hxxps://drive[.]google[.]com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view

Resubmissions

02/03/2023, 17:19 UTC

230302-vv9k4adh98 6

02/03/2023, 17:10 UTC

230302-vp7vbade4v 6

02/03/2023, 17:07 UTC

230302-vnbeqade3w 6

Analysis

max time kernel
60s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/03/2023, 17:10 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 2c9ba0669e45d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1894285466"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000ebff77e503f2050cfb31366e941f2804b782200bc5ad562e3e2ceefeb604b84e000000000e8000000002000020000000235c7c12a262c8bc7006c32c71c726d3b312f2e029cb0b58bfeeff2ab18c629b2000000088116686fa3c10bed7e9f620752d7267be1be323e193b3b730ea8da69b65543a40000000eb052cc534b247500853ecb9dab918ce8db66735980112937e7d80b8959fca70fcecebeda5323ad413179fc6ce7c7c75bf914388b5e7898c2c7e522939942590	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d23373324dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\drive.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\drive.google.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31018290"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000ca2dd665eae4882fa2239cceb4adf7b414c7fcc34b4f0519073eaa2d1384c298000000000e8000000002000020000000cf20231d0f2a78200529f700f63346cae7b24c383fb2b682cdede38f9db887a3200000004ce45bbe1456d7351c939732f63077f78d011460e769b69ebe124c8422fdba70400000002362ca29b3e4ba998056bd52862cb600a8b8668f8564ce1ef2ffdff0f13d1db511f2ed52c61ca4db487c390c0464ce5a73c2b48dcd415b01d21784ba1408fb73	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06b3f73324dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\drive.google.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31018290"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9BA0A328-B925-11ED-ABF7-E2BD7878EA51} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1894285466"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{7820699C-7768-4F8F-BB54-CC6AF1087BEE}"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2272	firefox.exe
Token: SeDebugPrivilege	2272	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3592	iexplore.exe
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
3592	iexplore.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
3592	iexplore.exe
3592	iexplore.exe
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE
2272	firefox.exe
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 4120	3592	iexplore.exe	84
PID 3592 wrote to memory of 4120	3592	iexplore.exe	84
PID 3592 wrote to memory of 4120	3592	iexplore.exe	84
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 2272 wrote to memory of 2808	2272	firefox.exe	92
PID 2272 wrote to memory of 2808	2272	firefox.exe	92
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3592 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.0.1058498213\1606522467" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18d577c6-0b09-4617-a669-f6c165a7c4d3} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1928 273f6ea7258 gpu
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.1.1594626554\1120370934" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffc96fa6-0e0e-423f-8bbe-504ba880b2c1} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2300 273e8e72e58 socket
    3⤵
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.2.790971895\54411842" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 1632 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17670d65-aa2d-41b6-87ea-c25775725437} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2856 273f9c06758 tab
    3⤵
    PID:1680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.3.545071177\385631537" -childID 2 -isForBrowser -prefsHandle 1292 -prefMapHandle 1296 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16c4fc1-602f-44d8-b13e-c9f3141b99de} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3524 273e8e70a58 tab
    3⤵
    PID:2056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.4.549271875\1152683266" -childID 3 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a21c24f-bddf-4aa5-8fbc-3deac98543c7} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4200 273faa1d858 tab
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.5.719220534\317654855" -childID 4 -isForBrowser -prefsHandle 4540 -prefMapHandle 4544 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91dabe52-0932-49b3-9e7f-907e0e25d4bc} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4532 273faf76e58 tab
    3⤵
    PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.6.961878520\1976281953" -childID 5 -isForBrowser -prefsHandle 2796 -prefMapHandle 2792 -prefsLen 27003 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e123c97-9334-4bc6-883d-584645d8a81c} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4848 273f8ba7e58 tab
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.7.950211519\81634864" -childID 6 -isForBrowser -prefsHandle 4896 -prefMapHandle 3624 -prefsLen 27003 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25fc29eb-3dc4-4513-8e2d-a7bf155db0ff} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1656 273f8ba6658 tab
    3⤵
    PID:5240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.8.2022213289\1660173117" -childID 7 -isForBrowser -prefsHandle 5536 -prefMapHandle 5544 -prefsLen 27020 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3b3640c-72a6-44bd-af38-dbf2ae525ee3} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 5528 273fc05cb58 tab
    3⤵
    PID:2660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.9.891260437\1821315529" -childID 8 -isForBrowser -prefsHandle 5224 -prefMapHandle 5732 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b68f2f6d-4fdf-4831-9b36-b0d3874eaf41} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 5792 273fc9d4958 tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.10.1980877148\295015610" -childID 9 -isForBrowser -prefsHandle 4576 -prefMapHandle 4572 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42de1785-e922-447b-a237-7388ef4282ba} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4564 273f8aae058 tab
    3⤵
    PID:5364

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:400

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Areena Riverside Resort\" -spe -an -ai#7zMap31165:108:7zEvent2565
1⤵
PID:3056

Network

DNS

drive.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.251.36.46
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
GET

https://drive.google.com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view

IEXPLORE.EXE

Remote address:

142.251.36.46:443

Request

GET /file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view HTTP/2.0
host: drive.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-robots-tag: noindex, nofollow, nosnippet
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Mar 2023 17:11:13 GMT
content-encoding: gzip
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
referrer-policy: origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s; expires=Fri, 01-Sep-2023 17:11:13 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://drive.google.com/viewer2/prod-02/archive?ck=drive&ds=APznzaYbkeFm0NQYVNzzm8pMGL4VwyAdaLm0r_szGUMPnWOxyIFSfPN-_hbD10s6FoRKjj2jyAPYXU6Wn1Rl-K6i6JLQ_pr-D2cIU8CH7iODUZKi_eKpuKcx9jFtbW1pvrJlv4x0D0A64HEGaMr-MmWnBbXsqFAUOYCnHiTMcFGN7Cg-ydsLKZ5VBvYF0ePfrUizS7rsId986cYXGrDEdQoePSjbq7droo2ITduQoRc1BQjkP2Az27qxH-sTZK8sI253v0LqhtP6l3eeV1x82lHODiF_6wE3wNzvNqVUZLvosXJ3W8ZeBufj3JYQU_d0vKmCjS6LecRoPQm5qncf1aX98i2sQNtWMcNoJzn3a-NRPTsfA32cFG2GPvFIfHn9--y60DvSrPha&authuser=0&page=0

IEXPLORE.EXE

Remote address:

142.251.36.46:443

Request

GET /viewer2/prod-02/archive?ck=drive&ds=APznzaYbkeFm0NQYVNzzm8pMGL4VwyAdaLm0r_szGUMPnWOxyIFSfPN-_hbD10s6FoRKjj2jyAPYXU6Wn1Rl-K6i6JLQ_pr-D2cIU8CH7iODUZKi_eKpuKcx9jFtbW1pvrJlv4x0D0A64HEGaMr-MmWnBbXsqFAUOYCnHiTMcFGN7Cg-ydsLKZ5VBvYF0ePfrUizS7rsId986cYXGrDEdQoePSjbq7droo2ITduQoRc1BQjkP2Az27qxH-sTZK8sI253v0LqhtP6l3eeV1x82lHODiF_6wE3wNzvNqVUZLvosXJ3W8ZeBufj3JYQU_d0vKmCjS6LecRoPQm5qncf1aX98i2sQNtWMcNoJzn3a-NRPTsfA32cFG2GPvFIfHn9--y60DvSrPha&authuser=0&page=0 HTTP/2.0
host: drive.google.com
accept: */*
referer: https://drive.google.com/
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Mar 2023 17:11:30 GMT
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin; report-to="AppsViewerFrontendHttp"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AppsViewerFrontendHttp/cspreport
content-security-policy: script-src 'nonce-k3IZU2EMgIyRT8P7yiAgjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AppsViewerFrontendHttp/cspreport;worker-src 'self'
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-embedder-policy-report-only: require-corp; report-to="AppsViewerFrontendHttp"
report-to: {"group":"AppsViewerFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AppsViewerFrontendHttp/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://drive.google.com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/docos/p/sync?resourcekey&id=1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m&reqid=0

IEXPLORE.EXE

Remote address:

142.251.36.46:443

Request

POST /file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/docos/p/sync?resourcekey&id=1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m&reqid=0 HTTP/2.0
host: drive.google.com
accept: */*
x-same-domain: 1
x-build: apps-fileview.texmex_20230223.01_p1
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 77
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
x-robots-tag: noindex, nofollow, nosnippet
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Mar 2023 17:11:31 GMT
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
x-content-type-options: nosniff
content-encoding: gzip
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://drive.google.com/uc?id=1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m&export=download

IEXPLORE.EXE

Remote address:

142.251.36.46:443

Request

GET /uc?id=1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m&export=download HTTP/2.0
host: drive.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 303

content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Mar 2023 17:12:04 GMT
location: https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-GHVhAIknKuNTXjKE7lGgXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
cross-origin-opener-policy: same-origin; report-to="DriveUntrustedContentHttp"
report-to: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://drive.google.com/nonceSigner?nonce=jtli27al4chma&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e%3Ddownload%26uuid%3Db6309654-0213-43d3-aa5b-288093fd54f8&hash=u9e5fnhpg8d3carh07k11ik76093u1se

IEXPLORE.EXE

Remote address:

142.251.36.46:443

Request

GET /nonceSigner?nonce=jtli27al4chma&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e%3Ddownload%26uuid%3Db6309654-0213-43d3-aa5b-288093fd54f8&hash=u9e5fnhpg8d3carh07k11ik76093u1se HTTP/2.0
host: drive.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 302

content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Mar 2023 17:12:05 GMT
location: https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8&nonce=jtli27al4chma&user=00863784649600900689Z&hash=0e30ovklm0k68rbt546imr9ek88kn060
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-ZR8pN2cPw_QfwwLtn4yVCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentSignerHttp/cspreport;worker-src 'self'
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentSignerHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="DriveUntrustedContentSignerHttp"
report-to: {"group":"DriveUntrustedContentSignerHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

46.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.36.251.142.in-addr.arpa

IN PTR

Response

46.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f141e100net
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

14.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.160.190.20.in-addr.arpa

IN PTR

Response
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f101e100net

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f106�I
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

3.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.214.58.216.in-addr.arpa

IN PTR

Response

3.214.58.216.in-addr.arpa

IN PTR

lhr26s05-in-f31e100net

3.214.58.216.in-addr.arpa

IN PTR

ams17s09-in-f3�F

3.214.58.216.in-addr.arpa

IN PTR

�7
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.168.206
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0

IEXPLORE.EXE

Remote address:

172.217.168.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 73008
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Mar 2023 14:27:30 GMT
expires: Thu, 29 Feb 2024 14:27:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 15:19:54 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 96225
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_1

IEXPLORE.EXE

Remote address:

172.217.168.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 38178
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Mar 2023 14:48:56 GMT
expires: Fri, 01 Mar 2024 14:48:56 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 15:19:54 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 8539
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/googleapis.proxy.js?onload=startup

IEXPLORE.EXE

Remote address:

172.217.168.206:443

Request

GET /js/googleapis.proxy.js?onload=startup HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 6895
date: Thu, 02 Mar 2023 17:11:16 GMT
expires: Thu, 02 Mar 2023 17:11:16 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "e5c83d9c24ce0f9e"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

172.217.168.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 25328
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Mar 2023 14:27:32 GMT
expires: Thu, 29 Feb 2024 14:27:32 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 15:19:54 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 96224
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

play.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.206
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 658
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:16 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 2238
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:16 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 4380
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:18 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 2328
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:30 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 1126
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:30 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 781
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:41 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 343
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:41 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 3352
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:12:04 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.250.179.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 1735
cache-control: no-cache
cookie: NID=511=nD8D_zePXMcoLX1BzuXQnJaEoTaZMPTx8qN8rGdMPw0iXwbhrrKkNqg2QGNasxH1rXMm0_ibhpyHB1alQkjaFGNZdGVSY7aGAWDwRN2fIogSKYZAtEJX-Vi28DSjaNGZdZS4Y8qI1dEvutBxez0wqdnk05EQ9JgeqlNLq1zkG_s

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:12:15 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

content.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

content.googleapis.com

IN A

Response

content.googleapis.com

IN A

142.250.179.170

content.googleapis.com

IN A

142.250.179.202

content.googleapis.com

IN A

142.251.36.10

content.googleapis.com

IN A

142.251.39.106

content.googleapis.com

IN A

172.217.168.202

content.googleapis.com

IN A

216.58.208.106

content.googleapis.com

IN A

216.58.214.10

content.googleapis.com

IN A

142.250.179.138

content.googleapis.com

IN A

142.251.36.42

content.googleapis.com

IN A

172.217.168.234
GET

https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__ HTTP/2.0
host: content.googleapis.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-7TDtorccHZJzDES67wKSHw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/apiserving; base-uri 'none'
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apiserving
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apiserving"
report-to: {"group":"apiserving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apiserving"}]}
content-length: 273
date: Thu, 02 Mar 2023 17:11:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Fri, 17 Jul 2020 22:45:00 GMT
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp; report-to="apiserving"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://content.googleapis.com/drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

GET /drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k HTTP/2.0
host: content.googleapis.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
x-origin: https://drive.google.com
x-referer: https://drive.google.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 403

content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:17 GMT
server: ESF
cache-control: private
content-length: 498
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

POST /drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json HTTP/2.0
host: content.googleapis.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
content-type: application/json
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
x-origin: https://drive.google.com
x-referer: https://drive.google.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 945
cache-control: no-cache

Response

HTTP/2.0 403

content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:17 GMT
server: ESF
cache-control: private
content-length: 499
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://content.googleapis.com/drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

GET /drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k HTTP/2.0
host: content.googleapis.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
x-origin: https://drive.google.com
x-referer: https://drive.google.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 403

content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:19 GMT
server: ESF
cache-control: private
content-length: 500
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://content.googleapis.com/drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

GET /drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k HTTP/2.0
host: content.googleapis.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
x-origin: https://drive.google.com
x-referer: https://drive.google.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 403

content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:23 GMT
server: ESF
cache-control: private
content-length: 498
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://content.googleapis.com/drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

GET /drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k HTTP/2.0
host: content.googleapis.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
x-origin: https://drive.google.com
x-referer: https://drive.google.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 403

content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:30 GMT
server: ESF
cache-control: private
content-length: 499
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

POST /drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json HTTP/2.0
host: content.googleapis.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
content-type: application/json
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
x-origin: https://drive.google.com
x-referer: https://drive.google.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 1808
cache-control: no-cache

Response

HTTP/2.0 403

content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:31 GMT
server: ESF
cache-control: private
content-length: 500
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

POST /drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json HTTP/2.0
host: content.googleapis.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
content-type: application/json
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
x-origin: https://drive.google.com
x-referer: https://drive.google.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 553
cache-control: no-cache

Response

HTTP/2.0 204

etag: "vyGp6PvFo4RvsFtPoIWeCReyIC8"
vary: Origin, X-Origin
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Mar 2023 17:11:46 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

POST /drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json HTTP/2.0
host: content.googleapis.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
content-type: application/json
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
x-origin: https://drive.google.com
x-referer: https://drive.google.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 659
cache-control: no-cache

Response

HTTP/2.0 403

content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:12:16 GMT
server: ESF
cache-control: private
content-length: 499
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

206.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.168.217.172.in-addr.arpa

IN PTR

Response

206.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f141e100net
DNS

206.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.179.250.142.in-addr.arpa

IN PTR

Response

206.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f141e100net
DNS

206.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.179.250.142.in-addr.arpa

IN PTR

Response

206.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f141e100net
DNS

blobcomments-pa.clients6.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

blobcomments-pa.clients6.google.com

IN A

Response

blobcomments-pa.clients6.google.com

IN A

216.58.208.106
DNS

blobcomments-pa.clients6.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

blobcomments-pa.clients6.google.com

IN A

Response

blobcomments-pa.clients6.google.com

IN A

142.250.179.170
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.168.195
GET

https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_2_archive_x16.png

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /docs/doclist/images/mediatype/icon_2_archive_x16.png HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 51197
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Mar 2023 09:19:17 GMT
expires: Fri, 01 Mar 2024 09:19:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 18 Jan 2023 18:58:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Origin
age: 28319
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite49.svg

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /docs/common/viewer/v3/v-sprite49.svg HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 209
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Mar 2023 13:23:55 GMT
expires: Thu, 29 Feb 2024 13:23:55 GMT
cache-control: public, max-age=31536000
age: 100041
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=4l8nuzq38os

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /docs/common/cleardot.gif?zx=4l8nuzq38os HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Thu, 02 Mar 2023 17:11:16 GMT
expires: Fri, 01 Mar 2024 17:11:16 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /images/branding/product/1x/drive_2020q4_32dp.png HTTP/2.0
host: ssl.gstatic.com
accept: */*
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 831
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Mar 2023 09:28:14 GMT
expires: Fri, 01 Mar 2024 09:28:14 GMT
cache-control: public, max-age=31536000
age: 27782
last-modified: Fri, 21 Aug 2020 00:15:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_1_folder_x16.png

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /docs/doclist/images/mediatype/icon_1_folder_x16.png HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 105
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Mar 2023 11:42:09 GMT
expires: Fri, 01 Mar 2024 11:42:09 GMT
cache-control: public, max-age=31536000
age: 19762
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=ypce1orb438k

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /docs/common/cleardot.gif?zx=ypce1orb438k HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Thu, 02 Mar 2023 17:11:41 GMT
expires: Fri, 01 Mar 2024 17:11:41 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=jwuzu7axokz

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /docs/common/cleardot.gif?zx=jwuzu7axokz HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Thu, 02 Mar 2023 17:12:12 GMT
expires: Fri, 01 Mar 2024 17:12:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=n2z6ucrorn8q

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /docs/common/cleardot.gif?zx=n2z6ucrorn8q HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Thu, 02 Mar 2023 17:12:48 GMT
expires: Fri, 01 Mar 2024 17:12:48 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=rpvswrx8v9x7

IEXPLORE.EXE

Remote address:

172.217.168.195:443

Request

GET /docs/common/cleardot.gif?zx=rpvswrx8v9x7 HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Thu, 02 Mar 2023 17:13:31 GMT
expires: Fri, 01 Mar 2024 17:13:31 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

170.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.179.250.142.in-addr.arpa

IN PTR

Response

170.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f101e100net
DNS

195.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.168.217.172.in-addr.arpa

IN PTR

Response

195.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f31e100net
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.237.239:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

getpocket.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

getpocket.cdn.mozilla.net

IN A

Response

getpocket.cdn.mozilla.net

IN CNAME

getpocket-cdn.prod.mozaws.net

getpocket-cdn.prod.mozaws.net

IN CNAME

prod.pocket.prod.cloudops.mozgcp.net

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
GET

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

firefox.exe

Remote address:

34.120.5.221:443

Request

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30 HTTP/2.0
host: getpocket.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:524c::
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:524c::
DNS

239.237.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.237.117.34.in-addr.arpa

IN PTR

Response

239.237.117.34.in-addr.arpa

IN PTR

23923711734bcgoogleusercontentcom
DNS

239.237.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.237.117.34.in-addr.arpa

IN PTR

Response

239.237.117.34.in-addr.arpa

IN PTR

23923711734bcgoogleusercontentcom
DNS

221.5.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

221.5.120.34.in-addr.arpa

IN PTR

Response

221.5.120.34.in-addr.arpa

IN PTR

221512034bcgoogleusercontentcom
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

35.241.9.150
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

35.241.9.150
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN AAAA

Response
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN AAAA

Response
DNS

150.9.241.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.9.241.35.in-addr.arpa

IN PTR

Response

150.9.241.35.in-addr.arpa

IN PTR

150924135bcgoogleusercontentcom
DNS

150.9.241.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.9.241.35.in-addr.arpa

IN PTR

Response

150.9.241.35.in-addr.arpa

IN PTR

150924135bcgoogleusercontentcom
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

52.88.29.97

shavar.prod.mozaws.net

IN A

44.225.87.128

shavar.prod.mozaws.net

IN A

34.208.254.89

shavar.prod.mozaws.net

IN A

54.148.183.145

shavar.prod.mozaws.net

IN A

54.68.195.169

shavar.prod.mozaws.net

IN A

34.213.101.154
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

44.225.87.128

shavar.prod.mozaws.net

IN A

54.68.195.169

shavar.prod.mozaws.net

IN A

52.88.29.97

shavar.prod.mozaws.net

IN A

54.148.183.145

shavar.prod.mozaws.net

IN A

34.213.101.154

shavar.prod.mozaws.net

IN A

34.208.254.89
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

54.148.183.145

shavar.prod.mozaws.net

IN A

44.225.87.128

shavar.prod.mozaws.net

IN A

34.213.101.154

shavar.prod.mozaws.net

IN A

34.208.254.89

shavar.prod.mozaws.net

IN A

54.68.195.169

shavar.prod.mozaws.net

IN A

52.88.29.97
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

97.29.88.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.29.88.52.in-addr.arpa

IN PTR

Response

97.29.88.52.in-addr.arpa

IN PTR

ec2-52-88-29-97 us-west-2compute amazonawscom
DNS

97.29.88.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.29.88.52.in-addr.arpa

IN PTR

Response

97.29.88.52.in-addr.arpa

IN PTR

ec2-52-88-29-97 us-west-2compute amazonawscom
DNS

peoplestackwebexperiments-pa.clients6.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

peoplestackwebexperiments-pa.clients6.google.com

IN A

Response

peoplestackwebexperiments-pa.clients6.google.com

IN A

142.250.179.170
OPTIONS

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
origin: https://drive.google.com
access-control-request-method: POST
access-control-request-headers: x-goog-api-key, content-type, x-user-agent
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: x-goog-api-key, content-type, x-user-agent
access-control-max-age: 3600
date: Thu, 02 Mar 2023 17:11:31 GMT
content-type: text/html
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
origin: https://drive.google.com
access-control-request-method: POST
access-control-request-headers: x-goog-api-key, content-type, x-user-agent
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

access-control-allow-origin: https://drive.google.com
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: x-goog-api-key, content-type, x-user-agent
access-control-max-age: 3600
date: Thu, 02 Mar 2023 17:11:31 GMT
content-type: text/html
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

POST /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
x-goog-api-key: AIzaSyABqJ85_R2irnKzMtGBL0iHuyFBi6Efk1w
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 39
cache-control: no-cache

Response

HTTP/2.0 401

www-authenticate: Bearer realm="https://accounts.google.com/"
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
content-type: application/json+protobuf; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:31 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 273
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://drive.google.com
access-control-allow-credentials: true
access-control-expose-headers: www-authenticate,vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

IEXPLORE.EXE

Remote address:

142.250.179.170:443

Request

POST /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
x-goog-api-key: AIzaSyABqJ85_R2irnKzMtGBL0iHuyFBi6Efk1w
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
referer: https://drive.google.com/
accept-language: en-US
origin: https://drive.google.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 39
cache-control: no-cache

Response

HTTP/2.0 401

www-authenticate: Bearer realm="https://accounts.google.com/"
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
content-type: application/json+protobuf; charset=UTF-8
content-encoding: gzip
date: Thu, 02 Mar 2023 17:11:31 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 274
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://drive.google.com
access-control-allow-credentials: true
access-control-expose-headers: www-authenticate,vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

123.108.74.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.108.74.40.in-addr.arpa

IN PTR

Response
DNS

123.108.74.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.108.74.40.in-addr.arpa

IN PTR

Response
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

52.40.49.56

autopush.prod.mozaws.net

IN A

44.235.159.98

autopush.prod.mozaws.net

IN A

35.162.98.11

autopush.prod.mozaws.net

IN A

54.212.170.166

autopush.prod.mozaws.net

IN A

35.164.47.95

autopush.prod.mozaws.net

IN A

44.236.143.193

autopush.prod.mozaws.net

IN A

35.83.200.106

autopush.prod.mozaws.net

IN A

52.25.78.204
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

52.40.48.115

autopush.prod.mozaws.net

IN A

52.40.16.19

autopush.prod.mozaws.net

IN A

54.187.66.119

autopush.prod.mozaws.net

IN A

35.83.22.170

autopush.prod.mozaws.net

IN A

44.236.143.193

autopush.prod.mozaws.net

IN A

52.39.176.227

autopush.prod.mozaws.net

IN A

54.214.111.16

autopush.prod.mozaws.net

IN A

35.84.57.165
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

191.144.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.144.160.34.in-addr.arpa

IN PTR

Response

191.144.160.34.in-addr.arpa

IN PTR

19114416034bcgoogleusercontentcom
DNS

191.144.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.144.160.34.in-addr.arpa

IN PTR

Response

191.144.160.34.in-addr.arpa

IN PTR

19114416034bcgoogleusercontentcom
DNS

56.49.40.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.49.40.52.in-addr.arpa

IN PTR

Response

56.49.40.52.in-addr.arpa

IN PTR

ec2-52-40-49-56 us-west-2compute amazonawscom
DNS

56.49.40.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.49.40.52.in-addr.arpa

IN PTR

Response

56.49.40.52.in-addr.arpa

IN PTR

ec2-52-40-49-56 us-west-2compute amazonawscom
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

203.151.224.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.151.224.20.in-addr.arpa

IN PTR

Response
DNS

doc-08-0k-docs.googleusercontent.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

doc-08-0k-docs.googleusercontent.com

IN A

Response

doc-08-0k-docs.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.179.193
GET

https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8

IEXPLORE.EXE

Remote address:

142.250.179.193:443

Request

GET /docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8 HTTP/2.0
host: doc-08-0k-docs.googleusercontent.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

x-guploader-uploadid: ADPycduGwJNLNwwChYbMhqx9qmVruM8yDFM5fdDDB3fW5MQl2NihJehWUV8pt5nK8cGNufQE0RZ6TRqkI4MrLZsPgqV4qE6w6BjC
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token
access-control-allow-methods: GET,HEAD,OPTIONS
location: https://drive.google.com/nonceSigner?nonce=jtli27al4chma&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e%3Ddownload%26uuid%3Db6309654-0213-43d3-aa5b-288093fd54f8&hash=u9e5fnhpg8d3carh07k11ik76093u1se
date: Thu, 02 Mar 2023 17:12:05 GMT
expires: Thu, 02 Mar 2023 17:12:05 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
set-cookie: AUTH_1553n0rjhrlhkg2tibjjq3rl87j8r4hv_nonce=jtli27al4chma; Domain=doc-08-0k-docs.googleusercontent.com; Expires=Thu, 02-Mar-2023 17:22:05 GMT; Path=/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84; Secure; HttpOnly; SameSite=none
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8&nonce=jtli27al4chma&user=00863784649600900689Z&hash=0e30ovklm0k68rbt546imr9ek88kn060

IEXPLORE.EXE

Remote address:

142.250.179.193:443

Request

GET /docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8&nonce=jtli27al4chma&user=00863784649600900689Z&hash=0e30ovklm0k68rbt546imr9ek88kn060 HTTP/2.0
host: doc-08-0k-docs.googleusercontent.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: AUTH_1553n0rjhrlhkg2tibjjq3rl87j8r4hv_nonce=jtli27al4chma

Response

HTTP/2.0 200

x-guploader-uploadid: ADPycdu4frvUe9FFH4zxO92x7y-ii4tmxdIPVJ3VaXsDcK87UyOcZ-Zkpx2oTCfpjtj9Z3tGPFKUI6qO9L69CTGz25puksWNdwkG
content-type: application/rar
content-disposition: attachment; filename="Areena Riverside Resort.rar"; filename*=UTF-8''Areena%20Riverside%20Resort.rar
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token
access-control-allow-methods: GET,HEAD,OPTIONS
content-length: 4680304
date: Thu, 02 Mar 2023 17:12:05 GMT
expires: Thu, 02 Mar 2023 17:12:05 GMT
cache-control: private, max-age=0
x-goog-hash: crc32c=UcQe7A==
server: UploadServer
set-cookie: AUTH_1553n0rjhrlhkg2tibjjq3rl87j8r4hv=00863784649600900689Z|1677777075000|v55d29cbdkuna0ebg24k4ji91jnm6e55; Domain=.googleusercontent.com; Expires=Thu, 02-Mar-2023 17:17:05 GMT; Path=/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84; Secure; HttpOnly; SameSite=none
set-cookie: AUTH_1553n0rjhrlhkg2tibjjq3rl87j8r4hv_nonce=; Domain=doc-08-0k-docs.googleusercontent.com; Expires=Fri, 05-Jun-2020 17:12:05 GMT; Path=/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

193.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.179.250.142.in-addr.arpa

IN PTR

Response

193.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f11e100net
DNS

100.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.39.251.142.in-addr.arpa

IN PTR

Response

100.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f41e100net
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

35.241.9.150
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

35.241.9.150
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

35.241.9.150
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN AAAA

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

www.virustotal.com

Remote address:

8.8.8.8:53

Request

www.virustotal.com

IN A

Response

www.virustotal.com

IN CNAME

ghs-svc-https-c46.ghs-ssl.googlehosted.com

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN A

74.125.34.46
DNS

www.virustotal.com

Remote address:

8.8.8.8:53

Request

www.virustotal.com

IN A

Response

www.virustotal.com

IN CNAME

ghs-svc-https-c46.ghs-ssl.googlehosted.com

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN A

74.125.34.46
DNS

ghs-svc-https-c46.ghs-ssl.googlehosted.com

Remote address:

8.8.8.8:53

Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN A

Response

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN A

74.125.34.46
DNS

ghs-svc-https-c46.ghs-ssl.googlehosted.com

Remote address:

8.8.8.8:53

Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN A

Response

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN A

74.125.34.46
DNS

ghs-svc-https-c46.ghs-ssl.googlehosted.com

Remote address:

