Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2024 19:43

General

  • Target

    https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp=drive_web

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp=drive_web
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3916
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe662046f8,0x7ffe66204708,0x7ffe66204718
      2⤵
        PID:1472
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        2⤵
          PID:5080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2796
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
          2⤵
            PID:2032
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:4520
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
              2⤵
                PID:1376
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
                2⤵
                  PID:4944
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4964
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
                  2⤵
                    PID:2492
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
                    2⤵
                      PID:876
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                      2⤵
                        PID:852
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                        2⤵
                          PID:4508
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6247615377247944156,7722483290648064069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2744
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:892
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4708

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            drive.google.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            drive.google.com
                            IN A
                            Response
                            drive.google.com
                            IN A
                            142.250.180.14
                          • flag-gb
                            GET
                            https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp=drive_web
                            msedge.exe
                            Remote address:
                            142.250.180.14:443
                            Request
                            GET /file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp=drive_web HTTP/2.0
                            host: drive.google.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            sec-ch-ua-mobile: ?0
                            dnt: 1
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            sec-fetch-site: none
                            sec-fetch-mode: navigate
                            sec-fetch-user: ?1
                            sec-fetch-dest: document
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            149.220.183.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            149.220.183.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            14.180.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            14.180.250.142.in-addr.arpa
                            IN PTR
                            Response
                            14.180.250.142.in-addr.arpa
                            IN PTR
                            lhr25s32-in-f141e100net
                          • flag-us
                            DNS
                            99.209.201.84.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            99.209.201.84.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            138.32.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            138.32.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            accounts.google.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            accounts.google.com
                            IN A
                            Response
                            accounts.google.com
                            IN A
                            142.251.173.84
                          • flag-be
                            GET
                            https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&followup=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web
                            msedge.exe
                            Remote address:
                            142.251.173.84:443
                            Request
                            GET /ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&followup=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web HTTP/2.0
                            host: accounts.google.com
                            dnt: 1
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            sec-fetch-site: none
                            sec-fetch-mode: navigate
                            sec-fetch-user: ?1
                            sec-fetch-dest: document
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            sec-ch-ua-mobile: ?0
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: NID=519=gBoSLpAXZ4OhnWmFJb_lkxZC0JfGrhGyAsJMVWafIXj0PugaR0hwvjr_lYu0s1eqVERrpOKMQcdf4Bjap-ZnXTOkAHaWAo-e4gqHhV5NladGvNeUnZRyKmI4nn9uykuY2y7tRK3OyMqVfQaQ3U4Y20UO3UhZ4usDnYUM21fjbv_BumRQ
                          • flag-be
                            GET
                            https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&followup=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&osid=1&passive=1209600&service=wise&ifkv=AcMMx-eL5EAak4Y1DpEMttd_Z-btglt28ZWU6EA5vA9YwqgYnzpnQtEVDreawkFJ8hDIkk6hP-RZlQ
                            msedge.exe
                            Remote address:
                            142.251.173.84:443
                            Request
                            GET /InteractiveLogin?continue=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&followup=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&osid=1&passive=1209600&service=wise&ifkv=AcMMx-eL5EAak4Y1DpEMttd_Z-btglt28ZWU6EA5vA9YwqgYnzpnQtEVDreawkFJ8hDIkk6hP-RZlQ HTTP/2.0
                            host: accounts.google.com
                            dnt: 1
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            sec-fetch-site: none
                            sec-fetch-mode: navigate
                            sec-fetch-user: ?1
                            sec-fetch-dest: document
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-full-version: "92.0.902.67"
                            sec-ch-ua-arch: "x86"
                            sec-ch-ua-platform: "Windows"
                            sec-ch-ua-platform-version: "10.0"
                            sec-ch-ua-model: ""
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: NID=519=gBoSLpAXZ4OhnWmFJb_lkxZC0JfGrhGyAsJMVWafIXj0PugaR0hwvjr_lYu0s1eqVERrpOKMQcdf4Bjap-ZnXTOkAHaWAo-e4gqHhV5NladGvNeUnZRyKmI4nn9uykuY2y7tRK3OyMqVfQaQ3U4Y20UO3UhZ4usDnYUM21fjbv_BumRQ
                            cookie: __Host-GAPS=1:TflupLZ-LSkcovUJ4yfNBHcW8rTJGQ:iAoaEW6WjA4MCKb5
                          • flag-be
                            GET
                            https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH%2Fview%3Fusp%3Ddrive_web&ifkv=AcMMx-eAwyvrRe5dPh-d-65W2-oJtHx3gHjLdFL71i7RCqiUOQ05ahMrLLbKeJhaMnaz8Ahf0eKmZg&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1860816358%3A1732563801620016&ddm=1
                            msedge.exe
                            Remote address:
                            142.251.173.84:443
                            Request
                            GET /v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH%2Fview%3Fusp%3Ddrive_web&ifkv=AcMMx-eAwyvrRe5dPh-d-65W2-oJtHx3gHjLdFL71i7RCqiUOQ05ahMrLLbKeJhaMnaz8Ahf0eKmZg&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1860816358%3A1732563801620016&ddm=1 HTTP/2.0
                            host: accounts.google.com
                            dnt: 1
