Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
108s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
08/02/2023, 17:02 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://support.google.com/drive?p=collaborator_accounts
Resource
win7-20221111-en
General
-
Target
https://support.google.com/drive?p=collaborator_accounts
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382644313" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da0000000002000000000010660000000100002000000056dd4692345c29d0ccf26d01cb614ad8dabbac2ad40ee6a90c8ccc4b2872b2eb000000000e8000000002000020000000cf964cf04c4c3f38121797791f3e00cbfdd837bf2bcef0348a438a9f7979dc8a2000000000a58e0ca7f56badabd6f3eaa751fc9751a3187e4ba1335e8c6dcc59ae678d6640000000780b62f72cc73c0d4e456f892bbb4022efa41f9ac0d0a1f7dd61763d09cf081d1097a6c12c6fe1ee540a354b8f17229463d4bec1244397946a80831a51970092 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B9FEDC31-A7DA-11ED-BEDC-663367632C22} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70cad5a0e73bd901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da000000000200000000001066000000010000200000008477991ef553b0ddce1b7d3f59c22af3f0e5a16b80ce9606a123572d98095b6c000000000e8000000002000020000000a60a6571de681ce79d72c8c1d0097843c64ffae656d909bdb772fc4698690c3990000000e7ad7102fe47ff8c305f4725b6951d584ef019138e0117203c797b0d0bfe26d9b7c2b2baf47edde4ca7fd0ae3f092a0cccc1743114ff738bbff5d00e64ca12335b33e9e440e084692dcacdea4b428f77dc4feedcc69028601bba23494d95a4583a9b0760005ab20a0dee7d405f81f614794f21628e6b5ee1752bf11d5eda5f43234b5a86a0fe3a0fef7f36d0925ba58b40000000aa43239eb9bdc274e0e78b0497febda713c1f1c2149f474789d88c7889767550a680a385dacf0ed9c8a7c7d4ab50d7a6ac9aeb36d2a73ac17d7ea425977e81b0 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1292 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1292 iexplore.exe 1292 iexplore.exe 1528 IEXPLORE.EXE 1528 IEXPLORE.EXE 1528 IEXPLORE.EXE 1528 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1292 wrote to memory of 1528 1292 iexplore.exe 29 PID 1292 wrote to memory of 1528 1292 iexplore.exe 29 PID 1292 wrote to memory of 1528 1292 iexplore.exe 29 PID 1292 wrote to memory of 1528 1292 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://support.google.com/drive?p=collaborator_accounts1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1292 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1528
-
Network
-
Remote address:8.8.8.8:53Requestsupport.google.comIN AResponsesupport.google.comIN A142.251.36.46
-
Remote address:142.251.36.46:443RequestGET /drive?p=collaborator_accounts HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: support.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Date: Wed, 08 Feb 2023 17:02:49 GMT
Expires: Wed, 08 Feb 2023 17:02:49 GMT
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: support-content-ui
Content-Length: 319
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1IEXPLORE.EXERemote address:142.251.36.46:443RequestGET /drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: support.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 Feb 2023 17:02:50 GMT
Expires: Wed, 08 Feb 2023 17:02:50 GMT
Cache-Control: private, max-age=0
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-U1YEALadCCxSNBBww3YY' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: support-content-ui
