Windows Analysis Report
https://notifications.google.com/g/p/ANiao5rmpdVCFm1nhCkLw57ugJsRrpugbcvRM1jiM0lChM-kJKNB4Dely_5E2wXcqIR2Q9LCmU9FSj7452riqtG5aZOIp5OIc_5MXFr7HW6L-d7VJRWhiSkO_K_NXoBaq8NSl0s8fO4kyEyBCsDCBJ_uSvKmC4O0xpk_mGCFZo0u3dGKOCSjecHdxch5CY4ulj8Gh65QLZrBpgyO6s-lcIBXR89jbkYmdaVY3mXtDDd1UFSGygci6jVyt1nFNaC6Mg5DypD

Overview

General Information

Sample URL: https://notifications.google.com/g/p/ANiao5rmpdVCFm1nhCkLw57ugJsRrpugbcvRM1jiM0lChM-kJKNB4Dely_5E2wXcqIR2Q9LCmU9FSj7452riqtG5aZOIp5OIc_5MXFr7HW6L-d7VJRWhiSkO_K_NXoBaq8NSl0s8fO4kyEyBCsDCBJ_uSvKmC4O0xpk
Analysis ID: 1540579

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

HTML body contains password input but no form action
Stores files to the Windows start menu directory

Classification

Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-794300293&timestamp=1729718003083
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-794300293&timestamp=1729718003083
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-794300293&timestamp=1729718003083
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-794300293&timestamp=1729718003083
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-794300293&timestamp=1729718003083
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No favicon
Source: https://accounts.google.com/lifecycle/steps/signup/name?checkedDomains=youtube&continue=https://admin.google.com/ac/ac/alert/details?alertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ddm=0&dsh=S-1358263010:1729717995168972&flowEntry=SignUp&flowName=GlifWebSignIn&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&pstMsg=1&rip=1&TL=APps6eYD5DvBzTD2ppCdEeIuxzYmi0cFShZNXG4t5qmjyZRFETJK2ZI-x8Mj5Oxk HTTP Parser: No favicon
Source: https://accounts.google.com/lifecycle/steps/signup/name?checkedDomains=youtube&continue=https://admin.google.com/ac/ac/alert/details?alertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ddm=0&dsh=S-1358263010:1729717995168972&flowEntry=SignUp&flowName=GlifWebSignIn&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&pstMsg=1&rip=1&TL=APps6eYD5DvBzTD2ppCdEeIuxzYmi0cFShZNXG4t5qmjyZRFETJK2ZI-x8Mj5Oxk HTTP Parser: No favicon
Source: https://accounts.google.com/lifecycle/steps/signup/name?checkedDomains=youtube&continue=https://admin.google.com/ac/ac/alert/details?alertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ddm=0&dsh=S-1358263010:1729717995168972&flowEntry=SignUp&flowName=GlifWebSignIn&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&pstMsg=1&rip=1&TL=APps6eYD5DvBzTD2ppCdEeIuxzYmi0cFShZNXG4t5qmjyZRFETJK2ZI-x8Mj5Oxk HTTP Parser: No favicon
Source: https://accounts.google.com/lifecycle/steps/signup/birthdaygender?TL=APps6eYD5DvBzTD2ppCdEeIuxzYmi0cFShZNXG4t5qmjyZRFETJK2ZI-x8Mj5Oxk&checkedDomains=youtube&continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ddm=0&dsh=S-1358263010%3A1729717995168972&flowEntry=SignUp&flowName=GlifWebSignIn&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&pstMsg=1&rip=1 HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D46e3378d-614c-4edc-acfc-fdd2ca350605&ifkv=ARpgrqd5f0jcb-qAef2mWvTWqLZKCiV3j8o0d9D1GVmu0HwfD1xBHd-77bYWKt6G2D75PpG_IhW-&rip=1&sacu=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358263010%3A1729717995168972&ddm=0 HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.17:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.161:443 -> 192.168.2.17:49783 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global traffic DNS traffic detected: DNS query: notifications.google.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.17:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.161:443 -> 192.168.2.17:49783 version: TLS 1.2
Source: classification engine Classification label: clean1.win@23/43@18/217
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1992,i,16889382886888716514,3423439991963513447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://notifications.google.com/g/p/ANiao5rmpdVCFm1nhCkLw57ugJsRrpugbcvRM1jiM0lChM-kJKNB4Dely_5E2wXcqIR2Q9LCmU9FSj7452riqtG5aZOIp5OIc_5MXFr7HW6L-d7VJRWhiSkO_K_NXoBaq8NSl0s8fO4kyEyBCsDCBJ_uSvKmC4O0xpk_mGCFZo0u3dGKOCSjecHdxch5CY4ulj8Gh65QLZrBpgyO6s-lcIBXR89jbkYmdaVY3mXtDDd1UFSGygci6jVyt1nFNaC6Mg5DypDkFDzvubV0EwqI9GNvoqhmDih6nZVL-1bHut6sxeIGKS2Eabz6-SZ-M8zJzX-foMNulqirTr95n6hVDrxj4HFzQ5P0onv4un2IQw"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1992,i,16889382886888716514,3423439991963513447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4084 --field-trial-handle=1992,i,16889382886888716514,3423439991963513447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 --field-trial-handle=1992,i,16889382886888716514,3423439991963513447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4084 --field-trial-handle=1992,i,16889382886888716514,3423439991963513447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 --field-trial-handle=1992,i,16889382886888716514,3423439991963513447,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs