Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Nico Williams - Google Docs.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (26178), with CRLF line terminators
|
initial sample
|
 |
|
|
Chrome Cache Entry: 100
|
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 101
|
ASCII text, with very long lines (569)
|
dropped
|
||
|
Chrome Cache Entry: 102
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 104
|
ASCII text, with very long lines (3346)
|
dropped
|
||
|
Chrome Cache Entry: 105
|
PNG image data, 46 x 46, 8-bit gray+alpha, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 106
|
ASCII text, with very long lines (755)
|
dropped
|
||
|
Chrome Cache Entry: 107
|
ASCII text, with very long lines (5693)
|
dropped
|
||
|
Chrome Cache Entry: 108
|
Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 109
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 110
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 111
|
ASCII text, with very long lines (1694)
|
dropped
|
||
|
Chrome Cache Entry: 112
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 113
|
ASCII text, with very long lines (5693)
|
downloaded
|
||
|
Chrome Cache Entry: 114
|
ASCII text, with very long lines (395)
|
downloaded
|
||
|
Chrome Cache Entry: 115
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 116
|
ASCII text, with very long lines (2004)
|
downloaded
|
||
|
Chrome Cache Entry: 117
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 118
|
ASCII text, with very long lines (533)
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
ASCII text, with very long lines (553)
|
dropped
|
||
|
Chrome Cache Entry: 120
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 121
|
ASCII text, with very long lines (3274), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 122
|
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 123
|
ASCII text, with very long lines (1694)
|
downloaded
|
||
|
Chrome Cache Entry: 124
|
ASCII text, with very long lines (1885)
|
dropped
|
||
|
Chrome Cache Entry: 125
|
ASCII text, with very long lines (683)
|
downloaded
|
||
|
Chrome Cache Entry: 126
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 127
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
Chrome Cache Entry: 128
|
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 129
|
ASCII text, with very long lines (2004)
|
dropped
|
||
|
Chrome Cache Entry: 130
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 131
|
ASCII text, with very long lines (755)
|
downloaded
|
||
|
Chrome Cache Entry: 132
|
PNG image data, 46 x 46, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 133
|
ASCII text, with very long lines (468)
|
dropped
|
||
|
Chrome Cache Entry: 134
|
ASCII text, with very long lines (569)
|
downloaded
|
||
|
Chrome Cache Entry: 135
|
ASCII text, with very long lines (683)
|
dropped
|
||
|
Chrome Cache Entry: 136
|
ASCII text, with very long lines (533)
|
dropped
|
||
|
Chrome Cache Entry: 137
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 138
|
ASCII text, with very long lines (522)
|
dropped
|
||
|
Chrome Cache Entry: 139
|
ASCII text, with very long lines (395)
|
dropped
|
||
|
Chrome Cache Entry: 140
|
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 141
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 142
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 143
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
|
Chrome Cache Entry: 144
|
ASCII text, with very long lines (3346)
|
downloaded
|
||
|
Chrome Cache Entry: 145
|
GIF image data, version 89a, 32 x 32
|
downloaded
|
||
|
Chrome Cache Entry: 146
|
ASCII text, with very long lines (468)
|
downloaded
|
||
|
Chrome Cache Entry: 147
|
ASCII text, with very long lines (553)
|
downloaded
|
||
|
Chrome Cache Entry: 148
|
ASCII text, with very long lines (1885)
|
downloaded
|
||
|
Chrome Cache Entry: 149
|
HTML document, ASCII text, with very long lines (681)
|
dropped
|
||
|
Chrome Cache Entry: 150
|
PNG image data, 112 x 36, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
ASCII text, with very long lines (522)
|
downloaded
|
||
|
Chrome Cache Entry: 94
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
|
Chrome Cache Entry: 96
|
PNG image data, 112 x 36, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 97
|
PNG image data, 24 x 24, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 98
|
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
HTML document, ASCII text, with very long lines (681)
|
downloaded
|
There are 49 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Nico Williams - Google Docs.html"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2000,i,4112527611490471702,14850343072936169615,262144
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US
--service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=2000,i,4112527611490471702,14850343072936169615,262144
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=2000,i,4112527611490471702,14850343072936169615,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
file:///C:/Users/user/Desktop/Nico%20Williams%20-%20Google%20Docs.html
|
|
||
|
https://apis.google.com
|
unknown
|
|
|
|
https://play.google/intl/
|
unknown
|
||
|
https://families.google.com/intl/
|
unknown
|
||
|
https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create
|
172.217.16.138
|
||
|
http://www.broofa.com
|
unknown
|
||
|
https://youtube.com/t/terms?gl=
|
unknown
|
||
|
https://policies.google.com/technologies/location-data
|
unknown
|
||
|
