Play interactive tourEdit tour

Windows Analysis Report
https://notifications.google.com/g/p/ANiao5p2RcBbPQBzHQvY6jNm04wAy5iNpozItZWhsZbF0qUe8yQLzZ9gQ_qnFU_kTCsa3i0XPQLOOHOuwJNHBewxF_bFwbVlnEotvRmzeqNYLc4FOEcfeZ9x6LmLeWigj6EhIdc5_QZjbY8XU-4I4Dk2JLkT6GcqVDIWOEHypyWpgv2U-mDnucm-T6LwkYx9iHmTQVbwoTttv4_SRIY6GV9rEsUu1rtbAxyG29Obq5KSr218MAnAdEZkBz8_LPBXogzYThL

Overview

General Information

Sample URL:	https://notifications.google.com/g/p/ANiao5p2RcBbPQBzHQvY6jNm04wAy5iNpozItZWhsZbF0qUe8yQLzZ9gQ_qnFU_kTCsa3i0XPQLOOHOuwJNHBewxF_bFwbVlnEotvRmzeqNYLc4FOEcfeZ9x6LmLeWigj6EhIdc5_QZjbY8XU-4I4Dk2JLkT6GcqVDI
Analysis ID:	1522703
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found iframes

HTML body contains password input but no form action

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Phishing

Found iframes

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1656982766&timestamp=1727703934979
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1656982766&timestamp=1727703934979
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: Iframe src: /_/bscframe

HTML body contains password input but no form action

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body contains password input

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1

HTTP Parser: <input type="password" .../> found

HTML page is missing a favicon

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No favicon

META author tag missing

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D35f652c4-9b8f-4187-8f91-1da414174431&ifkv=ARpgrqcVYTmT0sRvayrc-zpu5enLTx0WuCdRbu17nm_t0xx5W6jrihXWZTZj9cU6daPDSX3mhkik&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1730843746%3A1727703930159689&ddm=1	HTTP Parser: No <meta name="copyright".. found

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.17:49774 version: TLS 1.2

Networking

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /g/p/ANiao5p2RcBbPQBzHQvY6jNm04wAy5iNpozItZWhsZbF0qUe8yQLzZ9gQ_qnFU_kTCsa3i0XPQLOOHOuwJNHBewxF_bFwbVlnEotvRmzeqNYLc4FOEcfeZ9x6LmLeWigj6EhIdc5_QZjbY8XU-4I4Dk2JLkT6GcqVDIWOEHypyWpgv2U-mDnucm-T6LwkYx9iHmTQVbwoTttv4_SRIY6GV9rEsUu1rtbAxyG29Obq5KSr218MAnAdEZkBz8_LPBXogzYThL1-R7XlBxOIfkneZZSZdAhrWQVscYEF4a9i0cYsXiP_5Fghj0zRLIlSbOTQCx7AcCn6QNeERfRqO42bJF73AZF_keR1Dwl6Fi2jsTV HTTP/1.1Host: notifications.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlqHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1WCHa+3fNm6NMNW&MD=2mM+N1Ss HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1656982766&timestamp=1727703934979 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlqHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlqHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=dDWP42PZlDVfHmnqD1Ac7NvJ4TNT-Vca6WAfNNXg3Id9m9cRXlnSPCecRkFTfPnU0DdrJJlEjrEErvUicCGQM3UKflOJInUZequ4QpAGPgLV9Lf3P3SNkCHMNMRFcMsLadnWeeUGeKhZrKcYoAgHCbk2maHgdD_q_t6V9ZSCou0IFOCFYjKCKQW5GIw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=Qh8wz6wKrC44Ec0tj0A57vLn4NldkE2G9YpEWmcFtjaSzl1LdH9Y3vIIDgyR7SPfwws2kufh7lbvaR7lZW4pBwTP-CJ9xYq_k0nMyCRzpWcRzg55CHRqxIY4PkHRUinmNaR8tOAxAq3MQd3tPJnk6JTVY0WHir8M90B8nxjJf6FMpMEkCK032FoUUz8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=dDWP42PZlDVfHmnqD1Ac7NvJ4TNT-Vca6WAfNNXg3Id9m9cRXlnSPCecRkFTfPnU0DdrJJlEjrEErvUicCGQM3UKflOJInUZequ4QpAGPgLV9Lf3P3SNkCHMNMRFcMsLadnWeeUGeKhZrKcYoAgHCbk2maHgdD_q_t6V9ZSCou0IFOCFYjKCKQW5GIw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=dDWP42PZlDVfHmnqD1Ac7NvJ4TNT-Vca6WAfNNXg3Id9m9cRXlnSPCecRkFTfPnU0DdrJJlEjrEErvUicCGQM3UKflOJInUZequ4QpAGPgLV9Lf3P3SNkCHMNMRFcMsLadnWeeUGeKhZrKcYoAgHCbk2maHgdD_q_t6V9ZSCou0IFOCFYjKCKQW5GIw
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlqHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=dDWP42PZlDVfHmnqD1Ac7NvJ4TNT-Vca6WAfNNXg3Id9m9cRXlnSPCecRkFTfPnU0DdrJJlEjrEErvUicCGQM3UKflOJInUZequ4QpAGPgLV9Lf3P3SNkCHMNMRFcMsLadnWeeUGeKhZrKcYoAgHCbk2maHgdD_q_t6V9ZSCou0IFOCFYjKCKQW5GIw
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1WCHa+3fNm6NMNW&MD=2mM+N1Ss HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAbIzB0A4h2D%2BNkHrVkQylh58%2BvwMN/s6obbwPIDvP8RId7%2B52mg6j96NqltBLmSJDZq7dpan/Biy4iI94XRRBsKCwcQnYCkLPOqnjz8HPQwbOUE8Z1jVHWhD5RDayAmqSOaVYKZaqyvHF0Sbv7B6HLy1wh1STiGG8DdEISAuVtusyELKMwv7OLxWUZnZHDsm5ow0olTWYecTmkPOEw9B6plzponbdE%2BWd5JOar5hhsREUVwj6rVk2E2CX6pjwCdqrcUea1pn1cWWQNIc/IR/AZjod6v1bK9MiQXyhpG3or9vWDY62DKBleAo7GizRpXE%2BiCiOffEzOnWGviCSWajBi0QZgAAEE3qq0emutk249Qnk6uueYiwAZS9MdMrrqMCbRuKbEdjksJZhRJ4aQvyF0Fuc5bvanGVyu2y9FrAay9lD8hwCbpapCP6LtRow9dzVOJYu2%2BLpTXOcV0t6wFBU4InBnP9O6oO46dmqqemeA6ZpKut4bW/7H3OXOniI8MlU/0Euel/H/19UWPag/2TQ0WvNxSv1hIVKdumm4z8ap6r0SuwUxApRLnedWYzHydErBbNHnDt5WmGGubNsB%2BBm6o%2BqAaBUwL3fjIsUuSsIEHPGaYLax/MP0Jf8fvnERzcFIC/2uT9unbMPq91DZR6jNPXp4VIzCPikJP8bJaXWBl5KcfwcX8OZZ61aTcksG8sstBXbsq4bqkPHoIOzokDwrF1Nf/ATVqnQOfVcu0L%2B1isS6ppfT3HT54cjBO5JX9u5FlEHSZd3H3TUCBP4NqNSHbAipSFxz/zBeX7yZy9hVue4J%2BFW1H8li/H3KTCnGffsm3yykf8jt/PwDFCP8KS%2BfgjgE6gPnjDXWwg4cRFhDsR473f1JlzcsZUVCK77PzdYLQV5GSIPk%2B4egofCNNlvqzJBhc6D66gpIz1N//J7KCVOlzTFvWN1NcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1727703982User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: AAC8B6CA1A464F30BB5BB0E4D71D50E3X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Found strings which match to known social media urls

