Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
18-03-2024 12:45
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 1 drive.google.com 3 drive.google.com 4 drive.google.com 27 drive.google.com 28 drive.google.com -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = b0df74936c79da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1c890f303279da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\MrtCache MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 596046303279da01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9b9e634b3279da01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 500f5a4b3279da01 MicrosoftEdge.exe -
Suspicious behavior: MapViewOfSection 5 IoCs
pid Process 3892 MicrosoftEdgeCP.exe 3892 MicrosoftEdgeCP.exe 3892 MicrosoftEdgeCP.exe 3892 MicrosoftEdgeCP.exe 3892 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3252 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3252 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3252 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3252 MicrosoftEdgeCP.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3328 MicrosoftEdge.exe 3892 MicrosoftEdgeCP.exe 3252 MicrosoftEdgeCP.exe 3892 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 48 IoCs
description pid Process procid_target PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76 PID 3892 wrote to memory of 608 3892 MicrosoftEdgeCP.exe 76
Processes
-
C:\Windows\system32\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/12gwImk1shFaL4tb5QbtNVGte6qey4yju/view?usp=sharing"1⤵PID:5040
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3328
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:1864
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3892
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3252
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:608
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:4512
Network
-
Remote address:8.8.8.8:53Requestdrive.google.comIN AResponsedrive.google.comIN A142.250.179.142
-
Remote address:8.8.8.8:53Request0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpaIN PTR
-
GEThttps://drive.google.com/file/d/12gwImk1shFaL4tb5QbtNVGte6qey4yju/view?usp=sharingMicrosoftEdgeCP.exeRemote address:142.250.179.142:443RequestGET /file/d/12gwImk1shFaL4tb5QbtNVGte6qey4yju/view?usp=sharing HTTP/2.0
host: drive.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-robots-tag: noindex, nofollow, nosnippet
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Mar 2024 12:45:49 GMT
content-encoding: gzip
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
referrer-policy: origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: GSE
set-cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI; expires=Tue, 17-Sep-2024 12:45:49 GMT; path=/; domain=.google.com; Secure; HttpOnly
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:142.250.179.142:443RequestGET /auth_warmup HTTP/2.0
host: drive.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 200
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Mar 2024 12:45:54 GMT
strict-transport-security: max-age=31536000
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/DriveOsidBootstrap/cspreport;worker-src 'self'
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveOsidBootstrap/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
reporting-endpoints: default="/_/DriveOsidBootstrap/web-reports?context=eJzjEtHikmJw1pBi2O7jweKUPoM1CIiFeDia3j9Yzyawo-HHLCYAl_4K5Q"
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://drive.google.com/drivesharing/clientmodel?id=12gwImk1shFaL4tb5QbtNVGte6qey4yju&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.comMicrosoftEdgeCP.exeRemote address:142.250.179.142:443RequestGET /drivesharing/clientmodel?id=12gwImk1shFaL4tb5QbtNVGte6qey4yju&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.com HTTP/2.0
host: drive.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 302
x-frame-options: ALLOW-FROM https://drive.google.com
content-security-policy: frame-ancestors https://drive.google.com
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /drivesharing/_/DriveShareDialogUi/cspreport;worker-src 'self'
content-security-policy: require-trusted-types-for 'script';report-uri /drivesharing/_/DriveShareDialogUi/cspreport
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
location: https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com
strict-transport-security: max-age=31536000
cross-origin-resource-policy: same-site
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
date: Mon, 18 Mar 2024 12:45:54 GMT
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://drive.google.com/uc?id=12gwImk1shFaL4tb5QbtNVGte6qey4yju&export=downloadMicrosoftEdgeCP.exeRemote address:142.250.179.142:443RequestGET /uc?id=12gwImk1shFaL4tb5QbtNVGte6qey4yju&export=download HTTP/2.0
host: drive.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
referer: https://drive.google.com/
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI; OGPC=19010599-1:
ResponseHTTP/2.0 200
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Mar 2024 12:46:15 GMT
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/DriveUntrustedContentHttp/web-reports?context=eJzjUtHikmJw1pBi2O7jwfJ6z3TW90BsvXc6qz0QO6XPYA0CYiEejunvH6xnE7jx9dk5JgC3HBN3"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Request142.179.250.142.in-addr.arpaIN PTRResponse142.179.250.142.in-addr.arpaIN PTRams17s10-in-f141e100net
-
Remote address:8.8.8.8:53Request173.178.17.96.in-addr.arpaIN PTRResponse173.178.17.96.in-addr.arpaIN PTRa96-17-178-173deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request35.215.58.216.in-addr.arpaIN PTRResponse35.215.58.216.in-addr.arpaIN PTRpar21s17-in-f31e100net
-
Remote address:8.8.8.8:53Request42.36.251.142.in-addr.arpaIN PTRResponse42.36.251.142.in-addr.arpaIN PTRams17s12-in-f101e100net
-
Remote address:8.8.8.8:53Request3.214.58.216.in-addr.arpaIN PTRResponse3.214.58.216.in-addr.arpaIN PTRams17s09-in-f31e100net3.214.58.216.in-addr.arpaIN PTRlhr26s05-in-f3�F3.214.58.216.in-addr.arpaIN PTR�]
-
Remote address:142.250.179.142:443RequestGET /favicon.ico HTTP/2.0
host: drive.google.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1
ResponseHTTP/2.0 302
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 18 Mar 2024 12:45:57 GMT
server: sffe
content-length: 269
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestssl.gstatic.comIN AResponsessl.gstatic.comIN A216.58.214.67
-
Remote address:216.58.214.67:443RequestGET /docs/common/viewer/v3/v-sprite56.svg HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 50079
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 14 Mar 2024 20:07:59 GMT
expires: Fri, 14 Mar 2025 20:07:59 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 15 Feb 2024 22:18:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Origin
age: 319077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:216.58.214.67:443RequestGET /docs/common/cleardot.gif?zx=t46wvie4qya4 HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Mon, 18 Mar 2024 12:45:56 GMT
expires: Tue, 18 Mar 2025 12:45:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:216.58.214.67:443RequestGET /docs/common/cleardot.gif?zx=bu6j1oduc2me HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Mon, 18 Mar 2024 12:46:21 GMT
expires: Tue, 18 Mar 2025 12:46:21 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:216.58.214.67:443RequestGET /docs/common/cleardot.gif?zx=gdz8hjd655bo HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Mon, 18 Mar 2024 12:46:52 GMT
expires: Tue, 18 Mar 2025 12:46:52 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:216.58.214.67:443RequestGET /docs/common/cleardot.gif?zx=smrusif3dzin HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Mon, 18 Mar 2024 12:47:29 GMT
expires: Tue, 18 Mar 2025 12:47:29 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestogs.google.comIN AResponseogs.google.comIN CNAMEwww3.l.google.comwww3.l.google.comIN A172.217.20.206
-
Remote address:8.8.8.8:53Requestogs.google.comIN A
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A172.217.18.206
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_1MicrosoftEdgeCP.exeRemote address:172.217.18.206:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 200
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 40748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 14 Mar 2024 19:58:51 GMT
expires: Fri, 14 Mar 2025 19:58:51 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 01 Mar 2024 15:11:18 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 319624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_0MicrosoftEdgeCP.exeRemote address:172.217.18.206:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 200
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 70524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 14 Mar 2024 20:03:04 GMT
expires: Fri, 14 Mar 2025 20:03:04 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 01 Mar 2024 15:11:18 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 319371
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:172.217.18.206:443RequestGET /js/googleapis.proxy.js?onload=startup HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 200
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 5895
date: Mon, 18 Mar 2024 12:45:57 GMT
expires: Mon, 18 Mar 2024 12:45:57 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "97531c7107028fa4"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_0?le=scsMicrosoftEdgeCP.exeRemote address:172.217.18.206:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 200
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 27780
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 14 Mar 2024 20:09:42 GMT
expires: Fri, 14 Mar 2025 20:09:42 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 01 Mar 2024 15:11:18 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 318975
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A209.85.203.84
-
GEThttps://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.comMicrosoftEdgeCP.exeRemote address:209.85.203.84:443RequestGET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 302
set-cookie: __Host-GAPS=1:FGE4Ij5GIKc1WdyF_qzvmC-vPpwfig:eQfY8ZcbLfYB6LdX; Expires=Wed, 18-Mar-2026 12:45:56 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Mar 2024 12:45:56 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&osid=1&passive=1209600&ifkv=ARZ0qKJAacSg9JS6Btd3detbDdV7JgZ_-qThJEgAFFboVCRcuhYqHMD516wNKZCaUKKVrFjy_cEDZA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&osid=1&passive=1209600&ifkv=ARZ0qKJAacSg9JS6Btd3detbDdV7JgZ_-qThJEgAFFboVCRcuhYqHMD516wNKZCaUKKVrFjy_cEDZAMicrosoftEdgeCP.exeRemote address:209.85.203.84:443RequestGET /InteractiveLogin?continue=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&osid=1&passive=1209600&ifkv=ARZ0qKJAacSg9JS6Btd3detbDdV7JgZ_-qThJEgAFFboVCRcuhYqHMD516wNKZCaUKKVrFjy_cEDZA HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI; __Host-GAPS=1:FGE4Ij5GIKc1WdyF_qzvmC-vPpwfig:eQfY8ZcbLfYB6LdX
ResponseHTTP/2.0 302
set-cookie: __Host-GAPS=1:VJDSBAjWCEWlngFrcga1XlwUSfidLg:2n3EAsXSQLN52xWN;Path=/;Expires=Wed, 18-Mar-2026 12:45:57 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Mar 2024 12:45:57 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=ARZ0qKKFmRoMfzdq5lc0veCTVB0IJLP8MM53GLvKZMin88R4HzCcHedY-WqAemPDSU7EFDUjEy_lNw&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1207659268%3A1710765957416607&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 503
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=ARZ0qKKFmRoMfzdq5lc0veCTVB0IJLP8MM53GLvKZMin88R4HzCcHedY-WqAemPDSU7EFDUjEy_lNw&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1207659268%3A1710765957416607&theme=mn&ddm=0MicrosoftEdgeCP.exeRemote address:209.85.203.84:443RequestGET /v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=ARZ0qKKFmRoMfzdq5lc0veCTVB0IJLP8MM53GLvKZMin88R4HzCcHedY-WqAemPDSU7EFDUjEy_lNw&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1207659268%3A1710765957416607&theme=mn&ddm=0 HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI; __Host-GAPS=1:VJDSBAjWCEWlngFrcga1XlwUSfidLg:2n3EAsXSQLN52xWN
ResponseHTTP/2.0 200
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-auto-login: realm=com.google&args=continue%3Dhttps://drive.google.com/drivesharing/clientmodel?id%253D12gwImk1shFaL4tb5QbtNVGte6qey4yju%2526foreignService%253Dtexmex%2526authuser%253D0%2526origin%253Dhttps://drive.google.com
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Mar 2024 12:45:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-resource-policy: same-site
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/v3/signin/_/AccountsSignInUi/web-reports?context=eJzjWsCoxSXF4KwhxbBHaReTY-wTJlcgntv9lGkhEC9__5RpNRDHrHrGlADEB-OeMx0F4rcJL5g-AnFr6wumTiDe3POCaTsQT-N5yTQLiI9sf8l0AojffXnJxPP1JZMEEGsA8XYfDxa-ddNZVYBYd_101lAglv81nVUZiJ3SZ7AGAbFP_QzWGCBuvXmOdSoQC_FwtL5_sJ5N4MaVeQeYAGABT2g"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:216.58.214.67:443RequestGET /images/branding/product/1x/drive_2020q4_32dp.png HTTP/2.0
host: ssl.gstatic.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1
ResponseHTTP/2.0 200
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 831
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 14 Mar 2024 20:06:34 GMT
expires: Fri, 14 Mar 2025 20:06:34 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 21 Aug 2020 00:15:00 GMT
content-type: image/png
vary: Origin
age: 319163
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:216.58.214.67:443RequestGET /docs/doclist/images/drive_2022q3_32dp.png HTTP/2.0
host: ssl.gstatic.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1
ResponseHTTP/2.0 200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 1594
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 14 Mar 2024 20:03:21 GMT
expires: Fri, 14 Mar 2025 20:03:21 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: image/png
vary: Origin
age: 319374
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Request163.214.58.216.in-addr.arpaIN PTRResponse163.214.58.216.in-addr.arpaIN PTRpar10s42-in-f31e100net163.214.58.216.in-addr.arpaIN PTRmad01s26-in-f3�H163.214.58.216.in-addr.arpaIN PTRmad01s26-in-f163�H
-
Remote address:8.8.8.8:53Request206.18.217.172.in-addr.arpaIN PTRResponse206.18.217.172.in-addr.arpaIN PTRham02s14-in-f2061e100net206.18.217.172.in-addr.arpaIN PTRpar10s38-in-f14�J
-
Remote address:8.8.8.8:53Requestdrive-thirdparty.googleusercontent.comIN AResponsedrive-thirdparty.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A172.217.168.193
-
GEThttps://drive-thirdparty.googleusercontent.com/16/type/application/x-msdownloadMicrosoftEdgeCP.exeRemote address:172.217.168.193:443RequestGET /16/type/application/x-msdownload HTTP/2.0
host: drive-thirdparty.googleusercontent.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-drive-dev-apps
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-drive-dev-apps"
report-to: {"group":"apps-drive-dev-apps","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-drive-dev-apps"}]}
content-length: 524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 18 Mar 2024 12:15:57 GMT
expires: Mon, 18 Mar 2024 13:15:57 GMT
cache-control: public, max-age=3600
age: 1798
last-modified: Tue, 16 Jul 2019 16:03:11 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://ogs.google.com/widget/callout?prid=19016402&pgid=19010599&puid=53bd5e343198ee56&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=enMicrosoftEdgeCP.exeRemote address:172.217.20.206:443RequestGET /widget/callout?prid=19016402&pgid=19010599&puid=53bd5e343198ee56&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en HTTP/2.0
host: ogs.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 200
x-frame-options: ALLOW-FROM https://drive.google.com
content-security-policy: frame-ancestors https://drive.google.com
content-security-policy: require-trusted-types-for 'script';report-uri /_/OneGoogleWidgetUi/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/OneGoogleWidgetUi/cspreport;worker-src 'self'
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
expires: Mon, 18 Mar 2024 12:45:56 GMT
date: Mon, 18 Mar 2024 12:45:56 GMT
cache-control: private, max-age=3600
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-embedder-policy-report-only: require-corp; report-to="CoepOneGoogleWidgetUi"
report-to: {"group":"CoepOneGoogleWidgetUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
reporting-endpoints: default="/_/OneGoogleWidgetUi/web-reports?context=eJzjctHikmJw1pBiKFj5gundl5dMPF9fMkkAsQYQ862bzqoCxLrrp7OGArFT-gzWICD2qZ_BGgPErTfPsU4FYiEejpb3D9azCZz4PPcyIwBKMSIU"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestcontent.googleapis.comIN AResponsecontent.googleapis.comIN A142.250.201.170content.googleapis.comIN A172.217.18.202content.googleapis.comIN A216.58.214.74content.googleapis.comIN A142.250.74.234content.googleapis.comIN A142.250.75.234content.googleapis.comIN A216.58.214.170content.googleapis.comIN A172.217.20.170content.googleapis.comIN A172.217.20.202content.googleapis.comIN A216.58.213.74content.googleapis.comIN A142.250.179.74content.googleapis.comIN A142.250.179.106content.googleapis.comIN A142.250.178.138
-
Remote address:8.8.8.8:53Requestblobcomments-pa.clients6.google.comIN AResponseblobcomments-pa.clients6.google.comIN A172.217.23.202
-
GEThttps://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__MicrosoftEdgeCP.exeRemote address:142.250.201.170:443RequestGET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__ HTTP/2.0
host: content.googleapis.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-QEThrD5ttnvyCQjOMgYXVA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/apiserving; base-uri 'none'
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apiserving
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apiserving"
report-to: {"group":"apiserving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apiserving"}]}
content-length: 271
date: Mon, 18 Mar 2024 12:45:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Tue, 12 Mar 2024 05:08:00 GMT
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp; report-to="apiserving"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://content.googleapis.com/drive/v2beta/files/12gwImk1shFaL4tb5QbtNVGte6qey4yju?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanDownload%2CcanComment%2CcanEdit%2CcanInitiateEsignature%2CcanMoveChildrenWithinDrive%2CcanMoveItemIntoTeamDrive%2CcanRename%2CcanRemoveChildren)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7kMicrosoftEdgeCP.exeRemote address:142.250.201.170:443RequestGET /drive/v2beta/files/12gwImk1shFaL4tb5QbtNVGte6qey4yju?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanDownload%2CcanComment%2CcanEdit%2CcanInitiateEsignature%2CcanMoveChildrenWithinDrive%2CcanMoveItemIntoTeamDrive%2CcanRename%2CcanRemoveChildren)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k HTTP/2.0
host: content.googleapis.com
accept: */*
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__
accept-language: en-US
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063
x-goog-encode-response-if-executable: base64
x-requested-with: XMLHttpRequest
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-goog-authuser: 0
x-origin: https://drive.google.com
x-referer: https://drive.google.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
ResponseHTTP/2.0 200
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
vary: Origin, X-Origin
date: Mon, 18 Mar 2024 12:45:59 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/json; charset=UTF-8
content-encoding: gzip
server: ESF
content-length: 659
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
POSThttps://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=jsonMicrosoftEdgeCP.exeRemote address:142.250.201.170:443RequestPOST /drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json HTTP/2.0
host: content.googleapis.com
accept: */*
origin: https://content.googleapis.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__
accept-language: en-US
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063
x-goog-encode-response-if-executable: base64
content-type: application/json
x-requested-with: XMLHttpRequest
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-goog-authuser: 0
x-origin: https://drive.google.com
x-referer: https://drive.google.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-length: 550
cache-control: no-cache
ResponseHTTP/2.0 204
vary: Origin, X-Origin
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Mar 2024 12:45:59 GMT
pragma: no-cache
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
POSThttps://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=jsonMicrosoftEdgeCP.exeRemote address:142.250.201.170:443RequestPOST /drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json HTTP/2.0
host: content.googleapis.com
accept: */*
origin: https://content.googleapis.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__
accept-language: en-US
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063
x-goog-encode-response-if-executable: base64
content-type: application/json
x-requested-with: XMLHttpRequest
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-goog-authuser: 0
x-origin: https://drive.google.com
x-referer: https://drive.google.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-length: 755
cache-control: no-cache
ResponseHTTP/2.0 204
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
vary: Origin, X-Origin
date: Mon, 18 Mar 2024 12:45:59 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
POSThttps://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=jsonMicrosoftEdgeCP.exeRemote address:142.250.201.170:443RequestPOST /drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=json HTTP/2.0
host: content.googleapis.com
accept: */*
origin: https://content.googleapis.com
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__
accept-language: en-US
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063
x-goog-encode-response-if-executable: base64
content-type: application/json
x-requested-with: XMLHttpRequest
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-goog-authuser: 0
x-origin: https://drive.google.com
x-referer: https://drive.google.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-length: 1209
cache-control: no-cache
ResponseHTTP/2.0 403
content-encoding: gzip
date: Mon, 18 Mar 2024 12:46:26 GMT
server: ESF
cache-control: private
content-length: 500
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
OPTIONShttps://blobcomments-pa.clients6.google.com/v1/metadata?docId=12gwImk1shFaL4tb5QbtNVGte6qey4yju&revisionId=0B4qb_Rs23mkwcU5CRTcycXJ2OUpmaVFOODFCTndpUjNBamJ3PQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797MicrosoftEdgeCP.exeRemote address:172.217.23.202:443RequestOPTIONS /v1/metadata?docId=12gwImk1shFaL4tb5QbtNVGte6qey4yju&revisionId=0B4qb_Rs23mkwcU5CRTcycXJ2OUpmaVFOODFCTndpUjNBamJ3PQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
origin: https://drive.google.com
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
access-control-request-headers: X-Goog-AuthUser, X-JavaScript-User-Agent, X-Requested-With, X-Goog-Encode-Response-If-Executable, X-ClientDetails
access-control-request-method: GET
accept-encoding: gzip, deflate, br
content-length: 0
cache-control: no-cache
ResponseHTTP/2.0 200
vary: origin
vary: referer
vary: x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: X-Goog-AuthUser, X-JavaScript-User-Agent, X-Requested-With, X-Goog-Encode-Response-If-Executable, X-ClientDetails
access-control-max-age: 3600
date: Mon, 18 Mar 2024 12:45:57 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://blobcomments-pa.clients6.google.com/v1/metadata?docId=12gwImk1shFaL4tb5QbtNVGte6qey4yju&revisionId=0B4qb_Rs23mkwcU5CRTcycXJ2OUpmaVFOODFCTndpUjNBamJ3PQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797MicrosoftEdgeCP.exeRemote address:172.217.23.202:443RequestGET /v1/metadata?docId=12gwImk1shFaL4tb5QbtNVGte6qey4yju&revisionId=0B4qb_Rs23mkwcU5CRTcycXJ2OUpmaVFOODFCTndpUjNBamJ3PQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
