhwtaobppbduaxet; expires=Mon, 02-Sep-2024 22:46:21 GMT; Max-Age=2592000; path=/Upgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: *Access-Control-Allow-Headers: *Content-Length: 1578Keep-Alive: timeout=5, max=100Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 57 dd 6e db 36 14 be 6e 80 be 03 cb a1 89 03 44 56 9c 74 3f 8d 7f 82 36 cd d0 01 69 17 2c e9 45 af 02 5a 3a 92 58 53 a4 40 52 76 bc a2 d7 7b 8e bd cb f6 5e 3b 87 92 62 3b 4d d2 75 9d 61 d8 d4 e1 39 1f cf ff a1 46 4f 5e fd 7a 72 f9 fe fc 94 15 be 54 93 c7 5b a3 9b 7f 10 e9 64 e4 12 2b 2b cf 9c 4d c6 3c fe e0 62 98 83 f6 ae ff c1 f1 c9 28 6e 36 91 f9 d1 c8 4b af 60 72 21 73 cd a4 66 de b0 a5 a9 2d 7b 23 13 6b 9c c9 3c 13 49 62 6a ed 47 71 c3 48 22 4a ea 19 2b 2c 64 88 5c d5 53 25 93 38 11 65 25 10 23 3e fc 21 3e 7c 1e 0f 06 b1 f3 c2 e3 86 f3 4b 05 fd c4 39 ce 2c a8 31 0f cf ae 00 f0 9c f9 65 05 63 ee e1 da c7 81 21 fe 6a f4 4c cc 65 62 74 1f 7f 3a fc c2 58 9f d4 9e 11 bd 81 1c c5 c1 23 b8 98 9a 74 c9 52 e1 45 94 db 08 8f 8d a4 46 20 a5 20 1d 73 de 6c 68 58 d0 66 12 b9 28 29 20 99 45 ca 88 94 f6 07 cf fa 83 c1 8f 87 fd 7d 4e 48 a9 9c b3 44 09 e7 c6 dc d4 1e ec 6d 62 29 d3 54 c1 6d aa d4 9a 58 47 b2 cc 59 01 32 2f fc 98 1f ee f3 36 48 f7 1a ab 4c 6e ae 50 d1 d4 27 c2 49 6d ae a6 a8 92 ee 57 3a 47 51 f2 e7 98 2f 64 ea 8b 23 76 f0 fd 7e 75 3d 6c b1 8f d8 21 3d 71 16 36 c7 1c 37 5b 87 ac a9 14 a2 ca 99 4c bb 65 48 85 6d 3d 75 d5 50 ea 51 8c ac 28 81 32 99 b1 25 26 83 97 46 8f f9 31 aa 24 d1 bd 2d 48 78 8a 88 a3 41 b2 e0 28 be 25 f8 c2 e0 63 65 1c 3e 69 51 c2 06 eb 2d 4d 30 5e 1e 53 94 dc a3 2b 0c a0 a8 bd 49 4c 59 29 f0 28 07 a5 90 8a af 1c 49 1c b5 03 4b a8 cd a1 ad 4a a5 b8 56 a0 73 32 78 70 f0 d3 c6 b1 9c 55 4a 24 50 18 95 82 1d f3 53 82 dc 63 55 61 34 ec 31 63 d9 c5 0c 13 12 d3 52 4c a5 4e e1 1a 01 d6 73 94 7c c7 ee d4 cd 64 d9 2d cd 2a 5c 2f 8c 4d c3 a2 51 af 90 29 44 81 9e 76 4a 75 5c b7 f4 3a bf 21 37 87 af d8 e2 c9 5a 40 d6 5c a7 0d 56 29 9f bc 35 5d b5 1e b3 91 68 6b e8 3b 3e 39 b1 20 3c 30 34 f3 c9 28 16 f7 60 Data Ascii: Wn6nDVt?6i,EZ:XS@Rv{^;b;Mua9FO^zrT[d++M<b(n6K`r!sf-{#k<IbjGqH"J+,d\S%8e%#>!>|K9,1ec!jLebt:X#tREF slhXf() E}NHDmb)TmXGY2/6HLnP'ImW:GQ/d#v~u=l!=q67[LeHm=uPQ(2%&F1$-HxA(%ce>iQ-M0^S+ILY)(IKJVs2xpUJ$PScUa41cRLNs|d-*\/MQ)DvJu\:!7
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 03 Aug 2024 22:46:21 GMTServer: LucyUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Wed, 22 May 2024 09:35:31 GMTETag: "911-61907a7d8fc2d-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 743Keep-Alive: timeout=5, max=100Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 55 6d 6b db 30 10 fe 9c 42 ff 83 48 19 b4 10 07 35 71 b2 cc fd 01 db 60 ec c3 c6 d8 67 d9 3a 3b 5a 65 cb c8 72 eb 76 ec bf ef 64 4b 7e c9 cb 46 19 5d 42 20 be d3 9d 9e 7b ee b9 f3 de e4 72 41 2e 2f 62 c5 9f c8 cf cb 8b d9 1e 44 b6 37 11 b9 a5 f4 cd 1d 3e ab 07 d0 a9 54 8f 11 d9 0b ce a1 b0 b6 9c e9 4c 14 11 a1 f8 f0 6b 14 9b aa c2 04 29 cb 85 7c 8a c8 fc 2b 64 0a c8 b7 8f e4 3b c4 d6 33 5f 04 ac 2c 25 04 d5 53 65 20 5f cc 3f 80 7c 00 23 12 46 3e 43 0d f3 c5 fc 53 9d 08 ce c8 7b cd 0a 6e 9f bf a8 58 19 35 c7 5b 08 7e da ec 95 78 06 04 b7 29 1b 67 95 a2 80 c0 83 5e d1 de de 9e 7e 74 f6 90 5a a8 b3 98 25 f7 99 56 75 c1 03 91 b3 0c 13 d5 5a 5e d3 e5 8f 32 bb 39 f0 6b 28 81 61 64 a1 dc df 03 bf c3 81 24 79 a6 90 88 a5 11 46 c2 1f a8 f8 17 0a 66 89 92 4a 47 e4 2a a4 f6 7b 82 94 e5 46 43 7e aa fc 2d a5 a7 d8 0a bb e3 16 b8 aa 0d 68 0b dc 1e e2 a2 2a 25 43 dc 86 c5 12 5c 64 a9 2a 61 84 c2 ae b3 b8 52 12 cf 3b c7 81 60 ac e9 51 70 b3 8f c6 c4 e4 a8 1d c7 cc 34 7b 90 80 94 2e 0c 95 66 a9 90 01 93 22 c3 8b ba 20 e7 8c 55 63 eb 14 45 16 e1 7f cd 41 07 68 72 e9 45 51 0c f0 3b 75 06 12 52 44 c5 6a a3 ee 26 76 dd c1 1d 39 86 d2 34 48 66 c4 03 f4 11 4d e0 6a 59 6f 06 69 59 b3 af 7a 4d 07 bb 3b 8a 15 24 d7 ad 32 02 14 5e d9 dc f8 6b 18 e7 2d fc 30 1c a5 6a 31 61 8f 8d ca 51 bf bb de 33 d2 9a 6f 7c 9a a6 ce 89 9d 8d ef 85 09 5a 52 f6 8c db f1 a4 64 55 36 64 8d 3f 9d c5 ec 9a 2e ec 77 b9 d9 f8 eb 83 5c 3d bf 28 e0 65 67 6d 47 b0 e5 78 02 d5 21 38 b9 da dd ee 92 77 e1 59 ff 38 4f e8 d3 e4 c8 85 27 7c 34 cb d6 dc 8f f8 ae b3 db b6 a7 4a 8d 64 fb 8a 23 97 b6 9f 3b 3f d7 6e de 56 2d 90 99 81 c6 78 c9 b6 e2 3a 92 55 2a 1a e0 3d 13 5d ab e9 c9 59 39 dd f9 31 57 db 9b 69 f1 ac 1d aa 63 a0 2d 2a 0e 89 d2 ac 03 51 a8 02 86 e5 ed c7 60 3d b0 59 b2 aa 9a 4e a8 0b e9 26 ac ac 8d 67 fa 04 66 d7 5f 17 31 98 7a 69 8f 94 41 e9 f6 6d bc 9b 4e c5 70 ee 60 85 3b ae b7 65 33 46 12 45 88 30 81 bd 92 fc 35 05 70 b4 49 d7 d4 bd f3 96 85 62 49 f2 1f 6e 76 f5 87 7f 7d e1 79 09 d0 7e d9 7b 6a 8d 2a fb 57 e6 00 9d 79 f0 e7 94 32 4d 3a 6a d9 31 2e 9b 35 ae b1 81 45 cf 88 54 f6 f5 39 9e 07 27 bc 0e cd f1 da bc a5 c3 f2 eb b7 eb ea a8 bc 5e e1 67 96 e4 04 e9 89 b5 74 b6 12 c7 cf 6f bc 4d 90 b2 11 09 00 00 Data Ascii: Umk0BH5q`g:;ZervdK~F]B {rA./bD7>TLk)|+d;3_,%Se _?|#F>CS{nX5[~x)g^~tZ%VuZ^29k(ad$yFfJG*{FC~-h*%C\d*aR;`Qp4{.f" UcEAhrEQ;uRDj&v94HfMjYoiY
