Overview

overview

10

Static

static

10

9ac0724cd2...18.exe

windows7-x64

6

9ac0724cd2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 13:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118.exe

  • Size

    60KB

  • MD5

    9ac0724cd20d2574580f0bf06b8aea75

  • SHA1

    5e2088c4bdae79d584f5478782337701a8467cda

  • SHA256

    aa4b6310c2dbd466a089cd9a7a414a50c3124f70c763fc0d1cb7c922e29c3890

  • SHA512

    1e43b5a267c6bcfbe7493ccdf9b5493126bdbeb6bb049e7c020fa51aa829be08d6ab686aa51a47bb239c0b25c088fa38dea9cd9f2d93d65b9e02155d98d62da4

  • SSDEEP

    768:/HV30jqxr5ScACZXpzsXUKY5l02d1zButV2:/13eqxlFAatOwR7

Score
10/10
guloaderdownloaderguloaderpersistence

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

xor.base64
1
44+NTk/V/z3HKMI4kMyRhWfBsiLSByQRSp6jDBRCt1nqN9f3VX1J5c7QyOGXdJgtsWm5y9mwK7lRA+21Guu9AjTg3p9c4lCO1HnPiZ0d4ta4EgNz31h1Ypur9F1lk8SqO4jlSKaKVvIfIRky6MXpfr66ChwqAXzGolT6Bmv4DlOF7S/wrTOhmyXKINrubu8nCWNUxDCpgm+o/EWucqAV+4yVNpmz26dDcHJqg/UWOs8PC1tte1LNF/OlS1e8SV+kkj6A/f6Erux213HnP79AeFq0YdGBttPA+U2Wu8PxZkzd5oemBCz4lH1/d5BGZ4vcYFyseohf2mgA9pxkyZpsseOPjU5P1f89xyjCOJDMkYVnwbIi0gckEUqeowwUQrdZ6jfX91V9SeXO0Mjhl3SYLbFpucvZsCu5UQPttRrrvQI04N6fXOJQjtR5z4mdHeLWuBIDc99YdWKbq/RdZZPEqjuI5UimilbyHyEZMujF6X6+ugocKgF8xqJU+gZr+A5The0v8K0zoZslyiDa7m7vJwljVMQwqYJvqPxFrnKgFfuMlTaZs9unQ3ByaoP1FjrPDwtbbXtSzRfzpUtXvElfpJI+gP3+hK7sdtdx5z+/QHhatGHRgbbTwPlNlrvD8WZM3eaHpgQs+JR9f3eQRmeL3GBcrHqIX9poAPacZMmabLHjj41OT9X/PccowjiQzJGFZ8GyItIHJBFKnqMMFEK3Weo31/dVfUnlztDI4Zc=

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader payload 2 IoCs
    guloader
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
      "C:\Users\Admin\AppData\Local\Temp\9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4540
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3644

    Network

    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      249.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      249.197.17.2.in-addr.arpa
      IN PTR
      Response
      249.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-249deploystaticakamaitechnologiescom
    • flag-us
      DNS
      6.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      6.181.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      drive.google.com
      RegAsm.exe
      Remote address:
      8.8.8.8:53
      Request
      drive.google.com
      IN A
      Response
      drive.google.com
      IN A
      142.250.179.78
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:03:46 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'nonce-JP33RCadadS9HJqVsoPbNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Cross-Origin-Opener-Policy: same-origin
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:03:57 GMT
      Strict-Transport-Security: max-age=31536000
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'nonce-HqXJrbNUUlvk-x5Ylm_FCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Cross-Origin-Opener-Policy: same-origin
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:04:07 GMT
      Strict-Transport-Security: max-age=31536000
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Cross-Origin-Opener-Policy: same-origin
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'nonce-tOJSLi2YKS5De_GmO75H3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:04:17 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'nonce-D4K4jcVfN3usYg-8c3QfgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Cross-Origin-Opener-Policy: same-origin
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:04:27 GMT
      Strict-Transport-Security: max-age=31536000
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Content-Security-Policy: script-src 'nonce-Uy0kw3KMrrZ_hHZ49hg4dQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Cross-Origin-Opener-Policy: same-origin
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:04:37 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'nonce-cCTC1PITFBNVtUdbYVg15Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Cross-Origin-Opener-Policy: same-origin
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:04:48 GMT
      Strict-Transport-Security: max-age=31536000
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'nonce-4HAUykegW4_4hylhuu053w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Cross-Origin-Opener-Policy: same-origin
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:04:58 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'nonce-xHlraddECjWkn-PLn_vupw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Cross-Origin-Opener-Policy: same-origin
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:05:08 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: script-src 'nonce-_CpNx-kguFcQ_-FHNZQbmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Cross-Origin-Opener-Policy: same-origin
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:05:18 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: script-src 'nonce-wHQZ6_kIDDesqmGmsWZuHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Cross-Origin-Opener-Policy: same-origin
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:05:29 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'nonce-0vNNEEjFIVwnG6PbgDo_WA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Cross-Origin-Opener-Policy: same-origin
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:05:39 GMT
      Strict-Transport-Security: max-age=31536000
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Content-Security-Policy: script-src 'nonce-w1h5fJww2QJoESKDCBBzQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Cross-Origin-Opener-Policy: same-origin
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-fr
      GET
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      RegAsm.exe
      Remote address:
      142.250.179.78:443
      Request
      GET /uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      Host: drive.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 10 Jun 2024 13:05:49 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: script-src 'nonce-wxc9d7Nv9Yh00NxKDcxz5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Cross-Origin-Opener-Policy: same-origin
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-us
      DNS
      78.179.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      78.179.250.142.in-addr.arpa
      IN PTR
      Response
      78.179.250.142.in-addr.arpa
      IN PTR
      par21s19-in-f141e100net
    • flag-us
      DNS
      163.214.58.216.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      163.214.58.216.in-addr.arpa
      IN PTR
      Response
      163.214.58.216.in-addr.arpa
      IN PTR
      mad01s26-in-f1631e100net
      163.214.58.216.in-addr.arpa
      IN PTR
      mad01s26-in-f3�J
      163.214.58.216.in-addr.arpa
      IN PTR
      par10s42-in-f3�J
    • flag-us
      DNS
      154.239.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      154.239.44.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      164.189.21.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      164.189.21.2.in-addr.arpa
      IN PTR
      Response
      164.189.21.2.in-addr.arpa
      IN PTR
      a2-21-189-164deploystaticakamaitechnologiescom
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN A
      Response
      chromewebstore.googleapis.com
      IN A
      172.217.18.202
      chromewebstore.googleapis.com
      IN A
      142.250.74.234
      chromewebstore.googleapis.com
      IN A
      142.250.75.234
      chromewebstore.googleapis.com
      IN A
      216.58.214.170
      chromewebstore.googleapis.com
      IN A
      172.217.20.170
      chromewebstore.googleapis.com
      IN A
      172.217.20.202
      chromewebstore.googleapis.com
      IN A
      216.58.215.42
      chromewebstore.googleapis.com
      IN A
      142.250.179.74
      chromewebstore.googleapis.com
      IN A
      142.250.179.106
      chromewebstore.googleapis.com
      IN A
      142.250.178.138
      chromewebstore.googleapis.com
      IN A
      142.250.201.170
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN Unknown
      Response
    • flag-us
      DNS
      202.18.217.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      202.18.217.172.in-addr.arpa
      IN PTR
      Response
      202.18.217.172.in-addr.arpa
      IN PTR
      ham02s14-in-f2021e100net
      202.18.217.172.in-addr.arpa
      IN PTR
      par10s38-in-f10�J
    • flag-us
      DNS
      169.253.116.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      169.253.116.51.in-addr.arpa
      IN PTR
      Response
    • 96.16.110.114:80
      260 B
       5
    • 142.250.179.78:443
      https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks
      tls, http
      RegAsm.exe
      6.9kB
       48.6kB
       75
      72

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404

      HTTP Request

      GET https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

      HTTP Response

      404
    • 13.107.253.64:443
      46 B
       40 B
       1
      1
    • 172.217.18.202:443
      chromewebstore.googleapis.com
      tls
      1.9kB
       7.9kB
       15
      16
    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      249.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      249.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      6.181.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      6.181.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      drive.google.com
      dns
      RegAsm.exe
      62 B
       78 B
       1
      1

      DNS Request

      drive.google.com

      DNS Response

      142.250.179.78

    • 8.8.8.8:53
      78.179.250.142.in-addr.arpa
      dns
      73 B
       112 B
       1
      1

      DNS Request

      78.179.250.142.in-addr.arpa

    • 8.8.8.8:53
      163.214.58.216.in-addr.arpa
      dns
      73 B
       171 B
       1
      1

      DNS Request

      163.214.58.216.in-addr.arpa

    • 8.8.8.8:53
      154.239.44.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      154.239.44.20.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      164.189.21.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      164.189.21.2.in-addr.arpa

    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       251 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

      DNS Response

      172.217.18.202
      142.250.74.234
      142.250.75.234
      216.58.214.170
      172.217.20.170
      172.217.20.202
      216.58.215.42
      142.250.179.74
      142.250.179.106
      142.250.178.138
      142.250.201.170

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       132 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

    • 8.8.8.8:53
      202.18.217.172.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      202.18.217.172.in-addr.arpa

    • 8.8.8.8:53
      169.253.116.51.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      169.253.116.51.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2136-2-0x0000000002270000-0x000000000227A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2136-3-0x0000000077861000-0x0000000077981000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2136-16-0x0000000002270000-0x000000000227A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2136-17-0x0000000002270000-0x000000000227A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4540-4-0x0000000000D10000-0x0000000000E10000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4540-5-0x0000000077861000-0x0000000077981000-memory.dmp

      Filesize

      1.1MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.