hxxps://classroom[.]google[.]com/c/NjUwNzIyOTEyMzg5

Analysis

max time kernel
1800s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10/05/2024, 16:16 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://classroom.google.com/c/NjUwNzIyOTEyMzg5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3008	msedge.exe
3008	msedge.exe
2960	msedge.exe
2960	msedge.exe
4656	identity_helper.exe
4656	identity_helper.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 1856	3008	msedge.exe	80
PID 3008 wrote to memory of 1856	3008	msedge.exe	80
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 2104	3008	msedge.exe	81
PID 3008 wrote to memory of 3168	3008	msedge.exe	82
PID 3008 wrote to memory of 3168	3008	msedge.exe	82
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83
PID 3008 wrote to memory of 1724	3008	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://classroom.google.com/c/NjUwNzIyOTEyMzg5
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c2a63cb8,0x7ff8c2a63cc8,0x7ff8c2a63cd8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,7988823739491232881,1743837659795185063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5612 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

Network

DNS

classroom.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

classroom.google.com

IN A

Response

classroom.google.com

IN A

216.58.201.110
DNS

ctldl.windowsupdate.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.18.190.79

a767.dspw65.akamai.net

IN A

2.18.190.77
DNS

110.201.58.216.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f141e100net

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f110�I

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f14�I
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
DNS

11.227.111.52.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

arc.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

IN A

20.103.156.88
DNS

tse1.mm.bing.net

msedge.exe

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

msedge.exe

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://classroom.google.com/c/NjUwNzIyOTEyMzg5

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /c/NjUwNzIyOTEyMzg5 HTTP/2.0
host: classroom.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://accounts.google.com/ServiceLogin?service=classroom&passive=1209600&continue=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&followup=https://classroom.google.com/c/NjUwNzIyOTEyMzg5

msedge.exe

Remote address:

209.85.203.84:443

Request

GET /ServiceLogin?service=classroom&passive=1209600&continue=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&followup=https://classroom.google.com/c/NjUwNzIyOTEyMzg5 HTTP/2.0
host: accounts.google.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=514=wkDAf3VKqi5H36r3UeewXmTBNgIwP3wK3EolZO-wBw4HTf7tf8mO0VNm6ypF_IMaFcgsfFqUK5YHa9aG9DOyVYRgN6OGWtODX0KOvivnQdUDbrqmfuavKIWkSSLe-GrWpMZ8ATTR1014Fl4aNYZD0GMmuo1s9Fh74S1cAxlHbFE
GET

https://accounts.google.com/InteractiveLogin?continue=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&followup=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&passive=1209600&service=classroom&ifkv=AaSxoQzgQ7WoV8yDL7ElJsV9BIFZyNYV6nzgOXG3jEnEFIXJh9Bp_Um2-hlEtQSkgNB3QjxTSJ8NnQ

msedge.exe

Remote address:

209.85.203.84:443

Request

GET /InteractiveLogin?continue=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&followup=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&passive=1209600&service=classroom&ifkv=AaSxoQzgQ7WoV8yDL7ElJsV9BIFZyNYV6nzgOXG3jEnEFIXJh9Bp_Um2-hlEtQSkgNB3QjxTSJ8NnQ HTTP/2.0
host: accounts.google.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=514=wkDAf3VKqi5H36r3UeewXmTBNgIwP3wK3EolZO-wBw4HTf7tf8mO0VNm6ypF_IMaFcgsfFqUK5YHa9aG9DOyVYRgN6OGWtODX0KOvivnQdUDbrqmfuavKIWkSSLe-GrWpMZ8ATTR1014Fl4aNYZD0GMmuo1s9Fh74S1cAxlHbFE
cookie: __Host-GAPS=1:ILzg5zKso6jjF_kkoODSVA68gdc9-w:ZYlgXyND-JOQSvJ4
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fclassroom.google.com%2Fc%2FNjUwNzIyOTEyMzg5&followup=https%3A%2F%2Fclassroom.google.com%2Fc%2FNjUwNzIyOTEyMzg5&ifkv=AaSxoQw19-6tA8YS6u-mv0NE0bCM0s1BPYcplLWUss2esMv9i6sO_Rja3PBY1zSNu7PaS-3-MCMeSQ&passive=1209600&service=classroom&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-66708588%3A1715357926512753&ddm=0

msedge.exe

Remote address:

209.85.203.84:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Fclassroom.google.com%2Fc%2FNjUwNzIyOTEyMzg5&followup=https%3A%2F%2Fclassroom.google.com%2Fc%2FNjUwNzIyOTEyMzg5&ifkv=AaSxoQw19-6tA8YS6u-mv0NE0bCM0s1BPYcplLWUss2esMv9i6sO_Rja3PBY1zSNu7PaS-3-MCMeSQ&passive=1209600&service=classroom&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-66708588%3A1715357926512753&ddm=0 HTTP/2.0
host: accounts.google.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=514=wkDAf3VKqi5H36r3UeewXmTBNgIwP3wK3EolZO-wBw4HTf7tf8mO0VNm6ypF_IMaFcgsfFqUK5YHa9aG9DOyVYRgN6OGWtODX0KOvivnQdUDbrqmfuavKIWkSSLe-GrWpMZ8ATTR1014Fl4aNYZD0GMmuo1s9Fh74S1cAxlHbFE
cookie: __Host-GAPS=1:ILzg5zKso6jjF_kkoODSVA68gdc9-w:ZYlgXyND-JOQSvJ4
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

10.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.179.89.13.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

84.203.85.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.203.85.209.in-addr.arpa

IN PTR

Response

84.203.85.209.in-addr.arpa

IN PTR

dh-in-f841e100net
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

accounts.google.com

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

209.85.203.84
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

ris.api.iris.microsoft.com

Remote address:

8.8.8.8:53

Request

ris.api.iris.microsoft.com

IN A

Response

ris.api.iris.microsoft.com

IN CNAME

ris-prod.trafficmanager.net

ris-prod.trafficmanager.net

IN CNAME

asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com

asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com

IN A

20.234.120.54
GET

https://www.google.com/favicon.ico

msedge.exe

Remote address:

142.250.178.4:443

Request

GET /favicon.ico HTTP/2.0
host: www.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=514=wkDAf3VKqi5H36r3UeewXmTBNgIwP3wK3EolZO-wBw4HTf7tf8mO0VNm6ypF_IMaFcgsfFqUK5YHa9aG9DOyVYRgN6OGWtODX0KOvivnQdUDbrqmfuavKIWkSSLe-GrWpMZ8ATTR1014Fl4aNYZD0GMmuo1s9Fh74S1cAxlHbFE
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 476246
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EB4E0C52753A450297CAA99365DC385B Ref B: LON04EDGE1207 Ref C: 2024-05-10T16:42:28Z
date: Fri, 10 May 2024 16:42:28 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 499516
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C81C898073E443339A43312E1A9C5EF2 Ref B: LON04EDGE1207 Ref C: 2024-05-10T16:42:28Z
date: Fri, 10 May 2024 16:42:28 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 464243
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 08F8A1137D1C4C53B28148D60D57CDF1 Ref B: LON04EDGE1207 Ref C: 2024-05-10T16:42:28Z
date: Fri, 10 May 2024 16:42:28 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 382817
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8BBD2D8D8D8D415CB540EB9B9540FA45 Ref B: LON04EDGE1207 Ref C: 2024-05-10T16:42:28Z
date: Fri, 10 May 2024 16:42:28 GMT

216.58.201.110:443

https://classroom.google.com/c/NjUwNzIyOTEyMzg5

tls, http2

msedge.exe

2.1kB
7.6kB
20
22

HTTP Request

GET https://classroom.google.com/c/NjUwNzIyOTEyMzg5
209.85.203.84:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fclassroom.google.com%2Fc%2FNjUwNzIyOTEyMzg5&followup=https%3A%2F%2Fclassroom.google.com%2Fc%2FNjUwNzIyOTEyMzg5&ifkv=AaSxoQw19-6tA8YS6u-mv0NE0bCM0s1BPYcplLWUss2esMv9i6sO_Rja3PBY1zSNu7PaS-3-MCMeSQ&passive=1209600&service=classroom&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-66708588%3A1715357926512753&ddm=0

tls, http2

msedge.exe

5.4kB
131.7kB
69
117

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=classroom&passive=1209600&continue=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&followup=https://classroom.google.com/c/NjUwNzIyOTEyMzg5

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&followup=https://classroom.google.com/c/NjUwNzIyOTEyMzg5&passive=1209600&service=classroom&ifkv=AaSxoQzgQ7WoV8yDL7ElJsV9BIFZyNYV6nzgOXG3jEnEFIXJh9Bp_Um2-hlEtQSkgNB3QjxTSJ8NnQ

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fclassroom.google.com%2Fc%2FNjUwNzIyOTEyMzg5&followup=https%3A%2F%2Fclassroom.google.com%2Fc%2FNjUwNzIyOTEyMzg5&ifkv=AaSxoQw19-6tA8YS6u-mv0NE0bCM0s1BPYcplLWUss2esMv9i6sO_Rja3PBY1zSNu7PaS-3-MCMeSQ&passive=1209600&service=classroom&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-66708588%3A1715357926512753&ddm=0
142.250.178.4:443

https://www.google.com/favicon.ico

tls, http2

msedge.exe

2.3kB
8.0kB
20
21

HTTP Request

GET https://www.google.com/favicon.ico
142.250.187.206:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