origin: https://drive.google.com
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
content-encoding: gzip
date: Mon, 18 Mar 2024 12:45:57 GMT
server: ESF
cache-control: private
content-length: 778
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://drive.google.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Request193.168.217.172.in-addr.arpaIN PTRResponse193.168.217.172.in-addr.arpaIN PTRams16s32-in-f11e100net
-
Remote address:8.8.8.8:53Request67.214.58.216.in-addr.arpaIN PTRResponse67.214.58.216.in-addr.arpaIN PTRfra15s10-in-f671e100net67.214.58.216.in-addr.arpaIN PTRpar10s39-in-f3�H67.214.58.216.in-addr.arpaIN PTRfra15s10-in-f3�H
-
Remote address:8.8.8.8:53Request206.20.217.172.in-addr.arpaIN PTRResponse206.20.217.172.in-addr.arpaIN PTRwaw02s08-in-f2061e100net206.20.217.172.in-addr.arpaIN PTRpar10s50-in-f14�J206.20.217.172.in-addr.arpaIN PTRwaw02s08-in-f14�J
-
Remote address:8.8.8.8:53Request170.201.250.142.in-addr.arpaIN PTRResponse170.201.250.142.in-addr.arpaIN PTRpar21s23-in-f101e100net
-
Remote address:8.8.8.8:53Request84.203.85.209.in-addr.arpaIN PTRResponse84.203.85.209.in-addr.arpaIN PTRdh-in-f841e100net
-
Remote address:8.8.8.8:53Request84.203.85.209.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request202.23.217.172.in-addr.arpaIN PTRResponse202.23.217.172.in-addr.arpaIN PTRprg03s05-in-f101e100net202.23.217.172.in-addr.arpaIN PTRams16s37-in-f10�I202.23.217.172.in-addr.arpaIN PTRprg03s05-in-f202�I
-
Remote address:8.8.8.8:53Request202.23.217.172.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A216.58.213.68
-
Remote address:216.58.213.68:443RequestGET /images/hpp/Chrome_Owned_96x96.png HTTP/2.0
host: www.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://ogs.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: NID=512=NBph5Q7Tsh3_aozILIboYvsSy9BiSqrMN3CXL1Xr0NObnh1vOp_HsDvYgYQVMjfE_-UxkrAVcqqnGWb6yiSwS8UbWwwSE78_pM4BIWXrDZ0BV_70D7JU8DFPTIVfsuS6JQKRBcvOC6S5UxTsZWgiff-0uwA-T8THQrYZtIwFYMI
ResponseHTTP/2.0 200
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 6177
date: Mon, 18 Mar 2024 12:45:58 GMT
expires: Mon, 18 Mar 2024 12:45:58 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Request68.213.58.216.in-addr.arpaIN PTRResponse68.213.58.216.in-addr.arpaIN PTRpar21s18-in-f41e100net68.213.58.216.in-addr.arpaIN PTRlhr25s01-in-f4�G68.213.58.216.in-addr.arpaIN PTRlhr25s01-in-f68�G
-
Remote address:8.8.8.8:53Requestlh3.googleusercontent.comIN AResponselh3.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A142.250.178.129
-
GEThttps://lh3.googleusercontent.com/a/ACg8ocLmWKsCMTrUv9pXRH9oIfnacHuGORkL-PdViCi0hG6T=s64MicrosoftEdgeCP.exeRemote address:142.250.178.129:443RequestGET /a/ACg8ocLmWKsCMTrUv9pXRH9oIfnacHuGORkL-PdViCi0hG6T=s64 HTTP/2.0
host: lh3.googleusercontent.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://drive.google.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
ResponseHTTP/2.0 200
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Tue, 19 Mar 2024 12:45:59 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
date: Mon, 18 Mar 2024 12:45:59 GMT
server: fife
content-length: 685
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Request129.178.250.142.in-addr.arpaIN PTRResponse129.178.250.142.in-addr.arpaIN PTRpar21s22-in-f11e100net
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request161.19.199.152.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request114.110.16.96.in-addr.arpaIN PTRResponse114.110.16.96.in-addr.arpaIN PTRa96-16-110-114deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A92.123.241.137
-
Remote address:92.123.128.173:443RequestGET /cortanaassist/rules?cc=US&version=6 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1
-
Remote address:8.8.8.8:53Request137.241.123.92.in-addr.arpaIN PTRResponse137.241.123.92.in-addr.arpaIN PTRa92-123-241-137deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request173.128.123.92.in-addr.arpaIN PTRResponse173.128.123.92.in-addr.arpaIN PTRa92-123-128-173deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
1.5kB 7.7kB 19 14
-
142.250.179.142:443https://drive.google.com/uc?id=12gwImk1shFaL4tb5QbtNVGte6qey4yju&export=downloadtls, http2MicrosoftEdgeCP.exe4.7kB 43.3kB 66 59
HTTP Request
GET https://drive.google.com/file/d/12gwImk1shFaL4tb5QbtNVGte6qey4yju/view?usp=sharingHTTP Response
200HTTP Request
GET https://drive.google.com/auth_warmupHTTP Response
200HTTP Request
GET https://drive.google.com/drivesharing/clientmodel?id=12gwImk1shFaL4tb5QbtNVGte6qey4yju&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.comHTTP Response
302HTTP Request
GET https://drive.google.com/uc?id=12gwImk1shFaL4tb5QbtNVGte6qey4yju&export=downloadHTTP Response
200 -
2.4kB 8.6kB 27 18
HTTP Request
GET https://drive.google.com/favicon.icoHTTP Response
302 -
1.4kB 7.1kB 14 10
-