Source: global traffic HTTP traffic detected: GET /obfuscate?path=js/events.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://scbqroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /obfuscate?path=js/timeme.min.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://scbqroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /obfuscate?path=js/time-tracker.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://scbqroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /login?redirect_after_login=/favicon.ico HTTP/1.1Host: twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://scbqroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0 HTTP/1.1Host: plus.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://scbqroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /obfuscate?path=js/analyse.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://scbqroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /login?redirect_after_login=/favicon.ico HTTP/1.1Host: x.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://scbqroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html HTTP/1.1Host: workspaceupdates.googleblog.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://scbqroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /login?redirect_after_login=/favicon.ico HTTP/1.1Host: x.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: guest_id_marketing=v1%3A172272518517908292; guest_id_ads=v1%3A172272518517908292; personalization_id="v1_AaqPYjGIpCphWfQtt+/G3Q=="; guest_id=v1%3A172272518517908292
Source: global traffic HTTP traffic detected: GET /2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html HTTP/1.1Host: workspaceupdates.googleblog.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /obfuscate?path=js/events.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /obfuscate?path=js/timeme.min.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /obfuscate?path=js/time-tracker.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /obfuscate?path=js/analyse.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /hhwtaobppbduaxet?login HTTP/1.1Host: scbqroup.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/events.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://scbqroup.com/hhwtaobppbduaxet?loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /public/campaign/36/39/11/static/style.css HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://scbqroup.com/hhwtaobppbduaxet?loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /js/timeme.min.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://scbqroup.com/hhwtaobppbduaxet?loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /js/time-tracker.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://scbqroup.com/hhwtaobppbduaxet?loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /js/analyse.js HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://scbqroup.com/hhwtaobppbduaxet?loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /public/campaign/36/39/11/logo_stadtcasino_baden.png HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://scbqroup.com/hhwtaobppbduaxet?loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /public/campaign/36/39/11/static/0.jpg HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://scbqroup.com/public/campaign/36/39/11/static/style.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /public/campaign/36/39/11/static/favicon.ico HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://scbqroup.com/hhwtaobppbduaxet?loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /public/campaign/36/39/11/logo_stadtcasino_baden.png HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /public/campaign/36/39/11/static/0.jpg HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /hhwtaobppbduaxet/run-analyse HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /public/campaign/36/39/11/static/favicon.ico HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: global traffic HTTP traffic detected: GET /hhwtaobppbduaxet/run-analyse HTTP/1.1Host: scbqroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxet
Source: chromecache_70.2.dr String found in binary or memory: <span class='fb-custom social-wrapper' data-href='https://www.facebook.com/sharer.php?u=http://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html'> equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: scbqroup.com
Source: global traffic DNS traffic detected: DNS query: plus.google.com
Source: global traffic DNS traffic detected: DNS query: twitter.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: x.com
Source: global traffic DNS traffic detected: DNS query: workspaceupdates.googleblog.com
Source: unknown HTTP traffic detected: POST /scenario/track-time HTTP/1.1Host: scbqroup.comConnection: keep-aliveContent-Length: 29User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: http://scbqroup.comReferer: http://scbqroup.com/hhwtaobppbduaxet?loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: link=hhwtaobppbduaxetData Raw: 7b 22 70 61 67 65 22 3a 22 69 6e 64 65 78 22 2c 22 74 69 6d 65 22 3a 31 2e 30 30 34 7d Data Ascii: {"page":"index","time":1.004}
Source: chromecache_70.2.dr String found in binary or memory: http://2.bp.blogspot.com/-7bZ5EziliZQ/VynIS9F7OAI/AAAAAAAASQ0/BJFntXCAntstZe6hQuo5KTrhi5Dyz9yHgCK4B/
Source: chromecache_70.2.dr String found in binary or memory: http://schema.org/Blog
Source: chromecache_70.2.dr String found in binary or memory: http://schema.org/BlogPosting
Source: chromecache_70.2.dr String found in binary or memory: http://schema.org/Person
Source: chromecache_70.2.dr String found in binary or memory: http://twitter.com/share?text=Google
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2007/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2008/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2009/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2010/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2011/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2012/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2013/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2014/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2015/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2016/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2017/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2018/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2019/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2020/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2021/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2022/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/04/set-default-label-values-for-files-in.html
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/04/streamlined-file-organization-google-drive-location-p
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/09/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/10/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/11/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2023/12/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/01/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/02/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/03/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/04/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/05/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/06/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/07/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/2024/08/
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/atom.xml
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/feeds/5157300376140296114/comments/default
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/feeds/posts/default
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/feeds/posts/default?alt=rss
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/API
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Accessibility
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Accounts
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Admin%20SDK
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Admin%20console
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Android
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/App%20Maker
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/AppSheet
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Assistant
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Bet
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Beta
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/BigQuery
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Chrome
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Cloud%20Search