2.0kB
8.9kB
20
22

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
52.111.243.30:443

322 B
7
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
16
13
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

76.8kB
1.9MB
1373
1370

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
16
14

8.8.8.8:53

classroom.google.com

dns

msedge.exe

521 B
1.1kB
8
7

DNS Request

classroom.google.com

DNS Response

216.58.201.110

DNS Request

ctldl.windowsupdate.com

DNS Response

2.18.190.79

2.18.190.77

DNS Request

110.201.58.216.in-addr.arpa

DNS Request

www.google.com

DNS Response

142.250.178.4

DNS Request

11.227.111.52.in-addr.arpa

DNS Request

arc.msn.com

DNS Response

20.103.156.88

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
209.85.203.84:443

accounts.google.com

https

msedge.exe

6.5kB
10.7kB
29
31
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

363 B
666 B
5
5

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

206.187.250.142.in-addr.arpa

DNS Request

10.179.89.13.in-addr.arpa

DNS Request

88.156.103.20.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

84.203.85.209.in-addr.arpa

dns

426 B
773 B
6
6

DNS Request

84.203.85.209.in-addr.arpa

DNS Request

3.180.250.142.in-addr.arpa

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

accounts.google.com

DNS Response

209.85.203.84

DNS Request

26.35.223.20.in-addr.arpa

DNS Request

ris.api.iris.microsoft.com

DNS Response

20.234.120.54
224.0.0.251:5353

msedge.exe

594 B
9
142.250.187.206:443

play.google.com

https

msedge.exe

7.7kB
9.3kB
18
21
209.85.203.84:443

accounts.google.com

https

msedge.exe

2.9kB
3.7kB
8
9
209.85.203.84:443

accounts.google.com

https

msedge.exe

2.7kB
3.5kB
9
7
209.85.203.84:443

accounts.google.com

https

msedge.exe

2.7kB
3.6kB
8
8
209.85.203.84:443

accounts.google.com

https

msedge.exe

2.6kB
3.6kB
7
8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
480df31f176e19cb130dc2b5657bd063

SHA1
b06cbd2944abbdf278c2941f8d70df2548a0fc02

SHA256
d746e271613dd611e4457b72ef2289d4a201ec8b2fbc15dc07c08848c205d26e

SHA512
7fbe074c140312e800bef6563cec9f8d604a4c4a3bb8de5fedbf49d71f8b9e965fe41504f08f0929135026ac8dec2dd41ee5d182ac0ea6f4658c4d3ced486614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
506ab2d987ecb1ffab1eeef3e8aa4b29

SHA1
01028d03c3e03a8786b9f9d986888c5d6dd92c93

SHA256
898ae6f9109c5791de0e9bb3fa10f66d5aee385bfb62a5d4aae71dc2c28c16bd

SHA512
d4ccfc4944628d6077542cd9116514af5b76c2e1c8e473cb40482a625e63e89dafa517ef7f78f71e8c79f0c43f93fd2c1b34c7e2fd21c423d9a3a3af9b1fae30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ed232488f7ef166552cb1983fee9cbfe

SHA1
c6a1c70e492cbcf1b630b29e651fff888d527f19

SHA256
0625ab5e2f68ba9f1a73386fc65c34a91f886a777c74c564eae9656ec54cda9d

SHA512
ed8f07c4be24258dc6bf3863e7fa109cb38c47973b23b18289e83ac65eba76b51a2e57ec2dfad4affe6bef6a62d08f8ab08a16addabdc213baa589f855253d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
146321c5cc957a0ba1fecc7158d50f6b

SHA1
ae8594b8ed4b684530d49ee7083d350d39aa0c3b

SHA256
28ffae789e88654b91d3e1d5eafe954f6bb70129b21926f7835d6e6fb021eeb9

SHA512
2676daa2cb7484f882e87958a2d76ec74984869c2f691ec9a630d518886afae4a72642e8baf6af12e6dcf22f8be1ad08e2a9928f620234743f718c2f552a7540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eb800bd4868638bdd666268a9e959ee2

SHA1
94369aa0d52c6ac02f8a921ee8c959a4dee7373c

SHA256
9c05de8d65991c4c65dbf97461fb49562eb6e0426ec489478f2c3d62d59ef61a

SHA512
c615d7ca373116b888aeb3e43d1aa8ba9830c645193bf23ef901e8f8eb104d963c3f112ac9a0f69547a4de9b58ece5fc6bdb2e58e72446599f5004ea90d795ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9948c6d425d5c724916e7536af4207a6