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            sec-fetch-site: none
                            sec-fetch-mode: navigate
                            sec-fetch-user: ?1
                            sec-fetch-dest: document
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-full-version: "92.0.902.67"
                            sec-ch-ua-arch: "x86"
                            sec-ch-ua-platform: "Windows"
                            sec-ch-ua-platform-version: "10.0"
                            sec-ch-ua-model: ""
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: NID=519=gBoSLpAXZ4OhnWmFJb_lkxZC0JfGrhGyAsJMVWafIXj0PugaR0hwvjr_lYu0s1eqVERrpOKMQcdf4Bjap-ZnXTOkAHaWAo-e4gqHhV5NladGvNeUnZRyKmI4nn9uykuY2y7tRK3OyMqVfQaQ3U4Y20UO3UhZ4usDnYUM21fjbv_BumRQ
                            cookie: __Host-GAPS=1:TflupLZ-LSkcovUJ4yfNBHcW8rTJGQ:iAoaEW6WjA4MCKb5
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            84.173.251.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            84.173.251.142.in-addr.arpa
                            IN PTR
                            Response
                            84.173.251.142.in-addr.arpa
                            IN PTR
                            wi-in-f841e100net
                          • flag-us
                            DNS
                            3.178.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            3.178.250.142.in-addr.arpa
                            IN PTR
                            Response
                            3.178.250.142.in-addr.arpa
                            IN PTR
                            lhr48s27-in-f31e100net
                          • flag-us
                            DNS
                            227.16.217.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            227.16.217.172.in-addr.arpa
                            IN PTR
                            Response
                            227.16.217.172.in-addr.arpa
                            IN PTR
                            lhr48s28-in-f31e100net
                            227.16.217.172.in-addr.arpa
                            IN PTR
                            mad08s04-in-f3�H
                          • flag-us
                            DNS
                            play.google.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            play.google.com
                            IN A
                            Response
                            play.google.com
                            IN A
                            142.250.187.206
                          • flag-gb
                            OPTIONS
                            https://play.google.com/log?format=json&hasfast=true&authuser=0
                            msedge.exe
                            Remote address:
                            142.250.187.206:443
                            Request
                            OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
                            host: play.google.com
                            accept: */*
                            access-control-request-method: POST
                            access-control-request-headers: x-goog-authuser
                            origin: https://accounts.google.com
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            sec-fetch-mode: cors
                            sec-fetch-site: same-site
                            sec-fetch-dest: empty
                            referer: https://accounts.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-gb
                            OPTIONS
                            https://play.google.com/log?format=json&hasfast=true&authuser=0
                            msedge.exe
                            Remote address:
                            142.250.187.206:443
                            Request
                            OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
                            host: play.google.com
                            accept: */*
                            access-control-request-method: POST
                            access-control-request-headers: x-goog-authuser
                            origin: https://accounts.google.com
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            sec-fetch-mode: cors
                            sec-fetch-site: same-site
                            sec-fetch-dest: empty
                            referer: https://accounts.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            www.google.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.google.com
                            IN A
                            Response
                            www.google.com
                            IN A
                            172.217.16.228
                          • flag-gb
                            GET
                            https://www.google.com/favicon.ico
                            msedge.exe
                            Remote address:
                            172.217.16.228:443
                            Request
                            GET /favicon.ico HTTP/2.0
                            host: www.google.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            sec-ch-ua-arch: "x86"
                            sec-ch-ua-full-version: "92.0.902.67"
                            sec-ch-ua-platform-version: "10.0"
                            sec-ch-ua-model:
                            sec-ch-ua-platform: "Windows"
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: same-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            referer: https://accounts.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: NID=519=gBoSLpAXZ4OhnWmFJb_lkxZC0JfGrhGyAsJMVWafIXj0PugaR0hwvjr_lYu0s1eqVERrpOKMQcdf4Bjap-ZnXTOkAHaWAo-e4gqHhV5NladGvNeUnZRyKmI4nn9uykuY2y7tRK3OyMqVfQaQ3U4Y20UO3UhZ4usDnYUM21fjbv_BumRQ
                          • flag-us
                            DNS
                            228.16.217.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            228.16.217.172.in-addr.arpa
                            IN PTR
                            Response
                            228.16.217.172.in-addr.arpa
                            IN PTR
                            lhr48s28-in-f41e100net
                            228.16.217.172.in-addr.arpa
                            IN PTR
                            mad08s04-in-f4�H
                          • flag-us
                            DNS
                            133.211.185.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            133.211.185.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            56.163.245.4.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            56.163.245.4.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            171.39.242.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            171.39.242.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            92.12.20.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            92.12.20.2.in-addr.arpa
                            IN PTR
                            Response
                            92.12.20.2.in-addr.arpa
                            IN PTR
                            a2-20-12-92deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            172.214.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.214.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            30.243.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            30.243.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • 142.250.180.14:443
                            https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp=drive_web
                            tls, http2
                            msedge.exe
                            2.0kB
                            10.1kB
                            17
                            18

