Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/01/2025, 18:10 UTC

General

  • Target

    https://docs.google.com/drawings/d/1lcF19hyDnlhQFCdZbcgi0BPmy6PskBqCrGZPHf9mkJY/preview?pli=18057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631420392

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://docs.google.com/drawings/d/1lcF19hyDnlhQFCdZbcgi0BPmy6PskBqCrGZPHf9mkJY/preview?pli=18057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631420392
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4304
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff997e23cb8,0x7ff997e23cc8,0x7ff997e23cd8
      2⤵
        PID:4068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
        2⤵
          PID:2512
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2324
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
          2⤵
            PID:656
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
            2⤵
              PID:2772
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
              2⤵
                PID:3488
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                2⤵
                  PID:2120
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                  2⤵
                    PID:1716
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1636
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1972
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                    2⤵
                      PID:1944
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                      2⤵
                        PID:4200
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1752,10034674218942105130,16851797389750068978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1172 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1716
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:2232
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1508

                        Network

                        • flag-us
                          DNS
                          docs.google.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          docs.google.com
                          IN A
                          Response
                          docs.google.com
                          IN A
                          142.250.179.238
                        • flag-us
                          DNS
                          login.live.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          login.live.com
                          IN A
                          Response
                          login.live.com
                          IN CNAME
                          login.msa.msidentity.com
                          login.msa.msidentity.com
                          IN CNAME
                          www.tm.lg.prod.aadmsa.trafficmanager.net
                          www.tm.lg.prod.aadmsa.trafficmanager.net
                          IN CNAME
                          prdv4a.aadg.msidentity.com
                          prdv4a.aadg.msidentity.com
                          IN CNAME
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          IN A
                          20.190.160.17
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          IN A
                          40.126.32.136
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          IN A
                          40.126.32.133
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          IN A
                          40.126.32.76
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          IN A
                          40.126.32.134
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          IN A
                          20.190.160.22
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          IN A
                          40.126.32.138
                          www.tm.v4.a.prd.aadg.trafficmanager.net
                          IN A
                          40.126.32.68
                        • flag-us
                          DNS
                          ocsp.digicert.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          ocsp.digicert.com
                          IN A
                          Response
                          ocsp.digicert.com
                          IN CNAME
                          ocsp.edge.digicert.com
                          ocsp.edge.digicert.com
                          IN CNAME
                          cac-ocsp.digicert.com.edgekey.net
                          cac-ocsp.digicert.com.edgekey.net
                          IN CNAME
                          e3913.cd.akamaiedge.net
                          e3913.cd.akamaiedge.net
                          IN A
                          104.78.173.167
                        • flag-us
                          DNS
                          17.160.190.20.in-addr.arpa
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          17.160.190.20.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          lh7-rt.googleusercontent.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          lh7-rt.googleusercontent.com
                          IN A
                          Response
                          lh7-rt.googleusercontent.com
                          IN CNAME
                          googlehosted.l.googleusercontent.com
                          googlehosted.l.googleusercontent.com
                          IN A
                          142.250.200.33
                        • flag-us
                          DNS
                          167.173.78.104.in-addr.arpa
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          167.173.78.104.in-addr.arpa
                          IN PTR
                          Response
                          167.173.78.104.in-addr.arpa
                          IN PTR
                          a104-78-173-167deploystaticakamaitechnologiescom
                        • flag-gb
                          GET
                          https://docs.google.com/drawings/d/1lcF19hyDnlhQFCdZbcgi0BPmy6PskBqCrGZPHf9mkJY/preview?pli=18057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631420392
                          msedge.exe
