Analysis
-
max time kernel
146s -
max time network
140s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-11-2024 03:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing
Resource
win11-20241007-en
General
-
Target
https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 drive.google.com 5 drive.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 540 msedge.exe 540 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 444 msedge.exe 444 msedge.exe 1476 identity_helper.exe 1476 identity_helper.exe 2508 msedge.exe 2508 msedge.exe 2508 msedge.exe 2508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4168 wrote to memory of 3000 4168 msedge.exe 79 PID 4168 wrote to memory of 3000 4168 msedge.exe 79 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 808 4168 msedge.exe 80 PID 4168 wrote to memory of 540 4168 msedge.exe 81 PID 4168 wrote to memory of 540 4168 msedge.exe 81 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82 PID 4168 wrote to memory of 656 4168 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4168 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc597d3cb8,0x7ffc597d3cc8,0x7ffc597d3cd82⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:2192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4916 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:712
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4808
Network
-
Remote address:8.8.8.8:53Requestdrive.google.comIN AResponsedrive.google.comIN A142.250.180.14
-
Remote address:8.8.8.8:53Requestctldl.windowsupdate.comIN AResponsectldl.windowsupdate.comIN CNAMEctldl.windowsupdate.com.delivery.microsoft.comctldl.windowsupdate.com.delivery.microsoft.comIN CNAMEwu-b-net.trafficmanager.netwu-b-net.trafficmanager.netIN CNAMEbg.microsoft.map.fastly.netbg.microsoft.map.fastly.netIN A199.232.210.172bg.microsoft.map.fastly.netIN A199.232.214.172
-
Remote address:8.8.8.8:53Requestfonts.googleapis.comIN AResponsefonts.googleapis.comIN A216.58.212.202
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request206.187.250.142.in-addr.arpaIN PTRResponse206.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f141e100net
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:142.250.180.14:443RequestGET /file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing HTTP/2.0
host: drive.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestssl.gstatic.comIN AResponsessl.gstatic.comIN A216.58.201.99
-
Remote address:8.8.8.8:53Request14.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request227.187.250.142.in-addr.arpaIN PTRResponse227.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f31e100net
-
Remote address:8.8.8.8:53Requestnexusrules.officeapps.live.comIN AResponsenexusrules.officeapps.live.comIN CNAMEprod.nexusrules.live.com.akadns.netprod.nexusrules.live.com.akadns.netIN A52.111.227.14
-
Remote address:216.58.201.99:443RequestGET /images/branding/googlelogo/1x/googlelogo_color_116x41dp.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:216.58.201.99:443RequestGET /images/branding/product/1x/drive_2020q4_32dp.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request202.212.58.216.in-addr.arpaIN PTRResponse202.212.58.216.in-addr.arpaIN PTRams16s21-in-f101e100net202.212.58.216.in-addr.arpaIN PTRlhr25s27-in-f10�I202.212.58.216.in-addr.arpaIN PTRams16s21-in-f202�I
-
Remote address:8.8.8.8:53Requestctldl.windowsupdate.comIN AResponsectldl.windowsupdate.comIN CNAMEctldl.windowsupdate.com.delivery.microsoft.comctldl.windowsupdate.com.delivery.microsoft.comIN CNAMEwu-b-net.trafficmanager.netwu-b-net.trafficmanager.netIN CNAMEdownload.windowsupdate.com.edgesuite.netdownload.windowsupdate.com.edgesuite.netIN CNAMEa767.dspw65.akamai.neta767.dspw65.akamai.netIN A2.23.210.83a767.dspw65.akamai.netIN A2.23.210.88