8.8.8.8:53

Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN AAAA

Response
DNS

ghs-svc-https-c46.ghs-ssl.googlehosted.com

Remote address:

8.8.8.8:53

Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN AAAA

Response
DNS

46.34.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.34.125.74.in-addr.arpa

IN PTR

Response

46.34.125.74.in-addr.arpa

IN PTR

ghs-vip-any-c46ghs-sslgooglehostedcom
DNS

46.34.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.34.125.74.in-addr.arpa

IN PTR

Response

46.34.125.74.in-addr.arpa

IN PTR

ghs-vip-any-c46ghs-sslgooglehostedcom
DNS

www.recaptcha.net

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN A

Response

www.recaptcha.net

IN A

172.217.168.227
DNS

www.recaptcha.net

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN A

Response

www.recaptcha.net

IN A

172.217.168.227
DNS

www.recaptcha.net

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN A

Response

www.recaptcha.net

IN A

172.217.168.227
DNS

www.recaptcha.net

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN A

Response

www.recaptcha.net

IN A

172.217.168.227
DNS

www.recaptcha.net

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN AAAA

Response

www.recaptcha.net

IN AAAA

2a00:1450:400e:80d::2003
DNS

www.recaptcha.net

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN AAAA

Response

www.recaptcha.net

IN AAAA

2a00:1450:400e:80d::2003
DNS

227.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.168.217.172.in-addr.arpa

IN PTR

Response

227.168.217.172.in-addr.arpa

IN PTR

ams15s40-in-f31e100net
DNS

110.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.39.251.142.in-addr.arpa

IN PTR

Response

110.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f141e100net
DNS

ghs-svc-https-c46.ghs-ssl.googlehosted.com

Remote address:

8.8.8.8:53

Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN AAAA

Response
DNS

ghs-svc-https-c46.ghs-ssl.googlehosted.com

Remote address:

8.8.8.8:53

Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN AAAA

Response
DNS

199.176.139.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

199.176.139.52.in-addr.arpa

IN PTR

Response
DNS

202.74.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.74.101.95.in-addr.arpa

IN PTR

Response

202.74.101.95.in-addr.arpa

IN PTR

a95-101-74-202deploystaticakamaitechnologiescom

142.251.36.46:443

https://drive.google.com/nonceSigner?nonce=jtli27al4chma&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e%3Ddownload%26uuid%3Db6309654-0213-43d3-aa5b-288093fd54f8&hash=u9e5fnhpg8d3carh07k11ik76093u1se

tls, http2

IEXPLORE.EXE

4.6kB
38.6kB
55
63

HTTP Request

GET https://drive.google.com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view

HTTP Response

200

HTTP Request

GET https://drive.google.com/viewer2/prod-02/archive?ck=drive&ds=APznzaYbkeFm0NQYVNzzm8pMGL4VwyAdaLm0r_szGUMPnWOxyIFSfPN-_hbD10s6FoRKjj2jyAPYXU6Wn1Rl-K6i6JLQ_pr-D2cIU8CH7iODUZKi_eKpuKcx9jFtbW1pvrJlv4x0D0A64HEGaMr-MmWnBbXsqFAUOYCnHiTMcFGN7Cg-ydsLKZ5VBvYF0ePfrUizS7rsId986cYXGrDEdQoePSjbq7droo2ITduQoRc1BQjkP2Az27qxH-sTZK8sI253v0LqhtP6l3eeV1x82lHODiF_6wE3wNzvNqVUZLvosXJ3W8ZeBufj3JYQU_d0vKmCjS6LecRoPQm5qncf1aX98i2sQNtWMcNoJzn3a-NRPTsfA32cFG2GPvFIfHn9--y60DvSrPha&authuser=0&page=0

HTTP Response

200

HTTP Request

POST https://drive.google.com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/docos/p/sync?resourcekey&id=1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m&reqid=0

HTTP Response

200

HTTP Request

GET https://drive.google.com/uc?id=1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m&export=download

HTTP Response

303

HTTP Request

GET https://drive.google.com/nonceSigner?nonce=jtli27al4chma&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e%3Ddownload%26uuid%3Db6309654-0213-43d3-aa5b-288093fd54f8&hash=u9e5fnhpg8d3carh07k11ik76093u1se

HTTP Response

302
142.251.36.46:443

drive.google.com

tls, http2

IEXPLORE.EXE

1.1kB
7.6kB
16
12
172.217.168.206:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0?le=scs

tls, http2

IEXPLORE.EXE

7.7kB
158.3kB
136
130

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_1

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://apis.google.com/js/googleapis.proxy.js?onload=startup

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yHsE3XoyXLE.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw/cb=gapi.loaded_0?le=scs

HTTP Response

200
172.217.168.206:443

apis.google.com

tls, http2

IEXPLORE.EXE

1.1kB
5.1kB
15
11
142.250.179.206:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

IEXPLORE.EXE

24.3kB
16.0kB
70
82

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200
142.250.179.170:443

content.googleapis.com

tls, http2

IEXPLORE.EXE

1.1kB
5.5kB
15
11
142.250.179.170:443

https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

tls, http2

IEXPLORE.EXE

11.6kB
16.1kB
60
70

HTTP Request

GET https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.yHsE3XoyXLE.O%2Fd%3D1%2Frs%3DAHpOoo8LDClD0V3IE-5SJcudVO91TD73Qw%2Fm%3D__features__

HTTP Response

200

HTTP Request

GET https://content.googleapis.com/drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

HTTP Request

POST https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

HTTP Response

403

HTTP Response

403

HTTP Request

GET https://content.googleapis.com/drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

HTTP Response

403

HTTP Request

GET https://content.googleapis.com/drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

HTTP Response

403

HTTP Request

GET https://content.googleapis.com/drive/v2beta/files/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanEdit%2CcanDownload%2CcanComment%2CcanMoveChildrenWithinDrive%2CcanRename%2CcanRemoveChildren%2CcanMoveItemIntoTeamDrive)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

HTTP Response

403

HTTP Request

POST https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

HTTP Response

403

HTTP Request

POST https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

HTTP Response

204

HTTP Request

POST https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json

HTTP Response

403
172.217.168.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=rpvswrx8v9x7

tls, http2

IEXPLORE.EXE

5.1kB
63.8kB
78
79

HTTP Request

GET https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_2_archive_x16.png

HTTP Request

GET https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite49.svg

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=4l8nuzq38os

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_1_folder_x16.png

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=ypce1orb438k

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=jwuzu7axokz

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=n2z6ucrorn8q

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=rpvswrx8v9x7

HTTP Response

200
172.217.168.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
5.1kB
15
11
172.217.168.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
5.1kB
15
11
127.0.0.1:49842

firefox.exe
127.0.0.1:50098

firefox.exe
34.117.237.239:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.8kB
7.5kB
16
18