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: NID=511=u2K7NvyrQmzHkb5SJcNTaIkBtAJ7QNmUcFuYItOUn_6LTBLOvIqnyJqwiSI_txXCGbqvHhB0HhYFlRPZmRN8M4I9x7T-YbevuTdUM-2yyLvaJ33czL_aVIZuR9ioG_BBaqQmXmtxIzLIPhbJELO9L35eqCfOMKvbhEpddeqPLZ0; expires=Thu, 10-Aug-2023 17:02:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
Set-Cookie: NID=511=u2K7NvyrQmzHkb5SJcNTaIkBtAJ7QNmUcFuYItOUn_6LTBLOvIqnyJqwiSI_txXCGbqvHhB0HhYFlRPZmRN8M4I9x7T-YbevuTdUM-2yyLvaJ33czL_aVIZuR9ioG_BBaqQmXmtxIzLIPhbJELO9L35eqCfOMKvbhEpddeqPLZ0; expires=Thu, 10-Aug-2023 17:02:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
Remote address:142.251.36.46:443RequestGET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: support.google.com
Connection: Keep-Alive
Cookie: NID=511=u2K7NvyrQmzHkb5SJcNTaIkBtAJ7QNmUcFuYItOUn_6LTBLOvIqnyJqwiSI_txXCGbqvHhB0HhYFlRPZmRN8M4I9x7T-YbevuTdUM-2yyLvaJ33czL_aVIZuR9ioG_BBaqQmXmtxIzLIPhbJELO9L35eqCfOMKvbhEpddeqPLZ0; _ga_H30R9PNQFN=GS1.1.1675879370.1.0.1675879370.0.0.0; _ga=GA1.3.1221844864.1675879370; _gid=GA1.3.768085649.1675879370; _gat_gtag_UA_175894890_5=1
ResponseHTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 08 Feb 2023 17:02:51 GMT
Expires: Wed, 08 Feb 2023 17:02:51 GMT
Cache-Control: private, max-age=300
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: support-content-ui
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
Remote address:8.8.8.8:53Requestlh3.googleusercontent.comIN AResponselh3.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A142.251.36.1
-
Remote address:8.8.8.8:53Requeststorage.googleapis.comIN AResponsestorage.googleapis.comIN A142.251.36.16storage.googleapis.comIN A142.251.39.112storage.googleapis.comIN A172.217.168.208storage.googleapis.comIN A216.58.214.16storage.googleapis.comIN A142.250.179.144storage.googleapis.comIN A142.251.36.48storage.googleapis.comIN A142.250.179.176storage.googleapis.comIN A142.250.179.208
-
GEThttps://lh3.googleusercontent.com/liXNSFcgL2YWyQutOyawpiwl-d9A2TD31qEZjmF9qRdCby1AJO0vE5C8_kHXB7QMggM=w36-h36IEXPLORE.EXERemote address:142.251.36.1:443RequestGET /liXNSFcgL2YWyQutOyawpiwl-d9A2TD31qEZjmF9qRdCby1AJO0vE5C8_kHXB7QMggM=w36-h36 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Disposition: inline;filename="unnamed.png"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 211
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 16:11:46 GMT
Expires: Mon, 06 Feb 2023 22:04:58 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 3064
ETag: "v1"
Content-Type: image/png
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://lh3.googleusercontent.com/uSM1WAyJPHhLEEJu9DClOxayx6mNNJ5pmlDbmNcokQTVVM2ZeN4QeoeVA2VX2IZ-Dg=w24IEXPLORE.EXERemote address:142.251.36.1:443RequestGET /uSM1WAyJPHhLEEJu9DClOxayx6mNNJ5pmlDbmNcokQTVVM2ZeN4QeoeVA2VX2IZ-Dg=w24 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Disposition: inline;filename="unnamed.png"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 96
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 13:47:33 GMT
Expires: Mon, 06 Feb 2023 23:59:06 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 11717
ETag: "v1"
Content-Type: image/png
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://lh3.googleusercontent.com/nNsoJAlCSyDVpXigDGJ6VTl9vpG8JwHyefPlSmJ8jH5IKu8TkEBAJNREgD9gHFO81b6k=w36-h36IEXPLORE.EXERemote address:142.251.36.1:443RequestGET /nNsoJAlCSyDVpXigDGJ6VTl9vpG8JwHyefPlSmJ8jH5IKu8TkEBAJNREgD9gHFO81b6k=w36-h36 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Disposition: inline;filename="unnamed.png"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 124
