hxxps://drive[.]google[.]com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing

Analysis

max time kernel
97s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 04:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
6088	ransom.exe
5952	ransom.exe

Loads dropped DLL 37 IoCs

pid	Process
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe
5952	ransom.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0008000000023473-116.dat	pyinstaller

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 290274.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5196	WINWORD.EXE
5196	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4636	msedge.exe
4636	msedge.exe
3132	identity_helper.exe
3132	identity_helper.exe
5776	msedge.exe
5776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5952	ransom.exe
5952	ransom.exe
5196	WINWORD.EXE
5196	WINWORD.EXE
5196	WINWORD.EXE
5196	WINWORD.EXE
5196	WINWORD.EXE
5196	WINWORD.EXE
5196	WINWORD.EXE
5196	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 4920	4636	msedge.exe	83
PID 4636 wrote to memory of 4920	4636	msedge.exe	83
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 1780	4636	msedge.exe	84
PID 4636 wrote to memory of 4568	4636	msedge.exe	85
PID 4636 wrote to memory of 4568	4636	msedge.exe	85
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86
PID 4636 wrote to memory of 4040	4636	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91c4a46f8,0x7ff91c4a4708,0x7ff91c4a4718
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,15774576605073959442,10051064982432731680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6012

C:\Users\Admin\Downloads\ransom.exe
"C:\Users\Admin\Downloads\ransom.exe"
1⤵
- Executes dropped EXE
PID:6088
- C:\Users\Admin\Downloads\ransom.exe
  "C:\Users\Admin\Downloads\ransom.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5952

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SelectSend.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5196

Network

DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

drive.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.250.178.14
GET

https://drive.google.com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing

msedge.exe

Remote address:

142.250.178.14:443

Request

GET /file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f991e100net

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f3�H

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�H
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

ogs.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.169.14
DNS

ogads-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

172.217.169.10
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.187.238
GET

https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=

msedge.exe

Remote address:

172.217.169.14:443

Request

GET /widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm= HTTP/2.0
host: ogs.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=I0-pqX6w1F_fU2i2j3h2iEu9n0VgxkNOCPz8MbTJ9n0eGe9WDrMSquShOKaDSWmro6p8oVasVBdL-INKjMbksNXckB4s5dEAhFNJ0JHLzv-03nKutd8TvTM1QdCcp86FlkQ2a6TDf7qnf8biR4f6d0ZH1hESiNRkOM7sq9YXz04
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

msedge.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=I0-pqX6w1F_fU2i2j3h2iEu9n0VgxkNOCPz8MbTJ9n0eGe9WDrMSquShOKaDSWmro6p8oVasVBdL-INKjMbksNXckB4s5dEAhFNJ0JHLzv-03nKutd8TvTM1QdCcp86FlkQ2a6TDf7qnf8biR4f6d0ZH1hESiNRkOM7sq9YXz04
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=I0-pqX6w1F_fU2i2j3h2iEu9n0VgxkNOCPz8MbTJ9n0eGe9WDrMSquShOKaDSWmro6p8oVasVBdL-INKjMbksNXckB4s5dEAhFNJ0JHLzv-03nKutd8TvTM1QdCcp86FlkQ2a6TDf7qnf8biR4f6d0ZH1hESiNRkOM7sq9YXz04
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.200.14
POST

https://play.google.com/log?format=json&hasfast=true

msedge.exe

Remote address:

142.250.200.14:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 3431
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://drive.google.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=I0-pqX6w1F_fU2i2j3h2iEu9n0VgxkNOCPz8MbTJ9n0eGe9WDrMSquShOKaDSWmro6p8oVasVBdL-INKjMbksNXckB4s5dEAhFNJ0JHLzv-03nKutd8TvTM1QdCcp86FlkQ2a6TDf7qnf8biR4f6d0ZH1hESiNRkOM7sq9YXz04
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

216.58.201.99
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.228
GET

https://www.google.com/images/hpp/Chrome_Owned_96x96.png

msedge.exe

Remote address:

142.250.179.228:443

Request

GET /images/hpp/Chrome_Owned_96x96.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=I0-pqX6w1F_fU2i2j3h2iEu9n0VgxkNOCPz8MbTJ9n0eGe9WDrMSquShOKaDSWmro6p8oVasVBdL-INKjMbksNXckB4s5dEAhFNJ0JHLzv-03nKutd8TvTM1QdCcp86FlkQ2a6TDf7qnf8biR4f6d0ZH1hESiNRkOM7sq9YXz04
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.102.84
DNS

content.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

content.googleapis.com

IN A

Response

content.googleapis.com

IN A

216.58.213.10

content.googleapis.com

IN A

216.58.204.74

content.googleapis.com

IN A

142.250.187.202

content.googleapis.com

IN A

142.250.178.10

content.googleapis.com

IN A

142.250.187.234

content.googleapis.com

IN A

216.58.212.234

content.googleapis.com

IN A

142.250.179.234

content.googleapis.com

IN A

142.250.200.42

content.googleapis.com

IN A

172.217.16.234

content.googleapis.com

IN A

142.250.180.10

content.googleapis.com

IN A

172.217.169.10

content.googleapis.com

IN A

142.250.200.10

content.googleapis.com

IN A

216.58.201.106

content.googleapis.com

IN A

172.217.169.42
GET

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com

msedge.exe

Remote address:

142.250.102.84:443

Request

GET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=zOnlp8ztrpLa3z7-m7HFG1WPLX6sqsKb_aAm0XUHBKm0G1Qz3zKYyJ3OUZT6RKS99C8jwCObjyBeD5AykxyzLmOoHDDam4Wi541579DwqaE7JmaWUuGKf3r81rQnUCh1IyrEwAA73eyPkosJphHIx7-R6YAif50l9TQAsm5kF9g
cookie: OGPC=19010599-1:
DNS

blobcomments-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

blobcomments-pa.clients6.google.com

IN A

Response

blobcomments-pa.clients6.google.com

IN A

142.250.200.42
OPTIONS

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl&revisionId=0B31DE0e4ysDnS1I5Ylg0RWZ1QWJzVzFuTlFMRkJXZnBMV1Z3PQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

msedge.exe

Remote address:

142.250.200.42:443

Request

OPTIONS /v1/metadata?docId=1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl&revisionId=0B31DE0e4ysDnS1I5Ylg0RWZ1QWJzVzFuTlFMRkJXZnBMV1Z3PQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

drive-thirdparty.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive-thirdparty.googleusercontent.com

IN A

Response

drive-thirdparty.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.187.225
GET

https://drive-thirdparty.googleusercontent.com/16/type/application/x-msdownload

msedge.exe

Remote address:

142.250.187.225:443

Request

GET /16/type/application/x-msdownload HTTP/2.0
host: drive-thirdparty.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

14.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.169.217.172.in-addr.arpa

IN PTR

Response

14.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f141e100net
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

228.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.179.250.142.in-addr.arpa

IN PTR

Response

228.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f41e100net
DNS

84.102.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.102.250.142.in-addr.arpa

IN PTR

Response

84.102.250.142.in-addr.arpa

IN PTR

rb-in-f841e100net
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

lh3.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.187.225
DNS

225.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.187.250.142.in-addr.arpa

IN PTR

Response

225.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f11e100net
DNS

10.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.213.58.216.in-addr.arpa

IN PTR

Response

10.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f101e100net

10.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f10�H
DNS

drive.usercontent.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

216.58.201.97
GET

https://drive.usercontent.google.com/uc?id=1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl&export=download

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /uc?id=1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl&export=download HTTP/2.0
host: drive.usercontent.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=zOnlp8ztrpLa3z7-m7HFG1WPLX6sqsKb_aAm0XUHBKm0G1Qz3zKYyJ3OUZT6RKS99C8jwCObjyBeD5AykxyzLmOoHDDam4Wi541579DwqaE7JmaWUuGKf3r81rQnUCh1IyrEwAA73eyPkosJphHIx7-R6YAif50l9TQAsm5kF9g
cookie: OGPC=19010599-1:
cookie: __Secure-ENID=22.SE=R1C4hCBhWCQfZOXb7Cg1v10gyrIaDXhj8uuQrQhv9lNCa3KpnQVOpWGb1gcqjvkyzzx_EpOmc0SdH2n2Ji1ezipJrPOIGOerWxLurqtzENfksWIQoXSGFKVaMC2SL1jPOwHL-tQHjS37rN7odRO_svmMEaBat-ULv1MotwdW6pI36Nwn
DNS

97.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.201.58.216.in-addr.arpa

IN PTR

Response

97.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f11e100net

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f97�G

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1�G
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

roaming.officeapps.live.com

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

roaming.officeapps.live.com

IN A

Response

roaming.officeapps.live.com

IN CNAME

prod.roaming1.live.com.akadns.net

prod.roaming1.live.com.akadns.net

IN CNAME

eur.roaming1.live.com.akadns.net

eur.roaming1.live.com.akadns.net

IN CNAME

uks-azsc-000.roaming.officeapps.live.com

uks-azsc-000.roaming.officeapps.live.com

IN CNAME

osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com

osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com

IN A

52.109.28.47
DNS

roaming.officeapps.live.com

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

roaming.officeapps.live.com

IN A

Response

roaming.officeapps.live.com

IN CNAME

prod.roaming1.live.com.akadns.net

prod.roaming1.live.com.akadns.net

IN CNAME

eur.roaming1.live.com.akadns.net

eur.roaming1.live.com.akadns.net

IN CNAME

uks-azsc-000.roaming.officeapps.live.com

uks-azsc-000.roaming.officeapps.live.com

IN CNAME

osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com

osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com

IN A

52.109.28.47
POST

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

WINWORD.EXE

Remote address:

52.109.28.47:443

Request

POST /rs/RoamingSoapService.svc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
User-Agent: MS-WebServices/1.0
SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
Content-Length: 511
Host: roaming.officeapps.live.com

Response

HTTP/1.1 200 OK

Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-OfficeFE: RoamingFE_IN_272
X-OfficeVersion: 16.0.18025.30575
X-OfficeCluster: uks-000.roaming.officeapps.live.com
X-CorrelationId: 719a1a31-5204-42dd-b72d-166013488844
X-Powered-By: ASP.NET
Date: Wed, 04 Sep 2024 04:51:01 GMT
Content-Length: 654
DNS

46.28.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.28.109.52.in-addr.arpa

IN PTR

Response
DNS

47.28.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

47.28.109.52.in-addr.arpa

IN PTR

Response
DNS

47.28.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

47.28.109.52.in-addr.arpa

IN PTR

Response
DNS

16.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.173.189.20.in-addr.arpa

IN PTR

Response
DNS

16.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.173.189.20.in-addr.arpa

IN PTR

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response

142.250.178.14:443

https://drive.google.com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing

tls, http2

msedge.exe

2.6kB
34.5kB
29
39

HTTP Request

GET https://drive.google.com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing
172.217.169.14:443

https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=

tls, http2

msedge.exe

2.4kB
23.1kB
21
27

HTTP Request

GET https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=
142.250.180.10:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

msedge.exe

1.9kB
6.8kB
16
16

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.187.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1

tls, http2

msedge.exe

5.8kB
126.8kB
92
100

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1
142.250.200.14:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

msedge.exe

5.6kB
9.0kB
20
19

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
142.250.179.228:443

https://www.google.com/images/hpp/Chrome_Owned_96x96.png

tls, http2

msedge.exe

2.2kB
12.9kB
20
20

HTTP Request

GET https://www.google.com/images/hpp/Chrome_Owned_96x96.png
142.250.102.84:443

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com

tls, http2

msedge.exe

2.4kB
7.6kB
16
16

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com
142.250.200.42:443

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl&revisionId=0B31DE0e4ysDnS1I5Ylg0RWZ1QWJzVzFuTlFMRkJXZnBMV1Z3PQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

tls, http2

msedge.exe

2.1kB
12.2kB
17
20

HTTP Request

OPTIONS https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl&revisionId=0B31DE0e4ysDnS1I5Ylg0RWZ1QWJzVzFuTlFMRkJXZnBMV1Z3PQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797
142.250.187.225:443

https://drive-thirdparty.googleusercontent.com/16/type/application/x-msdownload

tls, http2

msedge.exe

1.9kB
12.3kB
17
18

HTTP Request

GET https://drive-thirdparty.googleusercontent.com/16/type/application/x-msdownload
216.58.201.97:443

https://drive.usercontent.google.com/uc?id=1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl&export=download

tls, http2

msedge.exe

2.3kB
7.4kB
15
16

HTTP Request

GET https://drive.usercontent.google.com/uc?id=1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl&export=download
216.58.201.97:443

drive.usercontent.google.com

tls, http2

msedge.exe

999 B
5.9kB
9
8
52.109.28.47:443

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

tls, http

WINWORD.EXE

1.7kB
7.7kB
11
10

HTTP Request

POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

HTTP Response

200

8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

drive.google.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

142.250.178.14
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

ogs.google.com

dns

msedge.exe

60 B
97 B
1
1

DNS Request

ogs.google.com

DNS Response

172.217.169.14
8.8.8.8:53

ogads-pa.googleapis.com

dns

msedge.exe

69 B
277 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

142.250.180.10

216.58.201.106

216.58.212.234

142.250.200.10

142.250.200.42

172.217.169.74

172.217.16.234

142.250.187.234

216.58.204.74

142.250.179.234

142.250.178.10

142.250.187.202

172.217.169.10
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.187.238
142.250.178.14:443

drive.google.com

https

msedge.exe

4.4kB
10.0kB
14
16
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.200.14
142.250.180.10:443

ogads-pa.googleapis.com

https

msedge.exe

3.9kB
7.2kB
8
10
8.8.8.8:53

ssl.gstatic.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

216.58.201.99
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.228
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.102.84
142.250.200.14:443

play.google.com

https

msedge.exe

26.7kB
10.0kB
34
30
8.8.8.8:53

content.googleapis.com

dns

msedge.exe

68 B
292 B
1
1

DNS Request

content.googleapis.com

DNS Response

216.58.213.10

216.58.204.74

142.250.187.202

142.250.178.10

142.250.187.234

216.58.212.234

142.250.179.234

142.250.200.42

172.217.16.234

142.250.180.10

172.217.169.10

142.250.200.10

216.58.201.106

172.217.169.42
8.8.8.8:53

blobcomments-pa.clients6.google.com

dns

msedge.exe

81 B
97 B
1
1

DNS Request

blobcomments-pa.clients6.google.com

DNS Response

142.250.200.42
142.250.102.84:443

accounts.google.com

https

msedge.exe

3.9kB
12.3kB
15
19
142.250.187.238:443

apis.google.com

https

msedge.exe

4.8kB
44.8kB
24
38
8.8.8.8:53

drive-thirdparty.googleusercontent.com

dns

msedge.exe

84 B
129 B
1
1

DNS Request

drive-thirdparty.googleusercontent.com

DNS Response

142.250.187.225
8.8.8.8:53

14.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.169.217.172.in-addr.arpa
8.8.8.8:53

10.180.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.180.250.142.in-addr.arpa
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

228.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

228.179.250.142.in-addr.arpa
8.8.8.8:53

84.102.250.142.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

84.102.250.142.in-addr.arpa
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.200.250.142.in-addr.arpa
142.250.200.42:443

blobcomments-pa.clients6.google.com

https

msedge.exe

4.4kB
8.7kB
10
11
142.250.179.228:443

www.google.com

https

msedge.exe

4.0kB
11.0kB
11
13
216.58.213.10:443

content.googleapis.com

https

msedge.exe

5.1kB
7.9kB
12
11
8.8.8.8:53

lh3.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.187.225
142.250.187.225:443

lh3.googleusercontent.com

https

msedge.exe

3.8kB
12.0kB
11
13
8.8.8.8:53

225.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

225.187.250.142.in-addr.arpa
8.8.8.8:53

10.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

10.213.58.216.in-addr.arpa
8.8.8.8:53

drive.usercontent.google.com

dns

msedge.exe

74 B
90 B
1
1

DNS Request

drive.usercontent.google.com

DNS Response

216.58.201.97
216.58.201.97:443

drive.usercontent.google.com

https

msedge.exe

137.6kB
16.2MB
1766
11882
224.0.0.251:5353

572 B
9
8.8.8.8:53

97.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

97.201.58.216.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
142.250.200.14:443

play.google.com

https

msedge.exe

3.6kB
7.2kB
9
11
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
142.250.200.14:443

play.google.com

https

msedge.exe

11.6kB
3.7kB
18
15
8.8.8.8:53

roaming.officeapps.live.com

dns

WINWORD.EXE

146 B
488 B
2
2

DNS Request

roaming.officeapps.live.com

DNS Response

52.109.28.47

DNS Request

roaming.officeapps.live.com

DNS Response

52.109.28.47
8.8.8.8:53

46.28.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

46.28.109.52.in-addr.arpa
8.8.8.8:53

47.28.109.52.in-addr.arpa

dns

142 B
290 B
2
2

DNS Request

47.28.109.52.in-addr.arpa

DNS Request

47.28.109.52.in-addr.arpa
8.8.8.8:53

16.173.189.20.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

16.173.189.20.in-addr.arpa

DNS Request

16.173.189.20.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
fdfea5579c5df511404d9b0123441dd9

SHA1
c3a0126dbfd2794c5250854bfd8c373a2f016d09

SHA256
771959272dba868eb1a88ca583366d5b4d51fb51b25c9636fa77ce2e04febb2d

SHA512
93aac5bbbdd649db8795496551d2b83840f5bf9d62e24e16b940f236da46df2383d16a501fe48afb0864290ae104fbcc411989dec6dd260a9e9f015af5ed9356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9d565d85ed70800e02d1968650e5eb3d

SHA1
96b0f9fbf00ad1fb0e77cf0d1e0da45856d945cd

SHA256
8ad72d3689fcc3b628647cf7821e218aea4381718a44950391e5093063af61ed

SHA512
5d6b6713f3c6bf2972e6ace54be72009c2c8620670506484c320dcbfc15429efae7eda4b15331d8291b9ccd36db46cba88876493e723282552937a1c53d0b879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c5b60dc914bf95ccb94aa2b5dbdf1158

SHA1
c9e1aa45b23e4e324b678f18456eb1c72b4402ec

SHA256
d135146b32c94abb60ea2bf20b4c2545e406ae6a9c83b3851af7505051e0ab19

SHA512
06eaf762f68f096afc98b8a4149563141b1b130f5ea53c9f5c3f4fcb319a6182054a61f0a7cc44d20ead3b499129901b91e8a00f5fc33e23915654a9b958eee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
27a180614ea7216d82e1ceda737e898b

SHA1
57b656eb748967b366ca9be20b6336833ae4d067

SHA256
bd200991a9ea2e29d50d57513bea52e83c06553cf0995c0c82c72467d1e657a8

SHA512
5e9a59f6fc6a3332545f92ad7054b6982efcdef2ab6c13908495d7ea294c3ed964f788e71be19fa62671938b1579efaa62139540476e738ed7dfb5fcc2aa99b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6af6217f4954f63c87a8206915fbb8ac

SHA1
6332825536a8e515af24963cccaf5a19b3f0b7a3

SHA256
34c6b7b1795b83c2ec4cdd2d410f1d7452c1448af6c0d4410f8e5c65c87a763f

SHA512
13275178238392ce4431b3fa67052c342d4e41c0b786ec483519cf97c87f2483488b415a4052ae3a7c5c57faafc052a7954e68fb2996265475921d2796b7be44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9107c7527e6950c5c9743f7a53b05731

SHA1
ba3b22f1859106ae10f4ecb6d6eb775588e900bd

SHA256
2f85d673b125d9219569c3e372182d9c7661ddeeb4b448b4b9fa06b80eaf752d

SHA512
7b21943232e09b4e3ca4300146f69d3c2c9bb2f9602f9366d3e6724592d4e997e37375955065ecb5a6331e7ae9ed0e42dd06b2b42f4fdd7570e30b3108c11c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5396b759067dee0e38deb051d7bc844

SHA1
23ffbaa8f61ed1850c7010a2ec0d7ba08067e285

SHA256
54713f77afd4edd979f4e1d1825c3a2abfe40d70fd04aed9e93a75727bef2bdb

SHA512
60a23165ab694f263486ec6f48ac2ed8fc95a531cc8c2f779b84659b851e81cccadb0c774deecf18b9de170dd12d419b236f173605029715ff7873d125b67393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
abc3f85fb5b8e5b3a9af2e1f8c0cd6b2

SHA1
11d1d5ac309453bdf333a4a3622247d55d2f265a

SHA256
1183637ca8391d33a38c7520ed3dbeab119d09644aff14473bfa15629262ae6d

SHA512
3f5012a52763d085395fec0bb855443b753e953c969edc2cd218094faae99a9c743f9d5698e8f3fc621d529d559d0b9ea348861794aee811a878adde312808be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1ffb0fc0668ff39ce7cc43a96c9ba66

SHA1
83884ed46a502e1477d665edc57d72f76404152f

SHA256
105140904af57d2254ca63a2e0c95f3eba066cf3a53160bf1b6595614e7d1e54

SHA512
972154ac3d24a0349e118e70c124d92bcd568a7f03be2de5ae96be8a75b87f1e7167341beb06a979aebea977d3c9c3165a8f6fdea24ee96ed76621372e7f353d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb276138fb41eb6c9f87549d5bdd6504

SHA1
c48f78423c5749ee0fda9fdb4d82256f754fa4ec

SHA256
16197982436aa4deb27b58a58fcb3a1fb2471cfd3c5edbd66083dfa13193f919

SHA512
388b27a256f7ce964a2de5ad3f422b42389485c0f7d41bb6210d09f201f19c3a3af9e85b3374011b4a96480fce0dc5c7506afadac016ad5276287ca38e11b5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_asyncio.pyd

Filesize
69KB

MD5
28d2a0405be6de3d168f28109030130c

SHA1
7151eccbd204b7503f34088a279d654cfe2260c9

SHA256
2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d

SHA512
b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_bz2.pyd

Filesize
83KB

MD5
223fd6748cae86e8c2d5618085c768ac

SHA1
dcb589f2265728fe97156814cbe6ff3303cd05d3

SHA256
f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb

SHA512
9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
d8caf1c098db12b2eba8edae51f31c10

SHA1
e533ac6c614d95c09082ae951b3b685daca29a8f

SHA256
364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d

SHA512
77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_ctypes.pyd

Filesize
122KB

MD5
bbd5533fc875a4a075097a7c6aba865e

SHA1
ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00

SHA256
be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570

SHA512
23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_decimal.pyd

Filesize
245KB

MD5
3055edf761508190b576e9bf904003aa

SHA1
f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890

SHA256
e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577

SHA512
87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_hashlib.pyd

Filesize
64KB

MD5
eedb6d834d96a3dffffb1f65b5f7e5be

SHA1
ed6735cfdd0d1ec21c7568a9923eb377e54b308d

SHA256
79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2

SHA512
527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_lzma.pyd

Filesize
156KB

MD5
05e8b2c429aff98b3ae6adc842fb56a3

SHA1
834ddbced68db4fe17c283ab63b2faa2e4163824

SHA256
a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c

SHA512
badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_multiprocessing.pyd

Filesize
34KB

MD5
a4281e383ef82c482c8bda50504be04a

SHA1
4945a2998f9c9f8ce1c078395ffbedb29c715d5d

SHA256
467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c

SHA512
661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_overlapped.pyd

Filesize
54KB

MD5
ba368245d104b1e016d45e96a54dd9ce

SHA1
b79ef0eb9557a0c7fa78b11997de0bb057ab0c52

SHA256
67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615

SHA512
429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_queue.pyd

Filesize
31KB

MD5
6e0cb85dc94e351474d7625f63e49b22

SHA1
66737402f76862eb2278e822b94e0d12dcb063c5

SHA256
3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b

SHA512
1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_socket.pyd

Filesize
81KB

MD5
dc06f8d5508be059eae9e29d5ba7e9ec

SHA1
d666c88979075d3b0c6fd3be7c595e83e0cb4e82

SHA256
7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a

SHA512
57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_ssl.pyd

Filesize
174KB

MD5
5b9b3f978d07e5a9d701f832463fc29d

SHA1
0fcd7342772ad0797c9cb891bf17e6a10c2b155b

SHA256
d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa

SHA512
e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_tkinter.pyd

Filesize
62KB

MD5
1df0201667b4718637318dbcdc74a574

SHA1
fd44a9b3c525beffbca62c6abe4ba581b9233db2

SHA256
70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076

SHA512
530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\_wmi.pyd

Filesize
35KB

MD5
7ec3fc12c75268972078b1c50c133e9b

SHA1
73f9cf237fe773178a997ad8ec6cd3ac0757c71e

SHA256
1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f

SHA512
441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\base_library.zip

Filesize
1.3MB

MD5
8dad91add129dca41dd17a332a64d593

SHA1
70a4ec5a17ed63caf2407bd76dc116aca7765c0d

SHA256
8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783

SHA512
2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\pyexpat.pyd

Filesize
196KB

MD5
5e911ca0010d5c9dce50c58b703e0d80

SHA1
89be290bebab337417c41bab06f43effb4799671

SHA256
4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b

SHA512
e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\select.pyd

Filesize
29KB

MD5
92b440ca45447ec33e884752e4c65b07

SHA1
5477e21bb511cc33c988140521a4f8c11a427bcc

SHA256
680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3

SHA512
40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\setuptools\_vendor\inflect-7.3.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

Filesize
1KB

MD5
4ce7501f6608f6ce4011d627979e1ae4

SHA1
78363672264d9cd3f72d5c1d3665e1657b1a5071

SHA256
37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b

SHA512
a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\tcl86t.dll

Filesize
1.7MB

MD5
21dc82dd9cc445f92e0172d961162222

SHA1
73bc20b509e1545b16324480d9620ae25364ebf1

SHA256
c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03

SHA512
3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\tk86t.dll

Filesize
1.5MB

MD5
9fb68a0252e2b6cd99fd0cb6708c1606

SHA1
60ab372e8473fad0f03801b6719bf5cccfc2592e

SHA256
c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de

SHA512
f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\unicodedata.pyd

Filesize
1.1MB

MD5
16be9a6f941f1a2cb6b5fca766309b2c

SHA1
17b23ae0e6a11d5b8159c748073e36a936f3316a

SHA256
10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04

SHA512
64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI60882\zlib1.dll

Filesize
143KB

MD5
297e845dd893e549146ae6826101e64f

SHA1
6c52876ea6efb2bc8d630761752df8c0a79542f1

SHA256
837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1

SHA512
f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
306B

MD5
81f29c8bb604ffb4f2c0e62cfa7eb73d

SHA1
1b6eac18fd30e89ffc738d51a5307beaf6bd432b

SHA256
e4af9cff11ff61141f6c1e79266ff226427f262441c5156c2dc5aee0a2e1cde2

SHA512
649bf234f2e8853d708c872d060e726fbfe08ede5c6c64d6e3ca94b9d9099501f1005777abb222734ff0009c963533b059466a7d752cdacb3a3a932e9c333ce0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 290274.crdownload

Filesize
14.8MB

MD5
6febd93dc33255baf5aa15313c2857d5

SHA1
a8d5dcf5e4bb1248d4e4184e0b3e314c9f795582

SHA256
c8c2feff0b24b422471680dc30d5f63bac214c12b88d15afb8939331373a6ac8

SHA512
a57667a8a7ef59e00e5918613a0f232bb837a4c1aca5b655544b78c43ea43f2fcb59ce619ff367c6603e6e7b8c621915b90626da6004f34972cb0a7dcc1b637d

Download Submit
memory/5196-2471-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5196-2472-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5196-2474-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5196-2475-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5196-2476-0x00007FF8E8FA0000-0x00007FF8E8FB0000-memory.dmp

Filesize
64KB

Download
memory/5196-2477-0x00007FF8E8FA0000-0x00007FF8E8FB0000-memory.dmp

Filesize
64KB

Download
memory/5196-2473-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5196-2534-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5196-2535-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5196-2536-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5196-2537-0x00007FF8EB150000-0x00007FF8EB160000-memory.dmp

Filesize
64KB

Download
memory/5952-1454-0x00007FF9093B0000-0x00007FF9093DA000-memory.dmp

Filesize
168KB

Download
memory/5952-1304-0x00007FF9093B0000-0x00007FF9093DA000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.