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
34.120.5.221:443

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

tls, http2

firefox.exe

2.0kB
48.1kB
19
44

HTTP Request

GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30
35.241.9.150:443

firefox.settings.services.mozilla.com

tls

firefox.exe

2.7kB
11.2kB
24
35
52.88.29.97:443

shavar.services.mozilla.com

tls

firefox.exe

2.2kB
4.1kB
10
9
142.250.179.170:443

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

tls, http2

IEXPLORE.EXE

2.4kB
13.7kB
23
30

HTTP Request

OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

HTTP Request

OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

HTTP Request

POST https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

HTTP Response

401

HTTP Response

401
142.250.179.170:443

peoplestackwebexperiments-pa.clients6.google.com

tls, http2

IEXPLORE.EXE

939 B
10.8kB
11
15
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

2.0kB
6.0kB
17
20
52.40.49.56:443

push.services.mozilla.com

tls

firefox.exe

1.8kB
3.8kB
10
10
20.189.173.11:443

322 B
7
35.241.9.150:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.2kB
5.6kB
10
9
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
204.79.197.203:80

api.msn.com

322 B
7
142.250.179.193:443

https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8&nonce=jtli27al4chma&user=00863784649600900689Z&hash=0e30ovklm0k68rbt546imr9ek88kn060

tls, http2

IEXPLORE.EXE

27.5kB
4.9MB
497
3496

HTTP Request

GET https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8

HTTP Response

302

HTTP Request

GET https://doc-08-0k-docs.googleusercontent.com/docs/securesc/246nn2930pu1cdg5d19fkdfll2iqov84/cclmd6qtte8o34c91c0i116j7p14cfod/1677777075000/13135333154655794309/00863784649600900689Z/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m?e=download&uuid=b6309654-0213-43d3-aa5b-288093fd54f8&nonce=jtli27al4chma&user=00863784649600900689Z&hash=0e30ovklm0k68rbt546imr9ek88kn060

HTTP Response

200
142.250.179.193:443

doc-08-0k-docs.googleusercontent.com

tls, http2

IEXPLORE.EXE

835 B
8.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

932 B
8.1kB
10
14
204.79.197.200:443

ieonline.microsoft.com

tls

1.3kB
28.6kB
13
35
74.125.34.46:443

www.virustotal.com

tls

4.9MB
2.3MB
4019
4180
172.217.168.227:443

www.recaptcha.net

tls

1.8kB
13.8kB
15
21

8.8.8.8:53

drive.google.com

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

142.251.36.46
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

46.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

46.36.251.142.in-addr.arpa
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

14.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.160.190.20.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

3.214.58.216.in-addr.arpa

dns

71 B
152 B
1
1

DNS Request

3.214.58.216.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

172.217.168.206
8.8.8.8:53

play.google.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.206
8.8.8.8:53

content.googleapis.com

dns

IEXPLORE.EXE

68 B
228 B
1
1

DNS Request

content.googleapis.com

DNS Response

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106

172.217.168.202

216.58.208.106

216.58.214.10

142.250.179.138

142.251.36.42

172.217.168.234
8.8.8.8:53

206.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.168.217.172.in-addr.arpa
8.8.8.8:53

206.179.250.142.in-addr.arpa

dns

148 B
226 B
2
2

DNS Request

206.179.250.142.in-addr.arpa

DNS Request

206.179.250.142.in-addr.arpa
8.8.8.8:53

blobcomments-pa.clients6.google.com

dns

IEXPLORE.EXE

162 B
194 B
2
2

DNS Request

blobcomments-pa.clients6.google.com

DNS Response

216.58.208.106

DNS Request

blobcomments-pa.clients6.google.com

DNS Response

142.250.179.170
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.168.195
8.8.8.8:53

170.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

170.179.250.142.in-addr.arpa
8.8.8.8:53

195.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.168.217.172.in-addr.arpa
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

148 B
180 B
2
2

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

getpocket.cdn.mozilla.net

dns

firefox.exe

71 B
174 B
1
1

DNS Request

getpocket.cdn.mozilla.net

DNS Response

34.120.5.221
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.120.5.221
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

164 B
220 B
2
2

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:524c::

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:524c::
8.8.8.8:53

239.237.117.34.in-addr.arpa

dns

146 B
252 B
2
2

DNS Request

239.237.117.34.in-addr.arpa

DNS Request

239.237.117.34.in-addr.arpa
8.8.8.8:53

221.5.120.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

221.5.120.34.in-addr.arpa
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

35.241.9.150
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

35.241.9.150
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

166 B
334 B
2
2

DNS Request

firefox.settings.services.mozilla.com

DNS Request

firefox.settings.services.mozilla.com
8.8.8.8:53

150.9.241.35.in-addr.arpa

dns

142 B
244 B
2
2

DNS Request

150.9.241.35.in-addr.arpa

DNS Request

150.9.241.35.in-addr.arpa
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

146 B
410 B
2
2

DNS Request

shavar.services.mozilla.com

DNS Response

52.88.29.97

44.225.87.128

34.208.254.89

54.148.183.145

54.68.195.169

34.213.101.154

DNS Request

shavar.services.mozilla.com

DNS Response

44.225.87.128

54.68.195.169

52.88.29.97

54.148.183.145

34.213.101.154

34.208.254.89
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
164 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

54.148.183.145

44.225.87.128

34.213.101.154

34.208.254.89

54.68.195.169

52.88.29.97
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

136 B
306 B
2
2

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

97.29.88.52.in-addr.arpa

dns

140 B
262 B
2
2

DNS Request

97.29.88.52.in-addr.arpa

DNS Request

97.29.88.52.in-addr.arpa
8.8.8.8:53

peoplestackwebexperiments-pa.clients6.google.com

dns

IEXPLORE.EXE

94 B
110 B
1
1

DNS Request

peoplestackwebexperiments-pa.clients6.google.com

DNS Response

142.250.179.170
8.8.8.8:53

123.108.74.40.in-addr.arpa

dns

144 B
292 B
2
2

DNS Request

123.108.74.40.in-addr.arpa

DNS Request

123.108.74.40.in-addr.arpa
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
237 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

52.40.49.56

44.235.159.98

35.162.98.11

54.212.170.166

35.164.47.95

44.236.143.193

35.83.200.106

52.25.78.204
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
198 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

52.40.48.115

52.40.16.19

54.187.66.119

35.83.22.170

44.236.143.193

52.39.176.227

54.214.111.16

35.84.57.165
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

140 B
310 B
2
2

DNS Request

autopush.prod.mozaws.net

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

191.144.160.34.in-addr.arpa

dns

146 B
252 B
2
2

DNS Request

191.144.160.34.in-addr.arpa

DNS Request

191.144.160.34.in-addr.arpa
8.8.8.8:53

56.49.40.52.in-addr.arpa

dns

140 B
262 B
2
2

DNS Request

56.49.40.52.in-addr.arpa

DNS Request

56.49.40.52.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

146 B
288 B
2
2

DNS Request

161.19.199.152.in-addr.arpa

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

203.151.224.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

203.151.224.20.in-addr.arpa
8.8.8.8:53

doc-08-0k-docs.googleusercontent.com

dns

IEXPLORE.EXE

82 B
127 B
1
1

DNS Request

doc-08-0k-docs.googleusercontent.com

DNS Response

142.250.179.193
8.8.8.8:53

193.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

193.179.250.142.in-addr.arpa
8.8.8.8:53

100.39.251.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

100.39.251.142.in-addr.arpa
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

166 B
198 B
2
2

DNS Request

firefox.settings.services.mozilla.com

DNS Response

35.241.9.150

DNS Request

firefox.settings.services.mozilla.com

DNS Response

35.241.9.150
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

35.241.9.150
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
167 B
1
1

DNS Request

firefox.settings.services.mozilla.com
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