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 14:18:34 GMT
Expires: Thu, 26 Jan 2023 06:45:07 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 9856
ETag: "v1"
Content-Type: image/png
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://lh3.googleusercontent.com/QbWcYKta5vh_4-OgUeFmK-JOB0YgLLoGh69P478nE6mKdfpWQniiBabjF7FVoCVXI0g=h36IEXPLORE.EXERemote address:142.251.36.1:443RequestGET /QbWcYKta5vh_4-OgUeFmK-JOB0YgLLoGh69P478nE6mKdfpWQniiBabjF7FVoCVXI0g=h36 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Disposition: inline;filename="unnamed.png"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 124
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 14:35:36 GMT
Expires: Wed, 01 Feb 2023 22:21:37 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 8834
ETag: "v1"
Content-Type: image/png
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://lh3.googleusercontent.com/fKYxJWmqWKS5JTWJUHJSE6u4tKZ6JbFx7YGMbbH0cI72r3E2MhU0vPrE6uaflUm94Q=w64IEXPLORE.EXERemote address:142.251.36.1:443RequestGET /fKYxJWmqWKS5JTWJUHJSE6u4tKZ6JbFx7YGMbbH0cI72r3E2MhU0vPrE6uaflUm94Q=w64 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Disposition: inline;filename="unnamed.png"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2205
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 15:14:16 GMT
Expires: Wed, 25 Jan 2023 20:47:28 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 6514
ETag: "v1"
Content-Type: image/png
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://lh3.googleusercontent.com/xnAMm2_zQbhuYe9sW8Yvdjqq1_W4FSbRmhHNpGqE5-zxipqV1UL1Un5lRq9PZOVdyaUI=w36-h36IEXPLORE.EXERemote address:142.251.36.1:443RequestGET /xnAMm2_zQbhuYe9sW8Yvdjqq1_W4FSbRmhHNpGqE5-zxipqV1UL1Un5lRq9PZOVdyaUI=w36-h36 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lh3.googleusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Disposition: inline;filename="unnamed.png"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 193
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 15:15:17 GMT
Expires: Wed, 01 Feb 2023 13:01:38 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 6453
ETag: "v1"
Content-Type: image/png
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://storage.googleapis.com/support-kms-prod/EkSYLH4zQcmB1Q3moTAkqWadsMNen9khgVjFIEXPLORE.EXERemote address:142.251.36.16:443RequestGET /support-kms-prod/EkSYLH4zQcmB1Q3moTAkqWadsMNen9khgVjF HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: storage.googleapis.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
x-goog-generation: 1464905438094000
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 153
x-goog-hash: crc32c=FqsE+A==
x-goog-hash: md5=p4ZjmaIpGdWJ4SU90gOKZg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 153
Server: UploadServer
Date: Wed, 08 Feb 2023 16:14:32 GMT
Expires: Wed, 08 Feb 2023 17:14:32 GMT
Cache-Control: public, max-age=3600
Age: 2898
Last-Modified: Thu, 02 Jun 2016 22:10:38 GMT
ETag: "a7866399a22919d589e1253dd2038a66"
Content-Type: image/png
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A216.58.208.110
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0IEXPLORE.EXERemote address:216.58.208.110:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive
Cookie: NID=511=u2K7NvyrQmzHkb5SJcNTaIkBtAJ7QNmUcFuYItOUn_6LTBLOvIqnyJqwiSI_txXCGbqvHhB0HhYFlRPZmRN8M4I9x7T-YbevuTdUM-2yyLvaJ33czL_aVIZuR9ioG_BBaqQmXmtxIzLIPhbJELO9L35eqCfOMKvbhEpddeqPLZ0
ResponseHTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 37983