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Colab
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Contacts
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Currents
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/DLP
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Developer
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Directory%20Sync
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Docs
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Drive%20for%20desktop
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Duet%20AI
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Editors
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Education%20Edition
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/End-user
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/G%20Suite
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/G%20Suite%20for%20Education
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/G%20Suite%20for%20Government
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Gemini
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Gmail
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Apps%20Script
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Calendar
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Chat
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Classroom
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Cloud%20Directory%20Sync
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Docs
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Drawings
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Drive
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Forms
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Hangouts
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Keep
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Maps
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Meet
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Meet%20Hardware
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Photos
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Sheets
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Sites
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Slides
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Tasks
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Vault
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Voice
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Workspace
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Workspace%20Add-ons
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Workspace%20Marketplace
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Workspace%20Migrate
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Google%20Workspace%20for%20Education
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Groups
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Identity
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Jamboard
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/MDM
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Marketplace
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Microsoft%20Exchange
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Microsoft%20Outlook
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Mobile
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Next%202023
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Other
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Premier%20Edition
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Rapid
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Rapid%20Release
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Rapid%20Releases
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/SAML
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/SSO
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Scheduled%20Release
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Security%20and%20Compliance
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/Weekly%20Recap
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/What%27s%20New
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/YouTube
Source: chromecache_70.2.dr String found in binary or memory: http://workspaceupdates.googleblog.com/search/label/iOS
Source: chromecache_70.2.dr String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=gblog;cat=googl0;ord=ord=
Source: chromecache_70.2.dr String found in binary or memory: https://ad.doubleclick.net/ddm/activity/src=2542116;type=gblog;cat=googl0;ord=1?