-
Remote address:8.8.8.8:53Requestctldl.windowsupdate.comIN A
-
Remote address:142.250.187.206:443RequestGET /favicon.ico HTTP/2.0
host: docs.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=NXQafkjWz0qPSthCxcDr_6KsIAUVcOogkk_rAn8TJT7qanI3zdrRZ49dY_5O6ylud6qgYAvEiMI7w00BygsRF95Kz-EN0OGkKCPuXF_ny-R1TrmAjWfq2qltGuiwXy6OZBbrrWYSkreTiyo4i0QFgEWra7DjmMAtVXeb21ESz_loius
-
142.250.180.14:443https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharingtls, http2msedge.exe2.0kB 10.6kB 18 20
HTTP Request
GET https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing -
216.58.201.99:443https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.pngtls, http2msedge.exe2.1kB 9.5kB 18 17
HTTP Request
GET https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_116x41dp.pngHTTP Request
GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png -
1.9kB 8.6kB 14 16
HTTP Request
GET https://docs.google.com/favicon.ico
-
409 B 758 B 6 6
DNS Request
drive.google.com
DNS Response
142.250.180.14
DNS Request
ctldl.windowsupdate.com
DNS Response
199.232.210.172199.232.214.172
DNS Request
fonts.googleapis.com
DNS Response
216.58.212.202
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
206.187.250.142.in-addr.arpa
DNS Request
14.227.111.52.in-addr.arpa
-
283 B 488 B 4 4
DNS Request
ssl.gstatic.com
DNS Response
216.58.201.99
DNS Request
14.160.190.20.in-addr.arpa
DNS Request
227.187.250.142.in-addr.arpa
DNS Request
nexusrules.officeapps.live.com
DNS Response
52.111.227.14
-
211 B 456 B 3 2
DNS Request
202.212.58.216.in-addr.arpa
DNS Request
ctldl.windowsupdate.com
DNS Request
ctldl.windowsupdate.com
DNS Response
2.23.210.832.23.210.88
-
3.7kB 7.2kB 8 9
-
564 B 9
-
4.0kB 8.9kB 10 13
-
3.8kB 7.4kB 8 11
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5aad1d98ca9748cc4c31aa3b5abfe0fed
SHA132e8d4d9447b13bc00ec3eb15a88c55c29489495
SHA2562a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e
SHA512150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72
-
Filesize
152B
MD5cb557349d7af9d6754aed39b4ace5bee
SHA104de2ac30defbb36508a41872ddb475effe2d793
SHA256cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee
SHA512f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a
-
Filesize
1KB
MD5f5459ec5c4750be18612996a23541295
SHA167e5700b2a19c68e331857782359ddce21623bbe
SHA25602eb45c7b9471f5b18f7d12a54d3e5b1fdddaace92c95bcf08320b1f104998c6
SHA512405a1c82e92ec53554d54d5920b6bc9b0c7be87b84b8388cc3932d011c26b4ca0758e79c31eaee3f8f6fdbdb2d7cd9a1242ef1452e9e00198e5e03af307c5611
-
Filesize
5KB
MD55aeeaaf68f5eea7c2b91bda16d260c0a
SHA15ea5982e21308f368a7c708cfb0b343c39152110
SHA256064dcd52e2741738664e68ec83fd8bef0aa20d45516ca957ecb6d0607f02c443
SHA51234311b359df8d133c8e813c1fc9d63e5d3479d3721560cce380676f4e0738eedccb7f5af687c2af62c41c1c010ab98f126a9acddfbb1b264cea1f3069205cb94
-
Filesize
6KB
MD5bae19618a8aae892d0fb15ea583c1431
SHA10f5cc0101645f13ea912336909a6dcd9f4376d62
SHA25620f3ba4c38d740a5f5fee49ff23697f95a6ed01245b44feac9cc22aa4f5c73c5
SHA512858d78a4e6be7c4a45a65c5184aca28477ba528b2c446e5daee2acfa0dd16bcfa1dd18a02adad58fc3b3522efcff46b68d0938abf43011b8d6f7be90226cd5fc
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD58c2eb8c3439a25530c6a6391d77fe7f3
SHA11fa714c65c5415d2e126aae49e3fda4b9b2d7c7d
SHA256f72154ad1a554af4524343d7add480e1d2a0bb00600e5a1b2225659742a76e86
SHA512acc267e94cb274ede587406e743eb3efef6d0299433a3bf81d641ff594b5a46c3ac3cb7b86e62f5a5d6845df1b2bea4afcf3ff386525923b3d99397586ca44d0
-
Filesize
10KB
MD570de61d6f2a2b8a8ec055c40094a5c30
SHA1f2c3e899a13227426e2c997d8a345644f0389f54
SHA2567457e11aafc91b8d17c32747a4eb89c6a5593ffce7e7ed6d1d4e908b5c7675a4
SHA51278f98c1818266fa9ec70a5699334c9266bdb10611f43dabd005861d4583a46906bc8dc00dc50774797ceaade58238437785ca307ebe86df8e02a347dee4af91e