                            HTTP Request

                            GET https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp=drive_web
                          • 142.251.173.84:443
                            https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH%2Fview%3Fusp%3Ddrive_web&ifkv=AcMMx-eAwyvrRe5dPh-d-65W2-oJtHx3gHjLdFL71i7RCqiUOQ05ahMrLLbKeJhaMnaz8Ahf0eKmZg&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1860816358%3A1732563801620016&ddm=1
                            tls, http2
                            msedge.exe
                            6.8kB
                            179.1kB
                            84
                            148

                            HTTP Request

                            GET https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&followup=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web

                            HTTP Request

                            GET https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&followup=https://drive.google.com/file/d/1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH/view?usp%3Ddrive_web&osid=1&passive=1209600&service=wise&ifkv=AcMMx-eL5EAak4Y1DpEMttd_Z-btglt28ZWU6EA5vA9YwqgYnzpnQtEVDreawkFJ8hDIkk6hP-RZlQ

                            HTTP Request

                            GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH%2Fview%3Fusp%3Ddrive_web&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1uQ5c3FypZ9aeJji0de8wlcQI8CMZ-7yH%2Fview%3Fusp%3Ddrive_web&ifkv=AcMMx-eAwyvrRe5dPh-d-65W2-oJtHx3gHjLdFL71i7RCqiUOQ05ahMrLLbKeJhaMnaz8Ahf0eKmZg&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1860816358%3A1732563801620016&ddm=1
                          • 142.250.187.206:443
                            https://play.google.com/log?format=json&hasfast=true&authuser=0
                            tls, http2
                            msedge.exe
                            2.0kB
                            8.5kB
                            17
                            18

                            HTTP Request

                            OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

                            HTTP Request

                            OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
                          • 142.250.187.206:443
                            play.google.com
                            tls, http2
                            msedge.exe
                            989 B
                            7.6kB
                            9
                            9
                          • 172.217.16.228:443
                            https://www.google.com/favicon.ico
                            tls, http2
                            msedge.exe
                            2.1kB
                            8.0kB
                            16
                            16

                            HTTP Request

                            GET https://www.google.com/favicon.ico
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                            90 B
                            1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            drive.google.com
                            dns
                            msedge.exe
                            62 B
                            78 B
                            1
                            1

                            DNS Request

                            drive.google.com

                            DNS Response

                            142.250.180.14

                          • 8.8.8.8:53
                            149.220.183.52.in-addr.arpa
                            dns
                            73 B
                            147 B
                            1
                            1