146 B
212 B
2
2

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

www.virustotal.com

dns

128 B
266 B
2
2

DNS Request

www.virustotal.com

DNS Response

74.125.34.46

DNS Request

www.virustotal.com

DNS Response

74.125.34.46
8.8.8.8:53

ghs-svc-https-c46.ghs-ssl.googlehosted.com

dns

176 B
208 B
2
2

DNS Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

DNS Response

74.125.34.46

DNS Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

DNS Response

74.125.34.46
8.8.8.8:53

ghs-svc-https-c46.ghs-ssl.googlehosted.com

dns

176 B
290 B
2
2

DNS Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com

DNS Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com
8.8.8.8:53

46.34.125.74.in-addr.arpa

dns

142 B
250 B
2
2

DNS Request

46.34.125.74.in-addr.arpa

DNS Request

46.34.125.74.in-addr.arpa
8.8.8.8:53

www.recaptcha.net

dns

126 B
158 B
2
2

DNS Request

www.recaptcha.net

DNS Response

172.217.168.227

DNS Request

www.recaptcha.net

DNS Response

172.217.168.227
8.8.8.8:53

www.recaptcha.net

dns

126 B
158 B
2
2

DNS Request

www.recaptcha.net

DNS Response

172.217.168.227

DNS Request

www.recaptcha.net

DNS Response

172.217.168.227
8.8.8.8:53

www.recaptcha.net

dns

126 B
182 B
2
2

DNS Request

www.recaptcha.net

DNS Response

2a00:1450:400e:80d::2003

DNS Request

www.recaptcha.net

DNS Response

2a00:1450:400e:80d::2003
172.217.168.227:443

www.recaptcha.net

https

1.9kB
14.0kB
6
13
8.8.8.8:53

227.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.168.217.172.in-addr.arpa
8.8.8.8:53

110.39.251.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

110.39.251.142.in-addr.arpa
8.8.8.8:53

ghs-svc-https-c46.ghs-ssl.googlehosted.com

dns

88 B
145 B
1
1

DNS Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com
8.8.8.8:53

ghs-svc-https-c46.ghs-ssl.googlehosted.com

dns

88 B
145 B
1
1

DNS Request

ghs-svc-https-c46.ghs-ssl.googlehosted.com
8.8.8.8:53

199.176.139.52.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

199.176.139.52.in-addr.arpa
8.8.8.8:53

202.74.101.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

202.74.101.95.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE44A.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat

Filesize
1021B

MD5
a7b81332adda1bcad648f81afa122c27

SHA1
e8607daff6cf1d390c9c3589eab4f371118fa78b

SHA256
7ef1edc73e2d48a25aa18dba1a295055aa58bb752a76b43033a49c48aa2848ea

SHA512
17b4ffc4b2925333d031155dc058243dfa0e3fd2b2374e1e78285e9aca36495424edacc09bff7755891ea318ab34be939d20009e41011b97f3feadb9343a36cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\cleardot[2].gif

Filesize
43B

MD5
fc94fb0c3ed8a8f909dbc7630a0987ff

SHA1
56d45f8a17f5078a20af9962c992ca4678450765

SHA256
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

SHA512
c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\Areena%20Riverside%20Resort[1].rar

Filesize
4.5MB

MD5
8754ea8695bc5db00924af50b9306e2b

SHA1
e5cf4c79e1378d09b68c767bf06b173b44df1134

SHA256
fcb7a445c40ba527b888301826881c447ba9cce7360f282db8327fba558a451b

SHA512
a77b4463571d5973edad0700375364fd57326fa145928d77ef105fda77d11dd3209e691bf36ed0a1ec4f3d00350e74dc63427b4903672d2dec46deb90025a81b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\cb=gapi[1].js

Filesize
70KB

MD5
7c5be8bd74fa69afcbf7d14bfa057a19

SHA1
167cced15add6eaada7a1e677bde55208a1608d2

SHA256
1cc44005ab735a11fccc1f38e4a6937a355a50ae0c7ab1e9bae9d9f7ca726c05

SHA512
e979100027ad447422fbd9a707cb5072ef7fe523bf00159a0f48d6ad0b12a838591bdaf2cd64f3a25aab1d1afb288bf4908033ac64d67336b8e1867c9401dd13

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
140KB

MD5
5360105a932fcbaedc76b6fcd4c408fe

SHA1
36aa981c2a6145d6bee4d1ec200f8b093f432ba2

SHA256
981d531a6cb250122093bde053cbb2bbb6ce35ecee63cf531fc836901437e9e4

SHA512
a1781fcf9358fe73318020da511df5b84cea9e36e17c5493fd6548346f65b69d0af092a97ddc206cbe2e1fb8da1105f8a4eee7314b86b02e66ab4087310b978a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11857

Filesize
9KB

MD5
7454dcbcd54f2153bd15d8b8cbda5f35

SHA1
54231c2c9702c96ad13daba5458d54e74c186d84

SHA256
edc3c37807dcae1c2e967e64959bb75267e346bf7f36439fdc7b526ceda8ec53

SHA512
23a490ed1db5854a3fd939092774b908d0fe2e1a761463d371dd5d98374a231361c02c89f4d70d29cfa020a3fda8b8526a920a8e6045a5575f9a7804031443a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15435

Filesize
10KB

MD5
9147fd845e8cfd6f37d4e1de35807fbf

SHA1
f40b72d5760a9fee4fdeee1926f74f13eeb6a9d7

SHA256
c2fcaa240929f2beba91b2ccd12cfc501671f62b745981470f240c84e93f3ef3

SHA512
e03f2bd39a185d6d6530f6ba03955f329d18dc383b86fbeb9751d5640b830ffbd8282bc569d1c16cbec7461b1325c6bceac39501d3d38ac770f0e51c569f0a70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16508

Filesize
8KB

MD5
b81c76cdbec83651a154f4ad90e17df6

SHA1
dab633d243dfeb8020318c993078020f0fade71b

SHA256
45dc44938d74bf811a947b13be5b99c97c0648cc1302ad2f5afa371dee67bb4c

SHA512
3eac6d51d8198805e5ef74a6fec8a8caaa00481a1c0f2bc207d09b7526c7dd03a15693c702a56e8868354c7f8dd25b0d5820a23539bb20d3d186763376200d06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\17319

Filesize
9KB

MD5
c74d17ea27a065c7c64cf3b4873aaadd

SHA1
f086af4003305a95d0609f1f8db25823363c8985

SHA256
946b770925a8273dc9bcb93b96834c05796f7783ff096fd86e2a6d21bcb8dcae

SHA512
4a706d23308ef8355cc134313e0489caf49e33ea9f851080a857f7e6ceed8c8dc989f082d350e55e750309a1cc7aee55e53415e07ed5e46d5d084747ba31579b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\21783

Filesize
9KB

MD5
ea51794c43a87c65b0afcfe83f22634b

SHA1
80e44a9ed40897d5f2c88f9c58cbdc8d095ac672

SHA256
68108042c6787ec8a01888eb26b2bc22c9d4de6996c2f43897586c540750c4fd

SHA512
8dd1630b185e89f0c74dd108a91437211681a1baf4e7a1ca976491f6796b91e5a48783b8d2a9fec160e334e620ff7763b3d5c9b6c4995f0906b0dd300283f0ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24756

Filesize
9KB

MD5
39a5fe53ecec08cfdf661068896da1be

SHA1
1914db75ca835501b4b50507cc3dac5b39a96c94

SHA256
5c98807bd9e5542e673f0b1fc480ad6ed3e3d3bc09b591a945d9813862d4b9f1

SHA512
e48ed075b16076ab1ed774e2fc7f1dfb82a581b4aa5c27ad4c7cfc47e1ead0e5550ab97494f10736eac45a3957f515d832d1d78fb4c913edfa8ef73e02243c0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26238

Filesize
10KB

MD5
293a39647a63889b432e085b0c651ab5

SHA1
8b3d24e9a8f3d65ce3efdb5fba94d09c00aef8b4

SHA256
878ee02f78ccbfb5f5ccf3db52e538ab0c7cba3431687192ee37988d843920c8

SHA512
e73ed3f5d0d5c0e9e64bf3d5fcea7f189f37990775bac8e125bd8b485ed4137147f57305d2beadde382b0b2ac0a5dfc148211be92464da2c092918df16b19e5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26471