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 06 Feb 2023 22:16:58 GMT
Expires: Tue, 06 Feb 2024 22:16:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sat, 07 Jan 2023 15:18:57 GMT
Content-Type: text/javascript; charset=UTF-8
Age: 153953
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestcrls.pki.googIN AResponsecrls.pki.googIN CNAMEwww3.l.google.comwww3.l.google.comIN A142.251.36.14
-
Remote address:8.8.8.8:53Requestcrls.pki.googIN AResponsecrls.pki.googIN CNAMEwww3.l.google.comwww3.l.google.comIN A142.251.36.14
-
Remote address:8.8.8.8:53Requestcrls.pki.googIN AResponsecrls.pki.googIN CNAMEwww3.l.google.comwww3.l.google.comIN A142.251.36.14
-
Remote address:8.8.8.8:53Requestcrls.pki.googIN AResponsecrls.pki.googIN CNAMEwww3.l.google.comwww3.l.google.comIN A142.251.36.14
-
Remote address:142.251.36.14:80RequestGET /gts1c3/QqFxbi9M48c.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crls.pki.goog
ResponseHTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 12168
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 16:28:33 GMT
Expires: Wed, 08 Feb 2023 17:18:33 GMT
Cache-Control: public, max-age=3000
Age: 2068
Last-Modified: Wed, 08 Feb 2023 12:14:38 GMT
Content-Type: application/pkix-crl
-
Remote address:142.251.36.14:80RequestGET /gts1c3/QqFxbi9M48c.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crls.pki.goog
ResponseHTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 12168
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 16:28:33 GMT
Expires: Wed, 08 Feb 2023 17:18:33 GMT
Cache-Control: public, max-age=3000
Age: 2068
Last-Modified: Wed, 08 Feb 2023 12:14:38 GMT
Content-Type: application/pkix-crl
-
Remote address:142.251.36.14:80RequestGET /gts1c3/zdATt0Ex_Fk.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crls.pki.goog
ResponseHTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 12129
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 16:17:20 GMT
Expires: Wed, 08 Feb 2023 17:07:20 GMT
Cache-Control: public, max-age=3000
Age: 2741
Last-Modified: Wed, 08 Feb 2023 08:15:10 GMT
Content-Type: application/pkix-crl
-
Remote address:142.251.36.14:80RequestGET /gts1c3/zdATt0Ex_Fk.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crls.pki.goog
ResponseHTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 12129
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 16:17:20 GMT
Expires: Wed, 08 Feb 2023 17:07:20 GMT
Cache-Control: public, max-age=3000
Age: 2741
Last-Modified: Wed, 08 Feb 2023 08:15:10 GMT
Content-Type: application/pkix-crl
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A173.223.113.131
-
152 B 3
-
152 B 3
-
709 B 7.3kB 9 10
-
9.8kB 335.4kB 161 254
HTTP Request
GET https://support.google.com/drive?p=collaborator_accountsHTTP Response
301HTTP Request
GET https://support.google.com/drive/answer/9195194?visit_id=638114725699461083-795429016&p=collaborator_accounts&rd=1HTTP Response
200HTTP Request
GET https://support.google.com/favicon.icoHTTP Response
200 -
142.251.36.1:443https://lh3.googleusercontent.com/fKYxJWmqWKS5JTWJUHJSE6u4tKZ6JbFx7YGMbbH0cI72r3E2MhU0vPrE6uaflUm94Q=w64tls, httpIEXPLORE.EXE3.5kB 14.3kB 16 18
HTTP Request
GET https://lh3.googleusercontent.com/liXNSFcgL2YWyQutOyawpiwl-d9A2TD31qEZjmF9qRdCby1AJO0vE5C8_kHXB7QMggM=w36-h36HTTP Response
200HTTP Request
GET https://lh3.googleusercontent.com/uSM1WAyJPHhLEEJu9DClOxayx6mNNJ5pmlDbmNcokQTVVM2ZeN4QeoeVA2VX2IZ-Dg=w24HTTP Response
200HTTP Request
