Resubmissions

12-11-2024 15:27

241112-svsapstrgy 6

12-11-2024 15:03

241112-sff9wsyjhr 6

Analysis

  • max time kernel
    300s
  • max time network
    301s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-11-2024 15:03

General

  • Target

    https://drive.google.com/file/d/16FjWtA49scMZ-JdUY5su-xaUH4ZxvakE/view?usp=sharing_eip&ts=67322bc1

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/16FjWtA49scMZ-JdUY5su-xaUH4ZxvakE/view?usp=sharing_eip&ts=67322bc1
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3412
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff70493cb8,0x7fff70493cc8,0x7fff70493cd8
      2⤵
        PID:2936
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
        2⤵
          PID:2772
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3372
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          2⤵
            PID:1948
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:2408
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              2⤵
                PID:2724
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1876
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                2⤵
                  PID:2992
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                  2⤵
                    PID:3836
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4808
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                    2⤵
                      PID:1064
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                      2⤵
                        PID:1376
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,8804746038173793795,4492476719881169542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5800 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3916
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:2620
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1080

                        Network

                        • flag-us
                          DNS
                          drive.google.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          drive.google.com
                          IN A
                          Response
                          drive.google.com
                          IN A
                          142.250.187.206
                        • flag-us
                          DNS
                          ctldl.windowsupdate.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          ctldl.windowsupdate.com
                          IN A
                          Response
                          ctldl.windowsupdate.com
                          IN CNAME
                          ctldl.windowsupdate.com.delivery.microsoft.com
                          ctldl.windowsupdate.com.delivery.microsoft.com
                          IN CNAME
                          wu-b-net.trafficmanager.net
                          wu-b-net.trafficmanager.net
                          IN CNAME
                          bg.microsoft.map.fastly.net
                          bg.microsoft.map.fastly.net
                          IN A
                          199.232.210.172
                          bg.microsoft.map.fastly.net
                          IN A
                          199.232.214.172
                        • flag-us
                          DNS
                          fonts.googleapis.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          fonts.googleapis.com
                          IN A
                          Response
                          fonts.googleapis.com
                          IN A
                          142.250.178.10
                        • flag-us
                          DNS
                          8.8.8.8.in-addr.arpa
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          8.8.8.8.in-addr.arpa
                          IN PTR
                          Response
                          8.8.8.8.in-addr.arpa
                          IN PTR
                          dnsgoogle
                        • flag-us
                          DNS
                          227.16.217.172.in-addr.arpa
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          227.16.217.172.in-addr.arpa
                          IN PTR
                          Response
                          227.16.217.172.in-addr.arpa
                          IN PTR
                          lhr48s28-in-f31e100net
                          227.16.217.172.in-addr.arpa
                          IN PTR
                          mad08s04-in-f3�H
                        • flag-us
                          DNS
                          nexusrules.officeapps.live.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          nexusrules.officeapps.live.com
                          IN A
                          Response
                          nexusrules.officeapps.live.com
                          IN CNAME
                          prod.nexusrules.live.com.akadns.net
                          prod.nexusrules.live.com.akadns.net
                          IN A
                          52.111.227.13
                        • flag-gb
                          GET
                          https://drive.google.com/file/d/16FjWtA49scMZ-JdUY5su-xaUH4ZxvakE/view?usp=sharing_eip&ts=67322bc1
                          msedge.exe
                          Remote address:
                          142.250.187.206:443
                          Request
                          GET /file/d/16FjWtA49scMZ-JdUY5su-xaUH4ZxvakE/view?usp=sharing_eip&ts=67322bc1 HTTP/2.0
                          host: drive.google.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          sec-ch-ua-mobile: ?0
                          dnt: 1
                          upgrade-insecure-requests: 1
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          sec-fetch-site: none
                          sec-fetch-mode: navigate
                          sec-fetch-user: ?1
                          sec-fetch-dest: document
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-us
                          DNS
                          206.187.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          206.187.250.142.in-addr.arpa
                          IN PTR
                          Response
                          206.187.250.142.in-addr.arpa
                          IN PTR
                          lhr25s33-in-f141e100net
                        • flag-us
                          DNS
                          docs.google.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          docs.google.com
                          IN A
                          Response
                          docs.google.com
                          IN A
                          172.217.169.78
                        • flag-us
                          DNS
                          ctldl.windowsupdate.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          ctldl.windowsupdate.com
                          IN A
                          Response
                          ctldl.windowsupdate.com
                          IN CNAME
                          ctldl.windowsupdate.com.delivery.microsoft.com
                          ctldl.windowsupdate.com.delivery.microsoft.com
                          IN CNAME
                          wu-b-net.trafficmanager.net
                          wu-b-net.trafficmanager.net
                          IN CNAME
                          download.windowsupdate.com.edgesuite.net
                          download.windowsupdate.com.edgesuite.net
                          IN CNAME
                          a767.dspw65.akamai.net
                          a767.dspw65.akamai.net
                          IN A
                          2.23.210.88
                          a767.dspw65.akamai.net
                          IN A
                          2.23.210.83
                        • flag-us
                          DNS
                          67.31.126.40.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          67.31.126.40.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          fonts.gstatic.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          fonts.gstatic.com
                          IN A
                          Response
                          fonts.gstatic.com
                          IN A
                          142.250.200.35
                        • flag-us
                          DNS
                          78.169.217.172.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          78.169.217.172.in-addr.arpa
                          IN PTR
                          Response
                          78.169.217.172.in-addr.arpa
                          IN PTR
                          lhr48s09-in-f141e100net
                        • flag-us
                          DNS
                          13.227.111.52.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          13.227.111.52.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          172.210.232.199.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          172.210.232.199.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          35.200.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          35.200.250.142.in-addr.arpa
                          IN PTR
                          Response
                          35.200.250.142.in-addr.arpa
                          IN PTR
                          lhr48s30-in-f31e100net
                        • flag-us
                          DNS
                          self.events.data.microsoft.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          self.events.data.microsoft.com
                          IN A
                          Response
                          self.events.data.microsoft.com
                          IN CNAME
                          self-events-data.trafficmanager.net
                          self-events-data.trafficmanager.net
                          IN CNAME
                          onedscolprdwus21.westus.cloudapp.azure.com
                          onedscolprdwus21.westus.cloudapp.azure.com
                          IN A
                          20.189.173.27
                        • flag-gb
                          GET
                          https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png
                          msedge.exe
                          Remote address:
                          172.217.16.227:443
                          Request
                          GET /images/branding/googlelogo/1x/googlelogo_color_116x41dp.png HTTP/2.0
                          host: ssl.gstatic.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          sec-fetch-site: cross-site
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: image
                          referer: https://drive.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-gb
                          GET
                          https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
                          msedge.exe
                          Remote address:
                          172.217.16.227:443
                          Request
                          GET /images/branding/product/1x/drive_2020q4_32dp.png HTTP/2.0
                          host: ssl.gstatic.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          sec-fetch-site: cross-site
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: image
                          referer: https://drive.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-gb
                          GET
                          https://docs.google.com/favicon.ico
                          msedge.exe
                          Remote address:
                          172.217.169.78:443
                          Request
                          GET /favicon.ico HTTP/2.0
                          host: docs.google.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          sec-fetch-site: same-site
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: image
                          referer: https://drive.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: NID=519=uedBo87atpYDAyBGtfVwo89HdvMAJSEOlSbqYpAomf9gUVM__8HdcytZrNplN-S93VPVNViA786QHbqTvcCDV3A5_j5wKPx2-ufhMKeXxMLGC7d8m4IJfpnCKGbcxhtcIqYMBgwxC8jjgZodhPSR17dW5x8ryAbgBI4WBdu23hodV7A6
                        • 142.250.187.206:443
                          https://drive.google.com/file/d/16FjWtA49scMZ-JdUY5su-xaUH4ZxvakE/view?usp=sharing_eip&ts=67322bc1
                          tls, http2
                          msedge.exe
                          2.2kB
                          10.7kB
                          21
                          23

                          HTTP Request

                          GET https://drive.google.com/file/d/16FjWtA49scMZ-JdUY5su-xaUH4ZxvakE/view?usp=sharing_eip&ts=67322bc1
                        • 172.217.16.227:443
                          https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
                          tls, http2
                          msedge.exe
                          2.3kB
                          9.9kB
                          22
                          24

                          HTTP Request

                          GET https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png

                          HTTP Request

                          GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
                        • 172.217.169.78:443
                          https://docs.google.com/favicon.ico
                          tls, http2
                          msedge.exe
                          2.1kB
                          8.8kB
                          18
                          20

                          HTTP Request

                          GET https://docs.google.com/favicon.ico
                        • 8.8.8.8:53
                          drive.google.com
                          dns
                          msedge.exe
                          412 B
                          768 B
                          6
                          6

                          DNS Request

                          drive.google.com

                          DNS Response

                          142.250.187.206

                          DNS Request

                          ctldl.windowsupdate.com

                          DNS Response

                          199.232.210.172
                          199.232.214.172

                          DNS Request

                          fonts.googleapis.com

                          DNS Response

                          142.250.178.10

                          DNS Request

                          8.8.8.8.in-addr.arpa

                          DNS Request

                          227.16.217.172.in-addr.arpa

                          DNS Request

                          nexusrules.officeapps.live.com

                          DNS Response

                          52.111.227.13

                        • 8.8.8.8:53
                          206.187.250.142.in-addr.arpa
                          dns
                          204 B
                          473 B
                          3
                          3

                          DNS Request

                          206.187.250.142.in-addr.arpa

                          DNS Request

                          docs.google.com

                          DNS Response

                          172.217.169.78

                          DNS Request

                          ctldl.windowsupdate.com

                          DNS Response

                          2.23.210.88
                          2.23.210.83

                        • 8.8.8.8:53
                          67.31.126.40.in-addr.arpa
                          dns
                          279 B
                          506 B
                          4
                          4

                          DNS Request

                          67.31.126.40.in-addr.arpa

                          DNS Request

                          fonts.gstatic.com

                          DNS Response

                          142.250.200.35

                          DNS Request

                          78.169.217.172.in-addr.arpa

                          DNS Request

                          13.227.111.52.in-addr.arpa

                        • 8.8.8.8:53
                          172.210.232.199.in-addr.arpa
                          dns
                          223 B
                          433 B
                          3
                          3

                          DNS Request

                          172.210.232.199.in-addr.arpa

                          DNS Request

                          35.200.250.142.in-addr.arpa

                          DNS Request

                          self.events.data.microsoft.com

                          DNS Response

                          20.189.173.27

                        • 172.217.16.227:443
                          ssl.gstatic.com
                          https
                          msedge.exe
                          3.1kB
                          5.9kB
                          6
                          7
                        • 224.0.0.251:5353
                          msedge.exe
                          524 B
                          8

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          e1544690d41d950f9c1358068301cfb5

                          SHA1

                          ae3ff81363fcbe33c419e49cabef61fb6837bffa

                          SHA256

                          53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

                          SHA512

                          1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          9314124f4f0ad9f845a0d7906fd8dfd8

                          SHA1

                          0d4f67fb1a11453551514f230941bdd7ef95693c

                          SHA256

                          cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

                          SHA512

                          87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          a7e3df5f876752af36e8ab8c9889bf55

                          SHA1

                          4d38530ed2e359169e662a70f2101fac4828bab5

                          SHA256

                          134289d94c869fe21ae467096af713c994221ea703a3f1f94fe4112aba10202c

                          SHA512

                          591eaf98f5342ed22902fe90fcc32a20c15132d36b3f22a5a6002e217ce5981121f1f1176260b24b65da16990e1c5f4801c686f04c2c84c39f2970d87409228a

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          5KB

                          MD5

                          0d996828c006f2f4e5830ad5e4a9bada

                          SHA1

                          3cc792d5e1561d89d8c303e162f60126f0432b63

                          SHA256

                          85d02a55283f28e0e5dc4d66c13f4c4c6d5672b6b6adf013aeaa6059bd287d23

                          SHA512

                          e6e758710ca992373e5a269705ea526d1cae92917ee91ae920ea5a8bb93e7d06ccf1ab1b75b106859b954c828186fc32174c714bbfa072b0ba8126213cd611cc

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          73f9a5361791763ebcddb519edbe9863

                          SHA1

                          1ab19e2589774f7388f10c1b50215d88bf302465

                          SHA256

                          24bd03d55f7559dcb80c05b9fa475554230e590516aee78c91d068e5bc416769

                          SHA512

                          fffd9cf1dfc68bc72e04f66db70b294f205795ae98b77dc6aa0c15bccac9517b05dc50a3f6ecd6d273f22539aadc16a0c59cd725b08d436c91df8b6624d4533c

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                          Filesize

                          16B

                          MD5

                          46295cac801e5d4857d09837238a6394

                          SHA1

                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                          SHA256

                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                          SHA512

                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                          Filesize

                          16B

                          MD5

                          206702161f94c5cd39fadd03f4014d98

                          SHA1

                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                          SHA256

                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                          SHA512

                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                          Filesize

                          10KB

                          MD5

                          637bc302e3803a178b158c2da32ec00e

                          SHA1

                          3fb27b86bb7dbe5ce5465a4a6e4536a8441bb8a3

                          SHA256

                          b40e7bd9278d01601ad24961201c0b502bf6eb901b83f491215bbd5ea07a2cc2

                          SHA512

                          7b2e84f50e2bb0a5dc91c4e8f027b2c3a1d0e5939a42bcdcf426bd16d0d916d1eebaa5d703b5a48862a4ed35899c92725b2640eb824bc56851e27726be75c789

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.