                            DNS Request

                            149.220.183.52.in-addr.arpa

                          • 8.8.8.8:53
                            14.180.250.142.in-addr.arpa
                            dns
                            73 B
                            112 B
                            1
                            1

                            DNS Request

                            14.180.250.142.in-addr.arpa

                          • 8.8.8.8:53
                            99.209.201.84.in-addr.arpa
                            dns
                            72 B
                            132 B
                            1
                            1

                            DNS Request

                            99.209.201.84.in-addr.arpa

                          • 8.8.8.8:53
                            138.32.126.40.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            138.32.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            accounts.google.com
                            dns
                            msedge.exe
                            65 B
                            81 B
                            1
                            1

                            DNS Request

                            accounts.google.com

                            DNS Response

                            142.251.173.84

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                            144 B
                            1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 142.251.173.84:443
                            accounts.google.com
                            https
                            msedge.exe
                            6.2kB
                            10.6kB
                            24
                            25
                          • 8.8.8.8:53
                            84.173.251.142.in-addr.arpa
                            dns
                            73 B
                            106 B
                            1
                            1

                            DNS Request

                            84.173.251.142.in-addr.arpa

                          • 8.8.8.8:53
                            227.16.217.172.in-addr.arpa
                            dns
                            73 B
                            140 B
                            1
                            1

                            DNS Request

                            227.16.217.172.in-addr.arpa

                          • 8.8.8.8:53
                            3.178.250.142.in-addr.arpa
                            dns
                            72 B
                            110 B
                            1
                            1

                            DNS Request

                            3.178.250.142.in-addr.arpa

                          • 8.8.8.8:53
                            play.google.com
                            dns
                            msedge.exe
                            61 B
                            77 B
                            1
                            1

                            DNS Request

                            play.google.com

                            DNS Response

                            142.250.187.206

                          • 8.8.8.8:53
                            www.google.com
                            dns
                            msedge.exe
                            60 B
                            76 B
                            1
                            1

                            DNS Request

                            www.google.com

                            DNS Response

                            172.217.16.228

                          • 142.250.187.206:443
                            play.google.com
                            https
                            msedge.exe
                            9.8kB
                            10.6kB
                            23
                            26
                          • 8.8.8.8:53
                            228.16.217.172.in-addr.arpa
                            dns
                            73 B
                            140 B
                            1
                            1

                            DNS Request

                            228.16.217.172.in-addr.arpa

                          • 224.0.0.251:5353
                            521 B
                            8
                          • 8.8.8.8:53
                            133.211.185.52.in-addr.arpa
                            dns
                            73 B
                            147 B
                            1
                            1

                            DNS Request

                            133.211.185.52.in-addr.arpa

                          • 8.8.8.8:53
                            56.163.245.4.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            56.163.245.4.in-addr.arpa

                          • 8.8.8.8:53
                            171.39.242.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            171.39.242.20.in-addr.arpa

                          • 8.8.8.8:53
                            92.12.20.2.in-addr.arpa
                            dns
                            69 B
                            131 B
                            1
                            1

                            DNS Request

                            92.12.20.2.in-addr.arpa

                          • 8.8.8.8:53
                            172.214.232.199.in-addr.arpa
                            dns
                            74 B
                            128 B
                            1
                            1

                            DNS Request

                            172.214.232.199.in-addr.arpa

                          • 142.251.173.84:443
                            accounts.google.com
                            https
                            msedge.exe
                            4.4kB
                            4.0kB
                            8
                            9
                          • 8.8.8.8:53
                            30.243.111.52.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            30.243.111.52.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            fab8d8d865e33fe195732aa7dcb91c30

                            SHA1

                            2637e832f38acc70af3e511f5eba80fbd7461f2c

                            SHA256

                            1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                            SHA512

                            39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            36988ca14952e1848e81a959880ea217

                            SHA1

                            a0482ef725657760502c2d1a5abe0bb37aebaadb

                            SHA256

                            d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                            SHA512

                            d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\689fe1f6-0be3-4c27-a878-6a1245369071.tmp

