hxxps://drive[.]google[.]com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view

Analysis

max time kernel
65s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/08/2024, 21:35 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3244	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
1676	msedge.exe
1676	msedge.exe
4360	identity_helper.exe
4360	identity_helper.exe
5680	msedge.exe
5680	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5768	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2672	1676	msedge.exe	84
PID 1676 wrote to memory of 2672	1676	msedge.exe	84
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 60	1676	msedge.exe	86
PID 1676 wrote to memory of 60	1676	msedge.exe	86
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff882f246f8,0x7ff882f24708,0x7ff882f24718
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5768
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\h2m_killstreak.pak
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3244

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

drive.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.250.179.110
GET

https://drive.google.com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view

msedge.exe

Remote address:

142.250.179.110:443

Request

GET /file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR
DNS

110.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.179.250.142.in-addr.arpa

IN PTR

Response

110.179.250.142.in-addr.arpa

IN PTR

par21s20-in-f141e100net
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR

Response
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

234.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.75.250.142.in-addr.arpa

IN PTR

Response

234.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f101e100net
DNS

227.74.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.74.250.142.in-addr.arpa

IN PTR

Response

227.74.250.142.in-addr.arpa

IN PTR

par10s40-in-f31e100net
DNS

67.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.179.250.142.in-addr.arpa

IN PTR

Response

67.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f31e100net
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
DNS

ogs.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

216.58.214.174
DNS

ogads-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

142.250.179.74

ogads-pa.googleapis.com

IN A

142.250.75.234

ogads-pa.googleapis.com

IN A

172.217.20.170

ogads-pa.googleapis.com

IN A

216.58.215.42

ogads-pa.googleapis.com

IN A

142.250.201.170

ogads-pa.googleapis.com

IN A

172.217.20.202

ogads-pa.googleapis.com

IN A

142.250.178.138

ogads-pa.googleapis.com

IN A

142.250.179.106

ogads-pa.googleapis.com

IN A

216.58.213.74

ogads-pa.googleapis.com

IN A

216.58.214.170
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.179.78
GET

https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=aaca5f2d43a3697&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en&dm=

msedge.exe

Remote address:

216.58.214.174:443

Request

GET /widget/callout?prid=19016403&pgid=19010599&puid=aaca5f2d43a3697&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en&dm= HTTP/2.0
host: ogs.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=516=Exv6zwLDzzlLPaxcZqyrdQx2T6lsPVktc-JxyXcTvbOy5CVk6OlctyRAOslyPx9ZWgsDSmvddUTWdj-QbLY28uNgVpbOJhaJKjn9KqoXdUCpfmwRTXw38Rn8x0LA7yOmP14eVu3WDiAFAlzYjwONfN7DSqOrO796INMdzkJbjfE
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

msedge.exe

Remote address:

142.250.179.74:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_0

msedge.exe

Remote address:

142.250.179.78:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=516=Exv6zwLDzzlLPaxcZqyrdQx2T6lsPVktc-JxyXcTvbOy5CVk6OlctyRAOslyPx9ZWgsDSmvddUTWdj-QbLY28uNgVpbOJhaJKjn9KqoXdUCpfmwRTXw38Rn8x0LA7yOmP14eVu3WDiAFAlzYjwONfN7DSqOrO796INMdzkJbjfE
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_1

msedge.exe

Remote address:

142.250.179.78:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=516=Exv6zwLDzzlLPaxcZqyrdQx2T6lsPVktc-JxyXcTvbOy5CVk6OlctyRAOslyPx9ZWgsDSmvddUTWdj-QbLY28uNgVpbOJhaJKjn9KqoXdUCpfmwRTXw38Rn8x0LA7yOmP14eVu3WDiAFAlzYjwONfN7DSqOrO796INMdzkJbjfE
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.201.174
POST

https://play.google.com/log?format=json&hasfast=true

msedge.exe

Remote address:

142.250.201.174:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 3392
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://drive.google.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=516=Exv6zwLDzzlLPaxcZqyrdQx2T6lsPVktc-JxyXcTvbOy5CVk6OlctyRAOslyPx9ZWgsDSmvddUTWdj-QbLY28uNgVpbOJhaJKjn9KqoXdUCpfmwRTXw38Rn8x0LA7yOmP14eVu3WDiAFAlzYjwONfN7DSqOrO796INMdzkJbjfE
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.74.227
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.20.196
GET

https://www.google.com/images/hpp/Chrome_Owned_96x96.png

msedge.exe

Remote address:

172.217.20.196:443

Request

GET /images/hpp/Chrome_Owned_96x96.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=516=Exv6zwLDzzlLPaxcZqyrdQx2T6lsPVktc-JxyXcTvbOy5CVk6OlctyRAOslyPx9ZWgsDSmvddUTWdj-QbLY28uNgVpbOJhaJKjn9KqoXdUCpfmwRTXw38Rn8x0LA7yOmP14eVu3WDiAFAlzYjwONfN7DSqOrO796INMdzkJbjfE
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

108.177.127.84
GET

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com

msedge.exe

Remote address:

108.177.127.84:443

Request

GET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=516=mHCB7Hu0VMYVOv8iZgOwdcw1hO21hJOeOVmXuhG0seLAsCdRAsDU9SmXlgFiC3MaXDMRsWDmW1L-eYOw3yUibQGxyzLog82qL4J4k8l7W5h91OcThNKpQY1mb38IfMT6AtBAZHmLW_fSCgHxJyD9LuH8q35wjXpEbamUhH8sN-tidBs
cookie: OGPC=19010599-1:
DNS

content.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

content.googleapis.com

IN A

Response

content.googleapis.com

IN A

142.250.179.106

content.googleapis.com

IN A

216.58.213.74

content.googleapis.com

IN A

142.250.178.138

content.googleapis.com

IN A

142.250.201.170

content.googleapis.com

IN A

172.217.20.202

content.googleapis.com

IN A

216.58.214.74

content.googleapis.com

IN A

216.58.214.170

content.googleapis.com

IN A

142.250.74.234

content.googleapis.com

IN A

142.250.75.234

content.googleapis.com

IN A

142.250.179.74

content.googleapis.com

IN A

172.217.20.170
DNS

blobcomments-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

blobcomments-pa.clients6.google.com

IN A

Response

blobcomments-pa.clients6.google.com

IN A

172.217.18.202
OPTIONS

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il&revisionId=0B7G5_UFdXLLTdFBVdktVQXIyUG9JaS9BSmswK2IzaDJrSzZjPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

msedge.exe

Remote address:

172.217.18.202:443

Request

OPTIONS /v1/metadata?docId=1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il&revisionId=0B7G5_UFdXLLTdFBVdktVQXIyUG9JaS9BSmswK2IzaDJrSzZjPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

drive-thirdparty.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive-thirdparty.googleusercontent.com

IN A

Response

drive-thirdparty.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.179.65
GET

https://drive-thirdparty.googleusercontent.com/16/type/application/octet-stream

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /16/type/application/octet-stream HTTP/2.0
host: drive-thirdparty.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

174.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.214.58.216.in-addr.arpa

IN PTR

Response

174.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f141e100net

174.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f174�I

174.214.58.216.in-addr.arpa

IN PTR

par10s42-in-f14�I
DNS

74.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.179.250.142.in-addr.arpa

IN PTR

Response

74.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f101e100net
DNS

78.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.179.250.142.in-addr.arpa

IN PTR

Response

78.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f141e100net
DNS

174.201.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.201.250.142.in-addr.arpa

IN PTR

Response

174.201.250.142.in-addr.arpa

IN PTR

par21s23-in-f141e100net
DNS

196.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.20.217.172.in-addr.arpa

IN PTR

Response

196.20.217.172.in-addr.arpa

IN PTR

par10s50-in-f41e100net

196.20.217.172.in-addr.arpa

IN PTR

waw02s08-in-f196�H

196.20.217.172.in-addr.arpa

IN PTR

waw02s08-in-f4�H
DNS

84.127.177.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.127.177.108.in-addr.arpa

IN PTR

Response

84.127.177.108.in-addr.arpa

IN PTR

el-in-f841e100net
DNS

202.18.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.18.217.172.in-addr.arpa

IN PTR

Response

202.18.217.172.in-addr.arpa

IN PTR

par10s38-in-f101e100net

202.18.217.172.in-addr.arpa

IN PTR

ham02s14-in-f202�I
DNS

65.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.179.250.142.in-addr.arpa

IN PTR

Response

65.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f11e100net
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388100_1G9ZWREFIF4V9ZG2V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388100_1G9ZWREFIF4V9ZG2V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 582432
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C130BC2AE7B146BDACBB809B0E9AC1FA Ref B: LON04EDGE1118 Ref C: 2024-08-15T21:35:58Z
date: Thu, 15 Aug 2024 21:35:57 GMT
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

lh3.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.179.65
DNS

106.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.179.250.142.in-addr.arpa