                          Remote address:
                          142.250.179.238:443
                          Request
                          GET /drawings/d/1lcF19hyDnlhQFCdZbcgi0BPmy6PskBqCrGZPHf9mkJY/preview?pli=18057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631420392 HTTP/2.0
                          host: docs.google.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          sec-ch-ua-mobile: ?0
                          dnt: 1
                          upgrade-insecure-requests: 1
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          sec-fetch-site: none
                          sec-fetch-mode: navigate
                          sec-fetch-user: ?1
                          sec-fetch-dest: document
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-gb
                          GET
                          https://docs.google.com/static/drawings/client/css/3590561575-preview_css_ltr.css
                          msedge.exe
                          Remote address:
                          142.250.179.238:443
                          Request
                          GET /static/drawings/client/css/3590561575-preview_css_ltr.css HTTP/2.0
                          host: docs.google.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          accept: text/css,*/*;q=0.1
                          sec-fetch-site: same-origin
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: style
                          referer: https://docs.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: NID=520=NcSzHgTdbRBCGg-x1UNSHkmUAHslpjNBvAHa5lCxsON8dzdhAxGPgPZYs_aXQSWSN-tEio1INvrsPYMPFr0JA28GuOZzTEQwRjCD5mQUihem6T7TqSHYfjwhZMfefIMhbEMGY-Xyzas5nRNqICIVVY0MaqeINZWyWzdpHeowffcFdldZ7td0EEGd
                        • flag-gb
                          GET
                          https://docs.google.com/static/drawings/client/js/3251589090-preview_core__en_gb.js
                          msedge.exe
                          Remote address:
                          142.250.179.238:443
                          Request
                          GET /static/drawings/client/js/3251589090-preview_core__en_gb.js HTTP/2.0
                          host: docs.google.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          accept: */*
                          sec-fetch-site: same-origin
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: script
                          referer: https://docs.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: NID=520=NcSzHgTdbRBCGg-x1UNSHkmUAHslpjNBvAHa5lCxsON8dzdhAxGPgPZYs_aXQSWSN-tEio1INvrsPYMPFr0JA28GuOZzTEQwRjCD5mQUihem6T7TqSHYfjwhZMfefIMhbEMGY-Xyzas5nRNqICIVVY0MaqeINZWyWzdpHeowffcFdldZ7td0EEGd
                        • flag-gb
                          GET
                          https://lh7-rt.googleusercontent.com/drawingsz/AHiSRb1OewvdEbNceGS-ro5238A_zqUekqUKdQwMSLolhAoqki6-zWSQEeVcTiXTGTpeAEBfK8mG41VPeZWOy2rOPGxb602c0iOOt3LiUk2_f7HVAeDWzHhRsU47TfJjzgJ2yZo?key=6VuhI4lWVbIWcQ0FzyU94N-c
                          msedge.exe
                          Remote address:
                          142.250.200.33:443
                          Request
                          GET /drawingsz/AHiSRb1OewvdEbNceGS-ro5238A_zqUekqUKdQwMSLolhAoqki6-zWSQEeVcTiXTGTpeAEBfK8mG41VPeZWOy2rOPGxb602c0iOOt3LiUk2_f7HVAeDWzHhRsU47TfJjzgJ2yZo?key=6VuhI4lWVbIWcQ0FzyU94N-c HTTP/2.0
                          host: lh7-rt.googleusercontent.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          origin: https://docs.google.com
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          dnt: 1
                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          sec-fetch-site: cross-site
                          sec-fetch-mode: cors
                          sec-fetch-dest: image
                          referer: https://docs.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-us
                          DNS
                          195.187.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          195.187.250.142.in-addr.arpa
                          IN PTR
                          Response
                          195.187.250.142.in-addr.arpa
                          IN PTR
                          lhr25s33-in-f31e100net
                        • flag-us
                          DNS
                          33.200.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          33.200.250.142.in-addr.arpa
                          IN PTR
                          Response
                          33.200.250.142.in-addr.arpa
                          IN PTR
                          lhr48s30-in-f11e100net
                        • flag-us
                          DNS
                          nexusrules.officeapps.live.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          nexusrules.officeapps.live.com
                          IN A
                          Response
                          nexusrules.officeapps.live.com
                          IN CNAME
                          prod.nexusrules.live.com.akadns.net
                          prod.nexusrules.live.com.akadns.net
                          IN A
                          52.111.236.23
                        • flag-gb
                          GET
                          https://ssl.gstatic.com/docs/drawings/images/favicon5.ico
                          msedge.exe
                          Remote address:
                          142.250.200.3:443
                          Request
                          GET /docs/drawings/images/favicon5.ico HTTP/2.0
                          host: ssl.gstatic.com
                          sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          sec-fetch-site: cross-site
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: image
                          referer: https://docs.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • 142.250.179.238:443
                          https://docs.google.com/static/drawings/client/js/3251589090-preview_core__en_gb.js
                          tls, http2
                          msedge.exe
                          6.2kB
                          133.6kB
                          87
                          111