216.58.214.67:443https://ssl.gstatic.com/docs/common/cleardot.gif?zx=smrusif3dzintls, http2MicrosoftEdgeCP.exe4.9kB 60.1kB 76 66
HTTP Request
GET https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite56.svgHTTP Request
GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=t46wvie4qya4HTTP Response
200HTTP Response
200HTTP Request
GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=bu6j1oduc2meHTTP Response
200HTTP Request
GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=gdz8hjd655boHTTP Response
200HTTP Request
GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=smrusif3dzinHTTP Response
200 -
1.7kB 5.1kB 19 12
-
172.217.18.206:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_0?le=scstls, http2MicrosoftEdgeCP.exe8.8kB 160.0kB 141 134
HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_1HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_0HTTP Response
200HTTP Response
200HTTP Request
GET https://apis.google.com/js/googleapis.proxy.js?onload=startupHTTP Response
200HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uvrmm4sgViM.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw/cb=gapi.loaded_0?le=scsHTTP Response
200 -
2.0kB 5.4kB 21 14
-
209.85.203.84:443https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=ARZ0qKKFmRoMfzdq5lc0veCTVB0IJLP8MM53GLvKZMin88R4HzCcHedY-WqAemPDSU7EFDUjEy_lNw&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1207659268%3A1710765957416607&theme=mn&ddm=0tls, http2MicrosoftEdgeCP.exe7.8kB 124.4kB 115 109
HTTP Request
GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.comHTTP Response
302HTTP Request
GET https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&osid=1&passive=1209600&ifkv=ARZ0qKJAacSg9JS6Btd3detbDdV7JgZ_-qThJEgAFFboVCRcuhYqHMD516wNKZCaUKKVrFjy_cEDZAHTTP Response
302HTTP Request
GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D12gwImk1shFaL4tb5QbtNVGte6qey4yju%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=ARZ0qKKFmRoMfzdq5lc0veCTVB0IJLP8MM53GLvKZMin88R4HzCcHedY-WqAemPDSU7EFDUjEy_lNw&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1207659268%3A1710765957416607&theme=mn&ddm=0HTTP Response
200 -
1.2kB 5.1kB 17 12
-
216.58.214.67:443https://ssl.gstatic.com/docs/doclist/images/drive_2022q3_32dp.pngtls, http2MicrosoftEdge.exe2.0kB 9.0kB 27 20
HTTP Request
GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.pngHTTP Response
200HTTP Request
GET https://ssl.gstatic.com/docs/doclist/images/drive_2022q3_32dp.pngHTTP Response
200 -
1.1kB 5.3kB 16 12
-
172.217.168.193:443https://drive-thirdparty.googleusercontent.com/16/type/application/x-msdownloadtls, http2MicrosoftEdgeCP.exe1.8kB 11.4kB 23 19
HTTP Request
GET https://drive-thirdparty.googleusercontent.com/16/type/application/x-msdownloadHTTP Response
200 -
1.3kB 10.1kB 19 15
-
172.217.20.206:443https://ogs.google.com/widget/callout?prid=19016402&pgid=19010599&puid=53bd5e343198ee56&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=entls, http2MicrosoftEdgeCP.exe2.3kB 21.5kB 29 24
HTTP Request
GET https://ogs.google.com/widget/callout?prid=19016402&pgid=19010599&puid=53bd5e343198ee56&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=enHTTP Response
200 -
1.4kB 7.7kB 18 13
-
1.3kB 5.0kB 13 10
-
142.250.201.170:443https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=jsontls, http2MicrosoftEdgeCP.exe9.0kB 10.6kB 48 38
HTTP Request
GET https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uvrmm4sgViM.O%2Fd%3D1%2Frs%3DAHpOoo-soQ1xukOpN46EKPUFps9DoQSPjw%2Fm%3D__features__HTTP Response
200HTTP Request
GET https://content.googleapis.com/drive/v2beta/files/12gwImk1shFaL4tb5QbtNVGte6qey4yju?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanDownload%2CcanComment%2CcanEdit%2CcanInitiateEsignature%2CcanMoveChildrenWithinDrive%2CcanMoveItemIntoTeamDrive%2CcanRename%2CcanRemoveChildren)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7kHTTP Request
POST https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=jsonHTTP Request
POST https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=jsonHTTP Response
200HTTP Response
204HTTP Response
204HTTP Request
POST https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k&alt=jsonHTTP Response
403 -
172.217.23.202:443https://blobcomments-pa.clients6.google.com/v1/metadata?docId=12gwImk1shFaL4tb5QbtNVGte6qey4yju&revisionId=0B4qb_Rs23mkwcU5CRTcycXJ2OUpmaVFOODFCTndpUjNBamJ3PQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797tls, http2MicrosoftEdgeCP.exe3.1kB 13.0kB 32 27
HTTP Request
OPTIONS https://blobcomments-pa.clients6.google.com/v1/metadata?docId=12gwImk1shFaL4tb5QbtNVGte6qey4yju&revisionId=0B4qb_Rs23mkwcU5CRTcycXJ2OUpmaVFOODFCTndpUjNBamJ3PQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797HTTP Response
200HTTP Request
GET https://blobcomments-pa.clients6.google.com/v1/metadata?docId=12gwImk1shFaL4tb5QbtNVGte6qey4yju&revisionId=0B4qb_Rs23mkwcU5CRTcycXJ2OUpmaVFOODFCTndpUjNBamJ3PQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797HTTP Response