                            Filesize

                            1KB

                            MD5

                            f6a7301a388809e2dcf8f764ea2f57b0

                            SHA1

                            d81cef46477ef78fa32f801bfff17e0a98d43756

                            SHA256

                            06b8ec81ba411095c93201e0a234f04f55470a3e6bf5ddad7548afbc1c2bf3b3

                            SHA512

                            f8e244149f6595d10e8f63749b0f5d33977b062d1e47540e9433fdaf5a26c89a0416d27dbf0a53845f9c0f13ca849bfdf5ef6c37a15c5204980143c4390f206e

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            336B

                            MD5

                            e2a26f54658bef0c04e47fcb4576dccd

                            SHA1

                            0bc5e5f0248744a59a9abdb736c6065c7cd88d6a

                            SHA256

                            e4e4f2079a76c79fd89aeb561d7f7207a982d4ce4b5adf1e0b698c6a7a5a7925

                            SHA512

                            621cc3caaab227489a75e7cc303d9b8ec649d267ae374e0d22e0daccdd00ef33791a809b638febb3e691538552c7609dde8b6b5afebd543c50a336c3b552267e

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            bb5543ac55ae40f0de1e63c4db2a6ced

                            SHA1

                            c5b64ef0ef9f9752f13664999b2f2b9e7f6a60e1

                            SHA256

                            741a3974b3200e20d23243d671cd2b069e12d536b624e03dcb9732db106c2a20

                            SHA512

                            1eac4ae6fe70aac42205c09ceeb3e5b2078aa2a22dbec5f5a59fa9e32c68ae4cb68bcbe9e1cee379b561ed6e1eef17655a252ccc261bf7747f49e61aae01e630

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            e376ec9d780c0d0e12e3577719a73060

                            SHA1

                            4ba5f44e857490f2824fff02cf7bcb4256e47990

                            SHA256

                            063a26d59e505f6c7caf8634475963cff3551936ce3c0ec4083d90f4be49027b

                            SHA512

                            aa3aa96c8e0266ceaa0bf9882c039c436f6b10283ca12875c08948985f113fb3d919bcf3a6ac8958256a356e39af235f8db34411991caeee5930bcc35bba3de9

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            f7e869a9c39bde924d959e7cc7396aa2

                            SHA1

                            ec15eff2969f73702a0120271938e57aa087702f

                            SHA256

                            594083af6a69a68fef2e5720650de1f1328aa71f6583204595d0403bd2df8304

                            SHA512

                            4b368888f1d42ac795b9ac3499b0cde672ae78595233060009c17d975d65603367d5bda4566b46dc7df8fce4901e1e7a4d0ef634f6a3b385b2cfaff6d7b38aa7

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                            Filesize

                            203B

                            MD5

                            437e9cc98590ec19666626fe13e62b59

                            SHA1

                            211c493608b0acf7fe13ce03522c72a7bcf2291a

                            SHA256

                            1f8010c72c06f42ce8dac6a5d1c2ee841f90cf43c76aab841b268d6ee0377205

                            SHA512

                            6b7bc17d4a197e33d766673498f86e4ccf5d7fb1d9ce820c28edaf936a7a6846cb2ebfba1367a3eea41d491cc6e69a34b49bfd109a5751745fc33a31ac8d3543

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a3cd.TMP

                            Filesize

                            201B

                            MD5

                            b608d874b6179d810ad10dbb74ff3f13

                            SHA1

                            1604f4493d0ccdda22cb785f69aed59b787220c7

                            SHA256

                            68582133ece9868d7da08b191d9fc6cb2ee10a9f680d96b5b319aa6625d11330

                            SHA512

                            4b78d351da02d0df71d3d7ac1bd082efffcc4c95649923875d0ca4d4e64fb60e07076d34ad8df99b3c981b60498fe223ec0e0066e354195cc505b45dbe632297

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            10KB

                            MD5

                            4d6d8715dc6b69f614d55e8aab5a460f

                            SHA1

                            f0f13a2f2a96beba5a86b06760263d6219487c89

                            SHA256

                            7418334c672bf12076fd3bdc0802d26f5a960233818c8544da1133be3a7e049e

                            SHA512

                            82688e4da6a4642b0e54b38a14f36302cad798cf53c79b81b271596f78af0274a3473d39edce190229fde3fa6f163f8c88095a5f7d8be535743df64326ecfb15

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.