SHA1
1ecb171f92c4239f86f3398f2b4a5f442d57e5e4

SHA256
214743077ef86a442958a8588b9bbbdcec00509faf0e187a447662ca1eef8fff

SHA512
dd1570f8fb42716e972c7243cf501efa54e886701c30c450f36792d1b39c584785d4a92279c1ffa4643a3d4d3f50dd7e43eaa16f66e6a732be1294e54401fee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0129a404abaca189cfa5e52970bd0add

SHA1
6a8089991b586d22b0ad93af5a5ee83dfcc6b593

SHA256
313c4b2ce80a6e9766b25bdb51e8d0253fd204fb85322e1e1af5646260ea8ce2

SHA512
91315c426640785306bb26d851a12165c6e1ed428cc08de0510b8722d3131460f5ce8fd57ae973a830d676874d3789a065f5ee0e2c23e8d36e24c888d1210d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5f540db8b0a8aa8e634720e2fdbeab5

SHA1
9846453cb970e574ea398b1028d27c3e51c0fc9b

SHA256
09e0b863d3cfaaa67130f042925a104bb250fc19e15f6fc555f88273adfb8fa9

SHA512
b286be577d6dea949ed4c58c6c4088c54d56ac034f2912009f8e4787e256c741b8117ded429fb47de2d5589bcbfb026ba43526e1565d20a86a63aa9360f5f3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
36558f3bcda3afe7f219b6b57204804d

SHA1
b7fe3e54c6e71989b76254296e2e404842f1bb98

SHA256
4239681615fbf208094ed7223c6cbec9b40af878840579faf9f49dd3843ef5c8

SHA512
874c833940970ced5c142080a4b3a1f74e641bc3a067fef8d85f01ac31191d767ebf5d74ba87b48ce1ff5c97abe55aa416cda587021e7765f064d2e7cde5bcc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
54f6808245e96339841452b04a5e5474

SHA1
eff98314185376a80f5fc40c1e0255e721a4f453

SHA256
c8902402cb742df5dc6d745ba32dda9936c631eb6920c1c8d3b98da8ff1f0c06

SHA512
b96b821f3ec58aed015736b287e154e26018c937fb949279650482c3e31b2b5339b7fb93542c55a0e8e2854d1ad3c91bdb7c7b1a491d5c32e7f9513c048bbcc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c956ab2a6c47765c2f6c39c37fb00f23

SHA1
ad9dbe2384ddead4df0b7f13cbe99a7dee102be3

SHA256
14d1a7d4a917a38fa2dae729f23e1d8fb51e522ea4f0f44c735dbf3f112e57f8

SHA512
6dcea8864801d17acdd8ca9d86caed79776a1597067db63aaaf7a1b2bfc1cd01fb48a58d8f7bca43f1f5346e2bdeb2c18074a554fb3b09d0498bcb1a7b5cea99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7dbbd672400530c1c9053c4df3c4513b

SHA1
ba668264841cadff83dd2bc66ecd41543e8a8353

SHA256
ee8e7cbdccfbee1bcdf6f9868f371cff88830316b6a5c39c0e67760f488fd656

SHA512
acbbd4ae2ea91a69a63ec2695baf6ee2e93f8a1693bacf408fb9c8dac2433f75cced35bd50c377dfb51c78ed45effc2120b7963fc401dc4b45075cbe357acc73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585985.TMP

Filesize
371B

MD5
abb32a201435d1bb4532b4889743d017

SHA1
59c53cc09b48881883fabfd257822ace42277537

SHA256
bc4b939f5888f9e63c7aafdee5747646e41701ef4920bd30cb092b3e198ee4aa

SHA512
cb8e79a182b0378299696f452a5b59baf6589cf4825b87453e8a5622571c1af6cd506f6f2a20bd77208215511f07db551d4e186fe0d9285ee71a2f194847c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad1da737a793303339c48b086fbed0bb

SHA1
d59fa98ae5e42e6b4a77388a30e04a7a9ab00e36

SHA256
65b3329bfa56a650f8c4917a3646a0090cda4b25dbbb8f12bbfd4402fb827571

SHA512
f8c45f97d1a03dca875ce6889a21f551f2484ece32fb7fc73bb276e6c3f28c77fe04d2ad193692d821e931a2e0d9e815c95ab656fbb6486ebf47ac61d167dbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d06f42b0ee6866296e1efa14285ffe84

SHA1
6b5db788cd9a43cbd7ab9548ad52ce2c34cdce32

SHA256
a12b6969ec72e3f6c9c1e77637546a9e4f99b837d693e00efcf6bafdb9c2c5b5

SHA512
c168e874f90f966edaae4c2b9b7124e85036202a60218cf9fbab74097ee957cac4ad82df19685fa05b2bc9beaf0509492df60c847b86c653f055d4db833bbfb4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.