200 -
1.3kB 10.8kB 19 15
-
1.1kB 5.1kB 16 12
-
216.58.213.68:443https://www.google.com/images/hpp/Chrome_Owned_96x96.pngtls, http2MicrosoftEdgeCP.exe2.0kB 12.3kB 25 20
HTTP Request
GET https://www.google.com/images/hpp/Chrome_Owned_96x96.pngHTTP Response
200 -
1.3kB 10.1kB 19 15
-
142.250.178.129:443https://lh3.googleusercontent.com/a/ACg8ocLmWKsCMTrUv9pXRH9oIfnacHuGORkL-PdViCi0hG6T=s64tls, http2MicrosoftEdgeCP.exe2.0kB 11.3kB 26 19
HTTP Request
GET https://lh3.googleusercontent.com/a/ACg8ocLmWKsCMTrUv9pXRH9oIfnacHuGORkL-PdViCi0hG6T=s64HTTP Response
200 -
1.4kB 9.0kB 18 15
-
92.123.128.173:443https://www.bing.com/cortanaassist/rules?cc=US&version=6tls, http2MicrosoftEdge.exe3.3kB 59.7kB 57 51
HTTP Request
GET https://www.bing.com/cortanaassist/rules?cc=US&version=6 -
1.4kB 4.8kB 18 12
-
62 B 78 B 1 1
DNS Request
drive.google.com
DNS Response
142.250.179.142
-
236 B 182 B 2 1
DNS Request
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
DNS Request
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
-
74 B 113 B 1 1
DNS Request
142.179.250.142.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
173.178.17.96.in-addr.arpa
-
72 B 110 B 1 1
DNS Request
35.215.58.216.in-addr.arpa
-
72 B 111 B 1 1
DNS Request
42.36.251.142.in-addr.arpa
-
71 B 152 B 1 1
DNS Request
3.214.58.216.in-addr.arpa
-
61 B 77 B 1 1
DNS Request
ssl.gstatic.com
DNS Response
216.58.214.67
-
120 B 97 B 2 1
DNS Request
ogs.google.com
DNS Request
ogs.google.com
DNS Response
172.217.20.206
-
61 B 98 B 1 1
DNS Request
apis.google.com
DNS Response
172.217.18.206
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
209.85.203.84
-
73 B 171 B 1 1
DNS Request
163.214.58.216.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
206.18.217.172.in-addr.arpa
-
84 B 129 B 1 1
DNS Request
drive-thirdparty.googleusercontent.com
DNS Response
172.217.168.193
-
68 B 260 B 1 1
DNS Request
content.googleapis.com
DNS Response
142.250.201.170172.217.18.202216.58.214.74142.250.74.234142.250.75.234216.58.214.170172.217.20.170172.217.20.202216.58.213.74142.250.179.74142.250.179.106142.250.178.138
-
81 B 97 B 1 1
DNS Request
blobcomments-pa.clients6.google.com
DNS Response
172.217.23.202
-
74 B 112 B 1 1
DNS Request
193.168.217.172.in-addr.arpa
-
72 B 169 B 1 1
DNS Request
67.214.58.216.in-addr.arpa
-
73 B 173 B 1 1
DNS Request
206.20.217.172.in-addr.arpa
-
74 B 113 B 1 1
DNS Request
170.201.250.142.in-addr.arpa
-
144 B 105 B 2 1
DNS Request
84.203.85.209.in-addr.arpa
DNS Request
84.203.85.209.in-addr.arpa
-
146 B 173 B 2 1
DNS Request
202.23.217.172.in-addr.arpa
DNS Request
202.23.217.172.in-addr.arpa
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
216.58.213.68
-
72 B 169 B 1 1
DNS Request
68.213.58.216.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
lh3.googleusercontent.com
DNS Response
142.250.178.129
-
74 B 112 B 1 1
DNS Request
129.178.250.142.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
194.178.17.96.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
161.19.199.152.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
114.110.16.96.in-addr.arpa
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
92.123.241.137
-
73 B 139 B 1 1
DNS Request
137.241.123.92.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
173.128.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD51bfe591a4fe3d91b03cdf26eaacd8f89
SHA1719c37c320f518ac168c86723724891950911cea
SHA2569cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA51202f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db
-
C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
Filesize74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RY4Z9P88\cb=gapi[2].js
Filesize76KB
MD527b9b84fbfb8daa2fb4bee12be7581fa
SHA174ef64d31aceb8e6053268b5e965fcf3c1bb9543
SHA256c0591837fe846cfe29ec11880096615e267cfcd46abc9ec4632b4b9c49a554ff
SHA5122643134bae82ac683739498d953295969a7bc63b6e3c60ed6c72ad0841aad0306e96ad008b4a5a690ed846186bcac6459fc28a2c9118cbfc689377f45397644a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3SZYD0W1\drive_2022q3_32dp[1].png
Filesize1KB
MD5c66f20f2e39eb2f6a0a4cdbe0d955e5f
SHA1575ef086ce461e0ef83662e3acb3c1a789ebb0a8
SHA2562ab9cd0ffdddf7bf060620ae328fe626bfa2c004739adedb74ec894faf9bee31
SHA512b9c44a2113fb078d83e968dc0af2e78995bb6dd4ca25abff31e9ab180849c5de3036b69931cca295ac64155d5b168b634e35b7699f3fe65d4a30e9058a2639bd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5T23N6JQ\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8JCPZCIB\drive_2020q4_32dp[1].png
Filesize831B
MD5916c9bcccf19525ad9d3cd1514008746
SHA19ccce6978d2417927b5150ffaac22f907ff27b6e
SHA256358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50
SHA512b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00