IN PTR

Response

106.179.250.142.in-addr.arpa

IN PTR

par21s20-in-f101e100net
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

drive.usercontent.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

216.58.214.65
GET

https://drive.usercontent.google.com/uc?id=1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il&export=download

msedge.exe

Remote address:

216.58.214.65:443

Request

GET /uc?id=1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il&export=download HTTP/2.0
host: drive.usercontent.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=516=mHCB7Hu0VMYVOv8iZgOwdcw1hO21hJOeOVmXuhG0seLAsCdRAsDU9SmXlgFiC3MaXDMRsWDmW1L-eYOw3yUibQGxyzLog82qL4J4k8l7W5h91OcThNKpQY1mb38IfMT6AtBAZHmLW_fSCgHxJyD9LuH8q35wjXpEbamUhH8sN-tidBs
cookie: OGPC=19010599-1:
cookie: __Secure-ENID=21.SE=eye9E_rejeV3OPSjoXKWSoy6e5jGTewW66CkuZ8J0s4DvUg81EJce_8OyhP7u9XAd1K3MnM_6l8LfwH-TAt1zl00abBxbceTxPr4a3SIQS8tq1TOj2VgXCvAfMH9PibQhVloq4iq-ynTc-XVXxJxQ1cVYOcCLWUWAWgmg5aCNQcuH39lzNA
DNS

65.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.214.58.216.in-addr.arpa

IN PTR

Response

65.214.58.216.in-addr.arpa

IN PTR

par10s39-in-f11e100net

65.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f1�G

65.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f65�G
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=372D6983492F6A2922A57D5F48086B38; domain=.bing.com; expires=Tue, 09-Sep-2025 21:35:59 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9A1073E6F9B945D29EF26B0B70B5FB88 Ref B: LON04EDGE0607 Ref C: 2024-08-15T21:35:59Z
date: Thu, 15 Aug 2024 21:35:58 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=372D6983492F6A2922A57D5F48086B38

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=f4yJRfjdml1n3H_HttV2aKXzl3v1JNmktYSXRbfa-q8; domain=.bing.com; expires=Tue, 09-Sep-2025 21:35:59 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B8720C8D23AC4513B486FD1033C07A0E Ref B: LON04EDGE0607 Ref C: 2024-08-15T21:35:59Z
date: Thu, 15 Aug 2024 21:35:59 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=372D6983492F6A2922A57D5F48086B38; MSPTC=f4yJRfjdml1n3H_HttV2aKXzl3v1JNmktYSXRbfa-q8

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 33DAF8264B0047018750073620986242 Ref B: LON04EDGE0607 Ref C: 2024-08-15T21:35:59Z
date: Thu, 15 Aug 2024 21:35:59 GMT
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

43.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.56.20.217.in-addr.arpa

IN PTR

Response
DNS

43.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.56.20.217.in-addr.arpa

IN PTR

142.250.179.110:443

https://drive.google.com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view

tls, http2

msedge.exe

2.4kB
35.0kB
25
37

HTTP Request

GET https://drive.google.com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view
216.58.214.174:443

https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=aaca5f2d43a3697&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en&dm=

tls, http2

msedge.exe

2.4kB
23.1kB
21
24

HTTP Request

GET https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=aaca5f2d43a3697&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en&dm=
142.250.179.74:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

msedge.exe

1.8kB
6.7kB
13
14

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.179.78:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_1

tls, http2

msedge.exe

4.7kB
127.0kB
69
99

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_0

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_1
142.250.179.78:443

apis.google.com

tls

msedge.exe

931 B
4.6kB
9
7
142.250.201.174:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

msedge.exe

5.5kB
9.2kB
18
18

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
172.217.20.196:443

https://www.google.com/images/hpp/Chrome_Owned_96x96.png

tls, http2

msedge.exe

2.2kB
12.8kB
19
19

HTTP Request

GET https://www.google.com/images/hpp/Chrome_Owned_96x96.png
108.177.127.84:443

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com

tls, http2

msedge.exe

2.3kB
7.6kB
15
16

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com
172.217.18.202:443

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il&revisionId=0B7G5_UFdXLLTdFBVdktVQXIyUG9JaS9BSmswK2IzaDJrSzZjPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

tls, http2

msedge.exe

2.1kB
12.1kB
15
19

HTTP Request

OPTIONS https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il&revisionId=0B7G5_UFdXLLTdFBVdktVQXIyUG9JaS9BSmswK2IzaDJrSzZjPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797
142.250.179.65:443

https://drive-thirdparty.googleusercontent.com/16/type/application/octet-stream

tls, http2

msedge.exe

1.8kB
11.9kB
15
16

HTTP Request

GET https://drive-thirdparty.googleusercontent.com/16/type/application/octet-stream
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239339388100_1G9ZWREFIF4V9ZG2V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