Filesize
9KB

MD5
0c57ec574f94a32e7c26ce48ec34a052

SHA1
5a2a7f28c9bc7d40be462e874415219b513a1a8a

SHA256
cbff7b6116e439de0a622cf51ac1281cb99e9510fe2bec4b87b6ccc187dbb9b4

SHA512
c4f945d8b809930c2d3ad40ddb976e4b01daedd088e5ef1ce22b9b6fc9afaed96dca3003beffe4dcf8f0546d48f4c2dce4d878a190321d09c878934abe5f4567

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\31596

Filesize
9KB

MD5
49f1ef27afe74bd96c512f70df08a70d

SHA1
140b2a032e69421af25f1d28c1220bab98987e14

SHA256
9efb87f969c5d2d1b2b8098b276f66f1315f5d71647742d9abe21219939f773b

SHA512
2cfb964809dc1c3160431e540fedd9dd802c921820dea2080989178286b044f7cff60e3a51e880fe55d7c24e7c1abacca795af1d3894e34923c176c0328a0cf9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\42

Filesize
9KB

MD5
a41c7dfec526a3692ced7a3139b76c10

SHA1
e721375c24e6356ce46bdbd19da2db84fba9b13f

SHA256
4826b0c5d3a90e10e7f00e203a377f411987e82260d811000f776610a1c74fa3

SHA512
abdf04f274a9f262f43ae1df35c29686fccf31f9bd3f06ae6517efb5a44722c4491848ed0aa9e6bfa7dbee54044ffa83e670fc535a13ba2c72133a39053bf2c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\4498

Filesize
9KB

MD5
f29427721c1601d0c260a17a0248bb61

SHA1
3f955456700923da6797ae4dd61f73d7ed346ffb

SHA256
c2b3c68cd4ad8d4cd61debf268acdfed8af799ea6c64c1e52af0041e876e8bbb

SHA512
493610838a9ec948ae86ba99a279e567201c6fc98840649cbb10176b4ead685b84e0db97ea03d7dfa550852589f980a580192820401ae4be00a4f4d71d0e506b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7153

Filesize
9KB

MD5
f4abe15ccdf13c5761858311eb838eee

SHA1
3465fbf4f5398ea0323ec1698cce69edd9d4c694

SHA256
6ca9f04e55690a796ecb63c1a6b0c2e31c50f53f1c53f6a7fe12a5ea5391c9cc

SHA512
6ae4d069ac569ded2c5bc75029393e50ac64980511fdfd762ef8e5af75fa09a200bccadf6e10607e7602a699eaf2b8e8c2288e7e52a709d9e2c3cfac5f0bf947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
a8f6c39726b0c30110e1cd8d60f6c335

SHA1
024ce5b84a90a6fd2c1826f6826318d341bf3035

SHA256
29424193b8654507b6864940e4d06f61d66134b8c1bdb0a215b0df13245db25f

SHA512
77c39ef6e7a3472a65cf3b64f245f08cc6c327754d4d5f13c082dd99fd64e2415d7dfc1b1856bb748ca95096cf8d7a1c58a24a228c1b4b0f122517ad91f7fe7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
d81dfb3936802368f7fb17dca9e28cf1

SHA1
4f1fac0e7a8bfa8d34f6460821bbca154b525ff7

SHA256
52f3349279c7579005e8ce3b3615b11c908efcb9a05915b1c074a47d7a8ebe73

SHA512
c5af59d0da51cf48334ae8b52bf3801898243d40c21060991f902b9c8b0a66dc36104f80233e62f6c316be1c8a475a52db3348c48463bed40e01c15c98500ffe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
dd350de10c834fb08a6b553f8bbd7493

SHA1
f4fc26aecc94adccc44d2ddafdfef375b6ffe6da

SHA256
7dd6e1366ecff5fe53322db0b0f0862aa8e5c786b530c748f8039a39648d7359

SHA512
383a93d5934a8c2a587e7c3da921c6a4a9d639ede68c145c3df4024edd3e746143fa0a3b81db1d27b1a037bc49211f05a07e5e443c74efad505d367dfa31e045

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
b2d45b8600db0616eb3f8ae5a350af0e

SHA1
7359b9c503e52d7cc3d5bda7007d6388cd2c2f56

SHA256
a0d75c2f8ef09f7dd58fe081e2850630ed03178799ced515c3d47e759572d7a4

SHA512
20c46e9287ab5c9d072e903442d927e204d850eac3cc6a75c17cc372d3f0fd570dbf0c24d29ac16a3cfd7ce0eb971d1f403356a963ddb9ebc904d8a28c8f7746

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
1ff52eec19b93f43dd5df32d47c1128e

SHA1
76d9d4e9f2e46d9672e65ba5489a07cc9bfbc4a9

SHA256
43d11aac0db1e644373fefccaa653dd7d002922988a40c260c0810bc9913a461

SHA512
c50633c3d12e21828e1365e38ee5540b5a6c2357584a7143981035d3010cf25d89f5e487f394053b5d36c362fad9bdf089ad9a1363aef780c23610cfeba52bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2e5b8546fa750de6a9b11ea4c26fa6c8

SHA1
a1405be830344b352e600287ca94a5236bc8d8b2

SHA256
1dfc71b27114930bedf12a1d3b66698a33aec090a9cb2fec75e35cdf204057c1

SHA512
c4cfeab3b3174f767f1bcaaef20bcbda32d5771376199ace629d31de42afe70952bde9b52f76d2c598a9fb699752775637c30dfe91f4986c5a7314f2bad36b6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ddd613620df703cc5dd7ed5e5a810380

SHA1
26ff102aa60f7d777780d7b1d2e5acd9086e4cbb

SHA256
b3b76dd44ab811445acc0e7cd2cdb6a9ea577f89a86e254a37e640c05fa33b48

SHA512
b433891ec73187f4b6acffed3f9f034eb3d75ed4f996e361b278892182c68d5bc6aff81594860035809a94ff939ae733d04a988c3343080c8bcb24d42f71a348

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.virustotal.com\cache\morgue\163\{1c532dbf-297a-4d9a-8748-9970765347a3}.final

Filesize
38KB

MD5
89337791b6fc019098a41200e671fcca

SHA1
80f31de6cbdcc1883748be19f127a4b882714975

SHA256
11c6e8b56af52d85c22f84e97662378344cee6ac69d83f6cad4803753102f1de

SHA512
dd6051f75719b2f0cd239d6622c0e9aa638a6a94b8288d7f9c9fdaefe17fca0bad47dcaa49ebdcddc8603b6f37109b9f69b0537d5caf02c5bbef325c403f36e2

Download Submit
C:\Users\Admin\Downloads\Areena Riverside Resort.rar.xrjwx4j.partial

Filesize
4.5MB

MD5
8754ea8695bc5db00924af50b9306e2b

SHA1
e5cf4c79e1378d09b68c767bf06b173b44df1134

SHA256
fcb7a445c40ba527b888301826881c447ba9cce7360f282db8327fba558a451b

SHA512
a77b4463571d5973edad0700375364fd57326fa145928d77ef105fda77d11dd3209e691bf36ed0a1ec4f3d00350e74dc63427b4903672d2dec46deb90025a81b

Download Submit
memory/4120-8911-0x000000000F4A0000-0x000000000F5A0000-memory.dmp

Filesize
1024KB

Download
memory/5932-6301-0x00007FFED7AB0000-0x00007FFED7AB1000-memory.dmp

Filesize
4KB

Download
memory/5932-6300-0x00007FFED7D50000-0x00007FFED7D51000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response