GET https://lh3.googleusercontent.com/nNsoJAlCSyDVpXigDGJ6VTl9vpG8JwHyefPlSmJ8jH5IKu8TkEBAJNREgD9gHFO81b6k=w36-h36HTTP Response
200HTTP Request
GET https://lh3.googleusercontent.com/QbWcYKta5vh_4-OgUeFmK-JOB0YgLLoGh69P478nE6mKdfpWQniiBabjF7FVoCVXI0g=h36HTTP Response
200HTTP Request
GET https://lh3.googleusercontent.com/fKYxJWmqWKS5JTWJUHJSE6u4tKZ6JbFx7YGMbbH0cI72r3E2MhU0vPrE6uaflUm94Q=w64HTTP Response
200 -
152 B 3
-
142.251.36.1:443https://lh3.googleusercontent.com/xnAMm2_zQbhuYe9sW8Yvdjqq1_W4FSbRmhHNpGqE5-zxipqV1UL1Un5lRq9PZOVdyaUI=w36-h36tls, httpIEXPLORE.EXE1.3kB 9.9kB 11 12
HTTP Request
GET https://lh3.googleusercontent.com/xnAMm2_zQbhuYe9sW8Yvdjqq1_W4FSbRmhHNpGqE5-zxipqV1UL1Un5lRq9PZOVdyaUI=w36-h36HTTP Response
200 -
756 B 8.4kB 10 10
-
762 B 8.5kB 10 12
-
152 B 3
-
142.251.36.16:443https://storage.googleapis.com/support-kms-prod/EkSYLH4zQcmB1Q3moTAkqWadsMNen9khgVjFtls, httpIEXPLORE.EXE1.2kB 6.8kB 10 10
HTTP Request
GET https://storage.googleapis.com/support-kms-prod/EkSYLH4zQcmB1Q3moTAkqWadsMNen9khgVjFHTTP Response
200 -
713 B 4.7kB 9 9
-
216.58.208.110:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0tls, httpIEXPLORE.EXE2.2kB 45.6kB 25 38
HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0HTTP Response
200 -
152 B 3
-
595 B 13.4kB 10 12
HTTP Request
GET http://crls.pki.goog/gts1c3/QqFxbi9M48c.crlHTTP Response
200 -
595 B 13.4kB 10 12
HTTP Request
GET http://crls.pki.goog/gts1c3/QqFxbi9M48c.crlHTTP Response
200 -
595 B 13.3kB 10 12
HTTP Request
GET http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crlHTTP Response
200 -
595 B 13.3kB 10 12
HTTP Request
GET http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crlHTTP Response
200 -
529 B 355 B 6 5
-
529 B 355 B 6 5
-
519 B 355 B 6 5
-
707 B 7.6kB 8 11
-
64 B 80 B 1 1
DNS Request
support.google.com
DNS Response
142.251.36.46
-
71 B 116 B 1 1
DNS Request
lh3.googleusercontent.com
DNS Response
142.251.36.1
-
68 B 196 B 1 1
DNS Request
storage.googleapis.com
DNS Response
142.251.36.16142.251.39.112172.217.168.208216.58.214.16142.250.179.144142.251.36.48142.250.179.176142.250.179.208
-
61 B 98 B 1 1
DNS Request
apis.google.com
DNS Response
216.58.208.110
-
59 B 106 B 1 1
DNS Request
crls.pki.goog
DNS Response
142.251.36.14
-
59 B 106 B 1 1
DNS Request
crls.pki.goog
DNS Response
142.251.36.14
-
59 B 106 B 1 1
DNS Request
crls.pki.goog
DNS Response
142.251.36.14
-
59 B 106 B 1 1
DNS Request
crls.pki.goog
DNS Response
142.251.36.14
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
173.223.113.131
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52031ab374af55b755217bde2cf093008
SHA189902f654d577c7a89381fa488c31872348085b0
SHA25605b2471e39661682f37af4fd8212837d44715f74c4b839211803cc51a0d2bce7
SHA512b125ddd3d99f214859e9e51d55d4aea480aebba9ea318d3e1f3992457040bbc1086d7a5203d2922639f32996d3baf5edf0a1f5b296b47123c0aec69f28a4c7d8
-
Filesize
5KB
MD5f74fd5633b2e7a2c891e8362adf7dc20
SHA1f5dfb80b6c1614457bfecea5feaede10f57a15f8
SHA256b63121caffb7a879b4a11d0431f86b60f157737d3b68ce9443422f4e3df45c6d
SHA512489e6c6e9da5ac0f1d655cc79860d2a6501728df96b82a86e15e725eebd0fe0877cbe9f4e90e54e6dee4b5526dffd26785131ebfe6e9a2c38bd804e35ebe7418
-
Filesize
608B
MD5046fe2d07fb48fe1c81434cf6d019874
SHA158042d0d4b234cafa678b29c5fb72105be579107
SHA25643d0e5062f18635ed799f7217c3bd9d3113ef9336b5192072673b765164d77fb
SHA51275bc757fec4e6e448665fcf857b0d6fd83f4d1dd08ad88fe8a21a723d5ff3308875b9a8483fb53b666280d2d9bb48b8385ae4e76e76c03553312c669decc97d6