Source: chromecache_114.1.dr

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: notifications.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 507sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlqHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=Ut9NwVAHQf1ROwJIdV2B6b7Gdu31E5PKTxRwsf0wVsAIGp2OwXbPg6cafsLmKGdHbAvTjIwXwIqGKJu2K5RCyp6dUXvCZ18VPulIxlpfxS3MImrqqAnpjrGfdbNyU02gV73uq9YAWrVo7qzuOaiiPVl1Mlohyz6rEDjCEiYgYN3ejjQA9J4

URLs found in memory or binary data

Source: chromecache_114.1.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_114.1.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_114.1.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_93.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_93.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_114.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_114.1.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_114.1.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_114.1.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_100.1.dr, chromecache_93.1.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_114.1.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_93.1.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_93.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_93.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_93.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_93.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_93.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: chromecache_115.1.dr, chromecache_114.1.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.17:49774 version: TLS 1.2

System Summary

Classification label

Source: classification engine

Classification label: clean2.win@23/50@12/9

Creates files inside the user directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,2830413536159226491,2515518330832252132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://notifications.google.com/g/p/ANiao5p2RcBbPQBzHQvY6jNm04wAy5iNpozItZWhsZbF0qUe8yQLzZ9gQ_qnFU_kTCsa3i0XPQLOOHOuwJNHBewxF_bFwbVlnEotvRmzeqNYLc4FOEcfeZ9x6LmLeWigj6EhIdc5_QZjbY8XU-4I4Dk2JLkT6GcqVDIWOEHypyWpgv2U-mDnucm-T6LwkYx9iHmTQVbwoTttv4_SRIY6GV9rEsUu1rtbAxyG29Obq5KSr218MAnAdEZkBz8_LPBXogzYThL1-R7XlBxOIfkneZZSZdAhrWQVscYEF4a9i0cYsXiP_5Fghj0zRLIlSbOTQCx7AcCn6QNeERfRqO42bJF73AZF_keR1Dwl6Fi2jsTV"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 --field-trial-handle=1952,i,2830413536159226491,2515518330832252132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1952,i,2830413536159226491,2515518330832252132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,2830413536159226491,2515518330832252132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://notifications.google.com/g/p/ANiao5p2RcBbPQBzHQvY6jNm04wAy5iNpozItZWhsZbF0qUe8yQLzZ9gQ_qnFU_kTCsa3i0XPQLOOHOuwJNHBewxF_bFwbVlnEotvRmzeqNYLc4FOEcfeZ9x6LmLeWigj6EhIdc5_QZjbY8XU-4I4Dk2JLkT6GcqVDIWOEHypyWpgv2U-mDnucm-T6LwkYx9iHmTQVbwoTttv4_SRIY6GV9rEsUu1rtbAxyG29Obq5KSr218MAnAdEZkBz8_LPBXogzYThL1-R7XlBxOIfkneZZSZdAhrWQVscYEF4a9i0cYsXiP_5Fghj0zRLIlSbOTQCx7AcCn6QNeERfRqO42bJF73AZF_keR1Dwl6Fi2jsTV"			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 --field-trial-handle=1952,i,2830413536159226491,2515518330832252132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1952,i,2830413536159226491,2515518330832252132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Windows shortcut file (LNK) contains relative path

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior