Analysis

  • max time kernel
    1017s
  • max time network
    965s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-11-2024 16:57

General

  • Target

    https://drive.google.com/file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp=sharing_eip&ts=67378da0&sh=Z-sGzwd7gGEGHgSf&ca=1

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp=sharing_eip&ts=67378da0&sh=Z-sGzwd7gGEGHgSf&ca=1
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3956
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8344446f8,0x7ff834444708,0x7ff834444718
      2⤵
        PID:3624
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:4292
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1552
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
          2⤵
            PID:536
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
            2⤵
              PID:264
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
              2⤵
                PID:2956
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                2⤵
                  PID:2488
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                  2⤵
                    PID:1164
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                    2⤵
                      PID:3792
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3476
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
                      2⤵
                        PID:1232
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                        2⤵
                          PID:4388
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16172175708095903774,9979879512021932165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2
                          2⤵
                            PID:3628
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2844
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3324

                            Network

                            • flag-us
                              DNS
                              drive.google.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              drive.google.com
                              IN A
                              Response
                              drive.google.com
                              IN A
                              142.250.187.206
                            • flag-gb
                              GET
                              https://drive.google.com/file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp=sharing_eip&ts=67378da0&sh=Z-sGzwd7gGEGHgSf&ca=1
                              msedge.exe
                              Remote address:
                              142.250.187.206:443
                              Request
                              GET /file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp=sharing_eip&ts=67378da0&sh=Z-sGzwd7gGEGHgSf&ca=1 HTTP/2.0
                              host: drive.google.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              dnt: 1
                              upgrade-insecure-requests: 1
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              sec-fetch-site: none
                              sec-fetch-mode: navigate
                              sec-fetch-user: ?1
                              sec-fetch-dest: document
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                            • flag-us
                              DNS
                              58.55.71.13.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              58.55.71.13.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              172.214.232.199.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              172.214.232.199.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              4.159.190.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              4.159.190.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              accounts.google.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              accounts.google.com
                              IN A
                              Response
                              accounts.google.com
                              IN A
                              64.233.167.84
                            • flag-gb
                              GET
                              https://accounts.google.com/signin/collaboratoraccount?continue=https://drive.google.com/file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp%3Dsharing_eip%26ts%3D67378da0%26sh%3DZ-sGzwd7gGEGHgSf%26ca%3D1&hl=en_GB&atu=110527763705614640555
                              msedge.exe
                              Remote address:
                              64.233.167.84:443
                              Request
                              GET /signin/collaboratoraccount?continue=https://drive.google.com/file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp%3Dsharing_eip%26ts%3D67378da0%26sh%3DZ-sGzwd7gGEGHgSf%26ca%3D1&hl=en_GB&atu=110527763705614640555 HTTP/2.0
                              host: accounts.google.com
                              dnt: 1
                              upgrade-insecure-requests: 1
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              sec-fetch-site: none
                              sec-fetch-mode: navigate
                              sec-fetch-user: ?1
                              sec-fetch-dest: document
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              cookie: NID=519=i2mh1RSCU90W2ObLMLssUm6LXaOqk8jlyaXVMNEdbO5UUbgzS3N6G4oHIU1gW3xzmcrdZ7760qY22vjsq4WvwRB0EW8Jjb-A8JNCmOKlPiF3Bn1RvI6-ECsl94h-NkXauaMenKxEeRuEEA5BQ-Yhd1Wpf_kcTG8-NKoSvnLBqo6Yrf8
                            • flag-gb
                              GET
                              https://accounts.google.com/v3/signin/challenge/ipe/consent?TL=AKOx4s3xsLqKnlSxy61jlyMCiXqZUJh9ABZF94WoPvVwoB1uJwLCTupzOHAO0YK9&atu=110527763705614640555&cid=1&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm%2Fview%3Fusp%3Dsharing_eip%26ts%3D67378da0%26sh%3DZ-sGzwd7gGEGHgSf%26ca%3D1&flowName=GlifWebSignIn&hl=en_GB&flowEntry=CollabAccount
                              msedge.exe
                              Remote address:
                              64.233.167.84:443
                              Request
                              GET /v3/signin/challenge/ipe/consent?TL=AKOx4s3xsLqKnlSxy61jlyMCiXqZUJh9ABZF94WoPvVwoB1uJwLCTupzOHAO0YK9&atu=110527763705614640555&cid=1&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm%2Fview%3Fusp%3Dsharing_eip%26ts%3D67378da0%26sh%3DZ-sGzwd7gGEGHgSf%26ca%3D1&flowName=GlifWebSignIn&hl=en_GB&flowEntry=CollabAccount HTTP/2.0
                              host: accounts.google.com
                              dnt: 1
                              upgrade-insecure-requests: 1
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              sec-fetch-site: none
                              sec-fetch-mode: navigate
                              sec-fetch-user: ?1
                              sec-fetch-dest: document
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              cookie: NID=519=i2mh1RSCU90W2ObLMLssUm6LXaOqk8jlyaXVMNEdbO5UUbgzS3N6G4oHIU1gW3xzmcrdZ7760qY22vjsq4WvwRB0EW8Jjb-A8JNCmOKlPiF3Bn1RvI6-ECsl94h-NkXauaMenKxEeRuEEA5BQ-Yhd1Wpf_kcTG8-NKoSvnLBqo6Yrf8
                              cookie: __Host-GAPS=1:ymbnqPgbKkuEEPk6c_lbrFdYDUsgcQ:b4bjgD3rNV_Jefax
                            • flag-us
                              DNS
                              206.187.250.142.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              206.187.250.142.in-addr.arpa
                              IN PTR
                              Response
                              206.187.250.142.in-addr.arpa
                              IN PTR
                              lhr25s33-in-f141e100net
                            • flag-us
                              DNS
                              95.221.229.192.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              95.221.229.192.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              84.167.233.64.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              84.167.233.64.in-addr.arpa
                              IN PTR
                              Response
                              84.167.233.64.in-addr.arpa
                              IN PTR
                              wl-in-f841e100net
                            • flag-us
                              DNS
                              3.178.250.142.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              3.178.250.142.in-addr.arpa
                              IN PTR
                              Response
                              3.178.250.142.in-addr.arpa
                              IN PTR
                              lhr48s27-in-f31e100net
                            • flag-us
                              DNS
                              227.16.217.172.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              227.16.217.172.in-addr.arpa
                              IN PTR
                              Response
                              227.16.217.172.in-addr.arpa
                              IN PTR
                              lhr48s28-in-f31e100net
                              227.16.217.172.in-addr.arpa
                              IN PTR
                              mad08s04-in-f3�H
                            • flag-us
                              DNS
                              www.google.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.google.com
                              IN A
                              Response
                              www.google.com
                              IN A
                              172.217.16.228
                            • flag-gb
                              GET
                              https://www.google.com/favicon.ico
                              msedge.exe
                              Remote address:
                              172.217.16.228:443
                              Request
                              GET /favicon.ico HTTP/2.0
                              host: www.google.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              sec-ch-ua-arch: "x86"
                              sec-ch-ua-full-version: "92.0.902.67"
                              sec-ch-ua-platform-version: "10.0"
                              sec-ch-ua-model:
                              sec-ch-ua-platform: "Windows"
                              accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              sec-fetch-site: same-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: image
                              referer: https://accounts.google.com/
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              cookie: NID=519=i2mh1RSCU90W2ObLMLssUm6LXaOqk8jlyaXVMNEdbO5UUbgzS3N6G4oHIU1gW3xzmcrdZ7760qY22vjsq4WvwRB0EW8Jjb-A8JNCmOKlPiF3Bn1RvI6-ECsl94h-NkXauaMenKxEeRuEEA5BQ-Yhd1Wpf_kcTG8-NKoSvnLBqo6Yrf8
                            • flag-us
                              DNS
                              228.16.217.172.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              228.16.217.172.in-addr.arpa
                              IN PTR
                              Response
                              228.16.217.172.in-addr.arpa
                              IN PTR
                              mad08s04-in-f41e100net
                              228.16.217.172.in-addr.arpa
                              IN PTR
                              lhr48s28-in-f4�H
                            • flag-us
                              DNS
                              196.249.167.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              196.249.167.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              play.google.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              play.google.com
                              IN A
                              Response
                              play.google.com
                              IN A
                              142.250.187.206
                            • flag-gb
                              OPTIONS
                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                              msedge.exe
                              Remote address:
                              142.250.187.206:443
                              Request
                              OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
                              host: play.google.com
                              accept: */*
                              access-control-request-method: POST
                              access-control-request-headers: x-goog-authuser
                              origin: https://accounts.google.com
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              sec-fetch-mode: cors
                              sec-fetch-site: same-site
                              sec-fetch-dest: empty
                              referer: https://accounts.google.com/
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                            • flag-us
                              DNS
                              18.31.95.13.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              18.31.95.13.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              212.20.149.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              212.20.149.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              172.210.232.199.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              172.210.232.199.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              21.236.111.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              21.236.111.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              210.143.182.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              210.143.182.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              210.143.182.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              210.143.182.52.in-addr.arpa
                              IN PTR
                            • flag-us
                              DNS
                              accounts.google.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              accounts.google.com
                              IN A
                              Response
                              accounts.google.com
                              IN A
                              64.233.167.84
                            • 142.250.187.206:443
                              https://drive.google.com/file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp=sharing_eip&ts=67378da0&sh=Z-sGzwd7gGEGHgSf&ca=1
                              tls, http2
                              msedge.exe
                              2.2kB
                              10.2kB
                              20
                              20

                              HTTP Request

                              GET https://drive.google.com/file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp=sharing_eip&ts=67378da0&sh=Z-sGzwd7gGEGHgSf&ca=1
                            • 64.233.167.84:443
                              https://accounts.google.com/v3/signin/challenge/ipe/consent?TL=AKOx4s3xsLqKnlSxy61jlyMCiXqZUJh9ABZF94WoPvVwoB1uJwLCTupzOHAO0YK9&atu=110527763705614640555&cid=1&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm%2Fview%3Fusp%3Dsharing_eip%26ts%3D67378da0%26sh%3DZ-sGzwd7gGEGHgSf%26ca%3D1&flowName=GlifWebSignIn&hl=en_GB&flowEntry=CollabAccount
                              tls, http2
                              msedge.exe
                              4.7kB
                              121.8kB
                              62
                              104

                              HTTP Request

                              GET https://accounts.google.com/signin/collaboratoraccount?continue=https://drive.google.com/file/d/1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm/view?usp%3Dsharing_eip%26ts%3D67378da0%26sh%3DZ-sGzwd7gGEGHgSf%26ca%3D1&hl=en_GB&atu=110527763705614640555

                              HTTP Request

                              GET https://accounts.google.com/v3/signin/challenge/ipe/consent?TL=AKOx4s3xsLqKnlSxy61jlyMCiXqZUJh9ABZF94WoPvVwoB1uJwLCTupzOHAO0YK9&atu=110527763705614640555&cid=1&continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1rdmS1fDaHAYUg-ffOSwekYdrZ2w92icm%2Fview%3Fusp%3Dsharing_eip%26ts%3D67378da0%26sh%3DZ-sGzwd7gGEGHgSf%26ca%3D1&flowName=GlifWebSignIn&hl=en_GB&flowEntry=CollabAccount
                            • 172.217.16.228:443
                              https://www.google.com/favicon.ico
                              tls, http2
                              msedge.exe
                              2.3kB
                              8.0kB
                              19
                              16

                              HTTP Request

                              GET https://www.google.com/favicon.ico
                            • 142.250.187.206:443
                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                              tls, http2
                              msedge.exe
                              1.9kB
                              8.5kB
                              18
                              20

                              HTTP Request

                              OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
                            • 8.8.8.8:53
                              drive.google.com
                              dns
                              msedge.exe
                              62 B
                              78 B
                              1
                              1

                              DNS Request

                              drive.google.com

                              DNS Response

                              142.250.187.206

                            • 8.8.8.8:53
                              58.55.71.13.in-addr.arpa
                              dns
                              70 B
                              144 B
                              1
                              1

                              DNS Request

                              58.55.71.13.in-addr.arpa

                            • 8.8.8.8:53
                              172.214.232.199.in-addr.arpa
                              dns
                              74 B
                              128 B
                              1
                              1

                              DNS Request

                              172.214.232.199.in-addr.arpa

                            • 8.8.8.8:53
                              4.159.190.20.in-addr.arpa
                              dns
                              71 B
                              157 B
                              1
                              1

                              DNS Request

                              4.159.190.20.in-addr.arpa

                            • 8.8.8.8:53
                              accounts.google.com
                              dns
                              msedge.exe
                              65 B
                              81 B
                              1
                              1

                              DNS Request

                              accounts.google.com

                              DNS Response

                              64.233.167.84

                            • 8.8.8.8:53
                              206.187.250.142.in-addr.arpa
                              dns
                              74 B
                              113 B
                              1
                              1

                              DNS Request

                              206.187.250.142.in-addr.arpa

                            • 8.8.8.8:53
                              95.221.229.192.in-addr.arpa
                              dns
                              73 B
                              144 B
                              1
                              1

                              DNS Request

                              95.221.229.192.in-addr.arpa

                            • 8.8.8.8:53
                              84.167.233.64.in-addr.arpa
                              dns
                              72 B
                              105 B
                              1
                              1

                              DNS Request

                              84.167.233.64.in-addr.arpa

                            • 64.233.167.84:443
                              accounts.google.com
                              https
                              msedge.exe
                              6.1kB
                              11.1kB
                              25
                              27
                            • 8.8.8.8:53
                              3.178.250.142.in-addr.arpa
                              dns
                              72 B
                              110 B
                              1
                              1

                              DNS Request

                              3.178.250.142.in-addr.arpa

                            • 8.8.8.8:53
                              227.16.217.172.in-addr.arpa
                              dns
                              73 B
                              140 B
                              1
                              1

                              DNS Request

                              227.16.217.172.in-addr.arpa

                            • 8.8.8.8:53
                              www.google.com
                              dns
                              msedge.exe
                              60 B
                              76 B
                              1
                              1

                              DNS Request

                              www.google.com

                              DNS Response

                              172.217.16.228

                            • 8.8.8.8:53
                              228.16.217.172.in-addr.arpa
                              dns
                              73 B
                              140 B
                              1
                              1

                              DNS Request

                              228.16.217.172.in-addr.arpa

                            • 224.0.0.251:5353
                              521 B
                              8
                            • 8.8.8.8:53
                              196.249.167.52.in-addr.arpa
                              dns
                              73 B
                              147 B
                              1
                              1

                              DNS Request

                              196.249.167.52.in-addr.arpa

                            • 8.8.8.8:53
                              play.google.com
                              dns
                              msedge.exe
                              61 B
                              77 B
                              1
                              1

                              DNS Request

                              play.google.com

                              DNS Response

                              142.250.187.206

                            • 142.250.187.206:443
                              play.google.com
                              https
                              msedge.exe
                              7.1kB
                              8.4kB
                              13
                              15
                            • 8.8.8.8:53
                              18.31.95.13.in-addr.arpa
                              dns
                              70 B
                              144 B
                              1
                              1

                              DNS Request

                              18.31.95.13.in-addr.arpa

                            • 8.8.8.8:53
                              212.20.149.52.in-addr.arpa
                              dns
                              72 B
                              146 B
                              1
                              1

                              DNS Request

                              212.20.149.52.in-addr.arpa

                            • 8.8.8.8:53
                              172.210.232.199.in-addr.arpa
                              dns
                              74 B
                              128 B
                              1
                              1

                              DNS Request

                              172.210.232.199.in-addr.arpa

                            • 64.233.167.84:443
                              accounts.google.com
                              https
                              msedge.exe
                              3.2kB
                              4.0kB
                              8
                              10
                            • 8.8.8.8:53
                              21.236.111.52.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              21.236.111.52.in-addr.arpa

                            • 8.8.8.8:53
                              210.143.182.52.in-addr.arpa
                              dns
                              146 B
                              147 B
                              2
                              1

                              DNS Request

                              210.143.182.52.in-addr.arpa

                              DNS Request

                              210.143.182.52.in-addr.arpa

                            • 8.8.8.8:53
                              accounts.google.com
                              dns
                              msedge.exe
                              65 B
                              81 B
                              1
                              1

                              DNS Request

                              accounts.google.com

                              DNS Response

                              64.233.167.84

                            • 64.233.167.84:443
                              accounts.google.com
                              https
                              msedge.exe
                              2.9kB
                              4.1kB
                              9
                              8

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              99afa4934d1e3c56bbce114b356e8a99

                              SHA1

                              3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

                              SHA256

                              08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

                              SHA512

                              76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              443a627d539ca4eab732bad0cbe7332b

                              SHA1

                              86b18b906a1acd2a22f4b2c78ac3564c394a9569

                              SHA256

                              1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

                              SHA512

                              923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              360B

                              MD5

                              0c25f9af822b67325335378e8417fe21

                              SHA1

                              a41276fdad88feb0832ddbffcdbb4f0ab91133be

                              SHA256

                              7c6e6c681bc56c805d45a06645af94c5eeae232c665aa2daa7c6e19b5b2a95eb

                              SHA512

                              0eeca4659d9ab3497f94d6295dd8d045d8714b325b757885317eb41909c5447193c9906628fa959ada8b3455d0f8ecdba0440adec6d070a6ec0b65059b463d1e

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              e40759d3c122bc5fb9b6424e6b4ad4aa

                              SHA1

                              173782c0ae1f7656aea5756350e453002e1126f7

                              SHA256

                              877f9505ef2e0d53b2848657ff4dd66d32930655ba1c16ef7e75e1812a8db4e7

                              SHA512

                              3221f7b8bc5d314cc1a0c2d3772eb8f1878bf98c69ec6b16d0fae72de3159abfafed2010c265dbe6252ea868a16f36a401e122d787f89890ea5c76532364eb12

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              88c3d4b9fe129c5d14d9ed15c035ea2f

                              SHA1

                              b8113ae621bfdeb9fcb638af4cc35b94e8cf9725

                              SHA256

                              4406ef1ca1214b47ce08ae04a496d4f36a3e333fe98212ad43a9e655cfeee6c5

                              SHA512

                              ed2f9de2cc49574fb94661d2455b5522f38292e5b45d2c55ff4bf8d812c3c33542ec922f23ce3661908a4b6842cf13ae383f360957598edf6dc02ad114d0aba1

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              af40a35cf42629c76ddd38b3b0bbe89f

                              SHA1

                              153a0982667b96a9d524e7bbd93af32911b86b9e

                              SHA256

                              de598a643e97edbdf717c4d1f95c98188c0e7d22d97ec3a9da2733e63c4072aa

                              SHA512

                              8dec49175f3990b2b54e10a6a6e0cdbf1ab63b26a96447b7765001d965b6866a3bdc71ede9af92ea6d3e602790bf0a48e507b4063db6cca27495203827c3aca0