                          HTTP Request

                          GET https://docs.google.com/drawings/d/1lcF19hyDnlhQFCdZbcgi0BPmy6PskBqCrGZPHf9mkJY/preview?pli=18057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631428057631420392

                          HTTP Request

                          GET https://docs.google.com/static/drawings/client/css/3590561575-preview_css_ltr.css

                          HTTP Request

                          GET https://docs.google.com/static/drawings/client/js/3251589090-preview_core__en_gb.js
                        • 142.250.200.33:443
                          https://lh7-rt.googleusercontent.com/drawingsz/AHiSRb1OewvdEbNceGS-ro5238A_zqUekqUKdQwMSLolhAoqki6-zWSQEeVcTiXTGTpeAEBfK8mG41VPeZWOy2rOPGxb602c0iOOt3LiUk2_f7HVAeDWzHhRsU47TfJjzgJ2yZo?key=6VuhI4lWVbIWcQ0FzyU94N-c
                          tls, http2
                          msedge.exe
                          4.3kB
                          121.8kB
                          66
                          96

                          HTTP Request

                          GET https://lh7-rt.googleusercontent.com/drawingsz/AHiSRb1OewvdEbNceGS-ro5238A_zqUekqUKdQwMSLolhAoqki6-zWSQEeVcTiXTGTpeAEBfK8mG41VPeZWOy2rOPGxb602c0iOOt3LiUk2_f7HVAeDWzHhRsU47TfJjzgJ2yZo?key=6VuhI4lWVbIWcQ0FzyU94N-c
                        • 142.250.200.3:443
                          https://ssl.gstatic.com/docs/drawings/images/favicon5.ico
                          tls, http2
                          msedge.exe
                          1.9kB
                          6.3kB
                          16
                          16

                          HTTP Request

                          GET https://ssl.gstatic.com/docs/drawings/images/favicon5.ico
                        • 8.8.8.8:53
                          docs.google.com
                          dns
                          msedge.exe
                          403 B
                          1.0kB
                          6
                          6

                          DNS Request

                          docs.google.com

                          DNS Response

                          142.250.179.238

                          DNS Request

                          login.live.com

                          DNS Response

                          20.190.160.17
                          40.126.32.136
                          40.126.32.133
                          40.126.32.76
                          40.126.32.134
                          20.190.160.22
                          40.126.32.138
                          40.126.32.68

                          DNS Request

                          ocsp.digicert.com

                          DNS Response

                          104.78.173.167

                          DNS Request

                          17.160.190.20.in-addr.arpa

                          DNS Request

                          lh7-rt.googleusercontent.com

                          DNS Response

                          142.250.200.33

                          DNS Request

                          167.173.78.104.in-addr.arpa

                        • 142.250.179.238:443
                          docs.google.com
                          https
                          msedge.exe
                          3.1kB
                          6.8kB
                          6
                          8
                        • 8.8.8.8:53
                          195.187.250.142.in-addr.arpa
                          dns
                          74 B
                          112 B
                          1
                          1