Source: chromecache_70.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Source: chromecache_70.2.dr String found in binary or memory: https://apis.google.com/js/platform.js
Source: chromecache_70.2.dr String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil-tQSvWkISdvbujn818sEroZRYYKpRGceE-TwpWR
Source: chromecache_70.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400italic
Source: chromecache_70.2.dr String found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: chromecache_70.2.dr String found in binary or memory: https://googleblog.us5.list-manage.com/subscribe/post?u=dfee747f842ff45e675b4d1d9&amp;id=a3262ab6a0
Source: chromecache_70.2.dr String found in binary or memory: https://gsuiteupdates-es.googleblog.com/
Source: chromecache_70.2.dr String found in binary or memory: https://gsuiteupdates-fr.googleblog.com/
Source: chromecache_70.2.dr String found in binary or memory: https://gsuiteupdates-ja.googleblog.com/
Source: chromecache_70.2.dr String found in binary or memory: https://gsuiteupdates-pt.googleblog.com/
Source: chromecache_70.2.dr String found in binary or memory: https://plus.google.com/112374322230920073195
Source: chromecache_70.2.dr String found in binary or memory: https://plus.google.com/116899029375914044550
Source: chromecache_70.2.dr String found in binary or memory: https://support.google.com/a/answer/13137538
Source: chromecache_70.2.dr String found in binary or memory: https://support.google.com/a/go/whatsnew
Source: chromecache_70.2.dr String found in binary or memory: https://support.google.com/a/users/answer/11219858
Source: chromecache_70.2.dr String found in binary or memory: https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5245696872621940063&amp;zx=21e3c548-4
Source: chromecache_70.2.dr String found in binary or memory: https://www.blogger.com/feeds/5245696872621940063/posts/default
Source: chromecache_70.2.dr String found in binary or memory: https://www.blogger.com/static/v1/jsbin/1176643302-lbx.js
Source: chromecache_70.2.dr String found in binary or memory: https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css
Source: chromecache_70.2.dr String found in binary or memory: https://www.blogger.com/static/v1/widgets/2061172683-widgets.js
Source: chromecache_70.2.dr String found in binary or memory: https://www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css
Source: chromecache_70.2.dr String found in binary or memory: https://www.google.com/search?q=site%3A
Source: chromecache_70.2.dr String found in binary or memory: https://www.googlecloudcommunity.com/gc/Google-Workspace/ct-p/google-workspace
Source: chromecache_70.2.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-DY1T9T89QG
Source: chromecache_70.2.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_grey600_24dp.png
Source: chromecache_70.2.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/post_facebook_black_24dp.png
Source: chromecache_70.2.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/post_twitter_black_24dp.png
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: classification engine Classification label: mal92.phis.win@16/20@24/10
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2040,i,9300141686694069086,12119401010951069995,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://scbqroup.com/hhwtaobppbduaxet?login"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2040,i,9300141686694069086,12119401010951069995,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1487408 URL: http://scbqroup.com/hhwtaob... Startdate: 04/08/2024 Architecture: WINDOWS Score: 92 26 Multi AV Scanner detection for domain / URL 2->26 28 Antivirus detection for URL or domain 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 4 other signatures 2->32 6 chrome.exe 9 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.5, 443, 49703, 49709 unknown unknown 6->14 16 192.168.2.6 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 scbqroup.com 159.69.19.252, 443, 49709, 49710 HETZNER-ASDE Germany 11->20 22 x.com 104.244.42.1, 443, 49718, 49724 TWITTERUS United States 11->22 24 7 other IPs or domains 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.244.42.1
 twitter.com United States
13414 TWITTERUS false
142.250.185.68
 www.google.com United States
15169 GOOGLEUS false
104.244.42.129
 unknown United States
13414 TWITTERUS false
142.250.186.161
 blogspot.l.googleusercontent.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
159.69.19.252
 scbqroup.com Germany
24940 HETZNER-ASDE true
142.250.186.100
 unknown United States
15169 GOOGLEUS false
142.250.184.206
 plus.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.6
192.168.2.5

Contacted Domains

Name IP Active
twitter.com 104.244.42.1 true
plus.google.com 142.250.184.206 true
blogspot.l.googleusercontent.com 142.250.186.161 true
scbqroup.com 159.69.19.252 true
www.google.com 142.250.185.68 true
x.com 104.244.42.1 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
workspaceupdates.googleblog.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://scbqroup.com/js/analyse.js true
  • Avira URL Cloud: phishing
 unknown
https://scbqroup.com/obfuscate?path=js/analyse.js false
  • Avira URL Cloud: phishing
 unknown
http://scbqroup.com/js/timeme.min.js true
  • Avira URL Cloud: phishing
 unknown
http://scbqroup.com/public/campaign/36/39/11/static/0.jpg true
  • Avira URL Cloud: phishing
 unknown
https://workspaceupdates.googleblog.com/2023/04/new-community-features-for-google-chat-and-an-update-currents%20.html false
  • Avira URL Cloud: safe
 unknown
https://scbqroup.com/obfuscate?path=js/timeme.min.js false
  • Avira URL Cloud: phishing
 unknown