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              40ef6b12c5239d804337fbc824607b4a

                              SHA1

                              1ba721bb32efaf98479240fdb2b23fb3e7a9b7e1

                              SHA256

                              57e783a0e271d7414df5efb2a005860c7dfbd69cb0f787921e30f246d7ec852c

                              SHA512

                              b5efde479f8df17762eb6e99becfb2a653f415a27f2328d1bc856bed84d64b48b7c05c03673c0799b92f0aa3e59957c3154e73982265487e8e5f02556e579700

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              f14a0b39b43f73c6edbcb1f9d322b210

                              SHA1

                              42d0787aab47f55778c269ce6e8d8309ee66ceb6

                              SHA256

                              ce9df518a3ca1d7451fe66c7a93e84e8c3a274c5b3143ba56199db5f442dfc85

                              SHA512

                              b123ce68a1617b36cec517c52b8e2e25dd45f95f437dbf0619c301e5b93d5237d2227ba8425db38343e2435016732f699beb73a889b8ba961f769bc132727524

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              1bc4eff0d1ab0b8025b69223c3c72bd3

                              SHA1

                              481f3c69644daa303707bc549445d2b4a49dfd82

                              SHA256

                              2d63c81bff5c9576d1d267a7814981e83651f76c6a8dca3f7849814f83e0052f

                              SHA512

                              87d344e8b5c2f160a042d940628c74ff0481dd1c36642d912dfc915707b778e49ff9a08904fa662579240da4e6ee665b28dd357fca83ed211ca309a8703d9e6b

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                              Filesize

                              199B

                              MD5

                              0e5014f4ddb5fbc73eab2494e670a88c

                              SHA1

                              7cf4bf9eac0f8c5f9b77717a1b24eb394b6a48b1

                              SHA256

                              23303dc956b1d2321dcb6e3a25ae2db5c769a1106c6bb2f0db887499e7150b84

                              SHA512

                              ebfec01c54ab9aeccff45c2c7869d7b4af6ac7a0d4f80f839616326816efcf85553ed95b88002879ec6cd5527e2759b0121f6109ef2a4083234f50e78f90c6c2

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                              Filesize

                              203B

                              MD5

                              e72daf2a62c9f37135f75b73b379abbb

                              SHA1

                              4403c2514a57622f68ab4291c83ea0f50f2a328e

                              SHA256

                              f87be119d1e2ab635802fe75f33d95b757c06103de542eb99ecaefb525e9cf59

                              SHA512

                              e7e50037453eb8f1d62cc563af2976bafd466a3cf24d180b0b95d6722651973adb746e2065dc7d1b64ed32d763b9808232aedebbfb184f384dc93783d7e3dcbc

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cf51.TMP

                              Filesize

                              203B

                              MD5

                              ace7faa1566b0cf65377421e24a61daf

                              SHA1

                              9a1c3a988a725be51f04166ca5b6c2a8a51a5e2b

                              SHA256

                              d2d6a6410563db7eea499037ed792962c09c8fb7f13fa2679a1c497fdf719488

                              SHA512

                              50ef22c8118db6c952a2e0522096a31be53534177b46a8c6bf735a40b2a26e7416aaa1fda670b4248cf54d691006983a824aab67ac98aa7123bd18e172cd9b96

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              10KB

                              MD5

                              e48d3675bfeeb95cda94e72f6dc4276c

                              SHA1

                              404c6f438fcc94bb58264b0f0a964bb35d474c01

                              SHA256

                              58ed60c24bca335eab552b8ef5e26c7205ce291e5f36d38cac9460cae79ad8b3

                              SHA512

                              316e2820afb4ae926123b38e2ecf5e6dc5f56ae56bfcaa46e6d545a644b939f5d2e37b356c54a23febc1a552db900bdfa8dd06aed86816f86a270366c36cb31c

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.