                          DNS Request

                          195.187.250.142.in-addr.arpa

                        • 8.8.8.8:53
                          33.200.250.142.in-addr.arpa
                          dns
                          149 B
                          252 B
                          2
                          2

                          DNS Request

                          33.200.250.142.in-addr.arpa

                          DNS Request

                          nexusrules.officeapps.live.com

                          DNS Response

                          52.111.236.23

                        • 224.0.0.251:5353
                          512 B
                          8

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          e9a2c784e6d797d91d4b8612e14d51bd

                          SHA1

                          25e2b07c396ee82e4404af09424f747fc05f04c2

                          SHA256

                          18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

                          SHA512

                          fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          1fc959921446fa3ab5813f75ca4d0235

                          SHA1

                          0aeef3ba7ba2aa1f725fca09432d384b06995e2a

                          SHA256

                          1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

                          SHA512

                          899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          72B

                          MD5

                          6932e4a606f7bbd4457411c066d3ed86

                          SHA1

                          c8f0541d68f619b7ed69b44fbdf91ea6ded124ab

                          SHA256

                          9d5ec86b615848c7ec1f50473d4b66152e9e9b964039b64396b2280bb8367b55

                          SHA512

                          0deb1a0ad5eb888481ea8d4309dbaaf79fdb4a17786adb0c812a049e9798172b71f57bcd903dcf71d156d1e1a41ba5572424e387a0594faa2337110e7d61fa93

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                          Filesize

                          992B

                          MD5

                          5d3a80e862ba379331cd1982aa2853bf

                          SHA1

                          93c83fd1876ca5f35eb9de502aa8a6a22ae1f77f

                          SHA256

                          2952518782c8ce7be743ce65244e213ef8801e50675a4423c38e0b4e9ad67499

                          SHA512

                          9ebbb12c77aaa29f59e12d3ab679f5bf8907168c29d6a508d336eef0221ba9136e4f0b59b10d3251ece77c1e4b47a826116bb94e0e8e2583dd9cafc5cf7c39cf

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          e653b310f0fa578c4486379597eaed90

                          SHA1

                          75e1c0a210fc1bb3d166379caee98b9e2605a9db

                          SHA256

                          32d4f2dc8184e09b690c9c6b9916516b5eb6b7b2c845edacaf4e06c410b966b7

                          SHA512

                          3b3b0d6fff8fa551fb0b929b2f663304e869e7b76633925ffa304b16d464faeeff8f13eea077f807d47131ef65f4602d1c61beafe255713d4417480168ab8f1c

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                          Filesize

                          16B

                          MD5

                          6752a1d65b201c13b62ea44016eb221f

                          SHA1

                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                          SHA256

                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                          SHA512

                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f3725c96-8b51-47d5-9c72-10df55ed28da.tmp

                          Filesize

                          5KB

                          MD5

                          feb0ce7c2b3e71276ef3acfa93b51c08

                          SHA1

                          0c34555901824feffcd3a5ab95cae4ae65841afe

                          SHA256

                          bc5be401291c032e97ad590585c61f81fb095822d9534cae5d0bb86bc6fc1cb6

                          SHA512

                          9fb4ac0c6eba7ed67cb37d3f8035ca4ea1ec6395649440d55e17bd1f40b5d0139b2b0d0a572d39ef3678b7e0259689f1929d66f3061c3d2fb2c9b547d91e392e

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                          Filesize

                          10KB

                          MD5

                          02d125d3c05588109feea9e416f9ac8a

                          SHA1

                          8e0ce1967b5150b4684a3d0334b105987cac0075

                          SHA256

                          6945c27c0f0d219525b85519d03b8ede2b36214d2053e746ab441f309e188a1c

                          SHA512

                          a5951d86cfd17d867206f3f52e3831037c0ef60c1969ed4edea8bb234e65999d8885cce7430a62d2b4b2efcb35d4e97bacdd4f41c8a19059d65bc599591969fc

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.