https://www.google.com/intl/
|
unknown
|
||
|
https://docs.google.com/document/u/0/?pli=1&usp=docs_web
|
172.217.18.14
|
||
|
https://apis.google.com/js/api.js
|
unknown
|
||
|
https://policies.google.com/privacy/google-partners
|
unknown
|
||
|
https://play.google.com/work/enroll?identifier=
|
unknown
|
||
|
https://policies.google.com/terms/service-specific
|
unknown
|
||
|
https://g.co/recover
|
unknown
|
||
|
https://policies.google.com/privacy/additional
|
unknown
|
||
|
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
142.250.186.78
|
||
|
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0
|
142.250.185.78
|
||
|
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
|
https://policies.google.com/technologies/cookies
|
unknown
|
||
|
https://www.google.com/favicon.ico
|
142.250.185.132
|
||
|
https://plus.google.com
|
unknown
|
||
|
https://policies.google.com/terms
|
unknown
|
||
|
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
|
unknown
|
||
|
https://docs.google.com/document/u/0/?pli=1&authuser=0&usp=docs_web
|
172.217.18.14
|
||
|
https://www.google.com
|
unknown
|
||
|
https://play.google.com/log?hasfast=true&authuser=0&format=json
|
172.217.18.14
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
|
https://docs.google.com/document/d/1YeASdTvJPQ8WGnAIgzhwYX7XBMq7gHQzdzfWCHRa6TY/edit?pli=1
|
unknown
|
||
|
https://www.youtube.com/t/terms?chromeless=1&hl=
|
unknown
|
||
|
https://support.google.com/accounts?hl=
|
unknown
|
||
|
https://policies.google.com/terms/location
|
unknown
|
||
|
https://policies.google.com/privacy
|
unknown
|
||
|
https://docs.google.com/document/u/0/d/1YeASdTvJPQ8WGnAIgzhwYX7XBMq7gHQzdzfWCHRa6TY/edit?pli=1&u
|
unknown
|
||
|
https://lh3.googleusercontent.com/ogw/AF2bZyiDsuJIl222jwdd3uzuoaQwjjt1tVBQodprPSNWhLS083U=s32-c-mo
|
142.250.185.225
|
||
|
https://domains.google.com/suggest/flow
|
unknown
|
||
|
https://support.google.com/accounts?p=new-si-ui
|
unknown
|
||
|
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
|
unknown
|
||
|
https://clients6.google.com
|
unknown
|
There are 31 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
apis.google.com
|
unknown
|
|
|
|
docs.google.com
|
172.217.18.14
|
||
|
waa-pa.clients6.google.com
|
172.217.16.138
|
||
|
plus.l.google.com
|
142.250.185.78
|
||
|
play.google.com
|
172.217.18.14
|
||
|
www3.l.google.com
|
142.250.186.46
|
||
|
googlehosted.l.googleusercontent.com
|
142.250.185.225
|
||
|
accounts.youtube.com
|
unknown
|
||
|
lh3.googleusercontent.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.46
|
www3.l.google.com
|
United States
|
||
|
142.250.185.78
|
plus.l.google.com
|
United States
|
||
|
172.217.16.138
|
waa-pa.clients6.google.com
|
United States
|
||
|
172.217.18.14
|
docs.google.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
142.250.185.225
|
googlehosted.l.googleusercontent.com
|
United States
|
||
|
142.250.181.238
|
unknown
|
United States
|
||
|
142.250.184.225
|
unknown
|
United States
|
||
|
142.250.186.131
|
unknown
|
United States
|
||
|
142.250.186.132
|
unknown
|
United States
|
||
|
142.250.186.99
|
unknown
|
United States
|
||
|
142.250.186.78
|
unknown
|
United States
|
||
|
142.250.185.132
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.174
|
unknown
|
United States
|
||
|
172.217.16.195
|
unknown
|
United States
|
||
|
172.217.18.100
|
unknown
|
United States
|
There are 7 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
file:///C:/Users/user/Desktop/Nico%20Williams%20-%20Google%20Docs.html
|
||
|
file:///C:/Users/user/Desktop/Nico%20Williams%20-%20Google%20Docs.html
|
||
|
file:///C:/Users/user/Desktop/Nico%20Williams%20-%20Google%20Docs.html
|
||
|
file:///C:/Users/user/Desktop/Nico%20Williams%20-%20Google%20Docs.html
|
||
|
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&followup=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&ifkv=ARpgrqezLPKUE9Xyn3fEsqs2z2sGjoWfkca00QtGC8BG0zh8yku5YvVvh6iqXDTpYkt-sQcWbWzy8g<mpl=docs&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2098264393%3A1727718762406381&ddm=0
|
||
|
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&followup=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&ifkv=ARpgrqezLPKUE9Xyn3fEsqs2z2sGjoWfkca00QtGC8BG0zh8yku5YvVvh6iqXDTpYkt-sQcWbWzy8g<mpl=docs&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2098264393%3A1727718762406381&ddm=0
|
||
|
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&followup=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&ifkv=ARpgrqezLPKUE9Xyn3fEsqs2z2sGjoWfkca00QtGC8BG0zh8yku5YvVvh6iqXDTpYkt-sQcWbWzy8g<mpl=docs&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2098264393%3A1727718762406381&ddm=0
|
||
|
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&followup=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&ifkv=ARpgrqezLPKUE9Xyn3fEsqs2z2sGjoWfkca00QtGC8BG0zh8yku5YvVvh6iqXDTpYkt-sQcWbWzy8g<mpl=docs&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2098264393%3A1727718762406381&ddm=0
|
||
|
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&followup=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fu%2F0%2F%3Fpli%3D1%26usp%3Ddocs_web&ifkv=ARpgrqezLPKUE9Xyn3fEsqs2z2sGjoWfkca00QtGC8BG0zh8yku5YvVvh6iqXDTpYkt-sQcWbWzy8g<mpl=docs&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2098264393%3A1727718762406381&ddm=0
|
||
|
https://accounts.google.com/SignOutOptions?hl=en&continue=https://docs.google.com/document/u/0/d/1YeASdTvJPQ8WGnAIgzhwYX7XBMq7gHQzdzfWCHRa6TY/edit%3Fpli%3D1&service=writely&ec=GBRAGQ
|