21.3kB
609.1kB
448
446

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388100_1G9ZWREFIF4V9ZG2V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
216.58.214.65:443

https://drive.usercontent.google.com/uc?id=1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il&export=download

tls, http2

msedge.exe

2.2kB
7.4kB
14
15

HTTP Request

GET https://drive.usercontent.google.com/uc?id=1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il&export=download
216.58.214.65:443

drive.usercontent.google.com

tls, http2

msedge.exe

1.1kB
1.6kB
6
5
13.107.21.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

tls, http2

2.0kB
9.3kB
21
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f13b704424c149f99ca0c3d9ff44ec25&localId=w:C73FBD69-E259-A995-64BC-A5A688D3CF0D&deviceId=6755468654711223&anid=

HTTP Response

204

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

drive.google.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

142.250.179.110
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

148 B
128 B
2
1

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

110.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

110.179.250.142.in-addr.arpa
8.8.8.8:53

76.32.126.40.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

76.32.126.40.in-addr.arpa

DNS Request

76.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

234.75.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

234.75.250.142.in-addr.arpa
8.8.8.8:53

227.74.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

227.74.250.142.in-addr.arpa
8.8.8.8:53

67.179.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

67.179.250.142.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
170 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

ogs.google.com

dns

msedge.exe

60 B
97 B
1
1

DNS Request

ogs.google.com

DNS Response

216.58.214.174
8.8.8.8:53

ogads-pa.googleapis.com

dns

msedge.exe

69 B
229 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

142.250.179.74

142.250.75.234

172.217.20.170

216.58.215.42

142.250.201.170

172.217.20.202

142.250.178.138

142.250.179.106

216.58.213.74

216.58.214.170
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.179.78
142.250.179.110:443

drive.google.com

https

msedge.exe

4.4kB
9.8kB
15
16
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.201.174
8.8.8.8:53

ssl.gstatic.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.74.227
142.250.179.74:443

ogads-pa.googleapis.com

https

msedge.exe

3.9kB
7.1kB
8
10
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.20.196
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

108.177.127.84
142.250.201.174:443

play.google.com

https

msedge.exe

27.3kB
10.0kB
34
29
8.8.8.8:53

content.googleapis.com

dns

msedge.exe

68 B
244 B
1
1

DNS Request

content.googleapis.com

DNS Response

142.250.179.106

216.58.213.74

142.250.178.138

142.250.201.170

172.217.20.202

216.58.214.74

216.58.214.170

142.250.74.234

142.250.75.234

142.250.179.74

172.217.20.170
8.8.8.8:53

blobcomments-pa.clients6.google.com

dns

msedge.exe

81 B
97 B
1
1

DNS Request

blobcomments-pa.clients6.google.com

DNS Response

172.217.18.202
108.177.127.84:443

accounts.google.com

https

msedge.exe

5.1kB
12.4kB
14
18
172.217.18.202:443

blobcomments-pa.clients6.google.com

https

msedge.exe

4.3kB
8.7kB
9
11
142.250.179.78:443

apis.google.com

https

msedge.exe

3.7kB
44.9kB
25
40
8.8.8.8:53

drive-thirdparty.googleusercontent.com

dns

msedge.exe

84 B
129 B
1
1

DNS Request

drive-thirdparty.googleusercontent.com

DNS Response

142.250.179.65
172.217.20.196:443

www.google.com

https

msedge.exe

3.9kB
11.0kB
10
12
8.8.8.8:53

174.214.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

174.214.58.216.in-addr.arpa
8.8.8.8:53

74.179.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

74.179.250.142.in-addr.arpa
8.8.8.8:53

78.179.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.179.250.142.in-addr.arpa
8.8.8.8:53

174.201.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

174.201.250.142.in-addr.arpa
8.8.8.8:53

196.20.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

196.20.217.172.in-addr.arpa
8.8.8.8:53

84.127.177.108.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

84.127.177.108.in-addr.arpa
8.8.8.8:53

202.18.217.172.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

202.18.217.172.in-addr.arpa
8.8.8.8:53

65.179.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

65.179.250.142.in-addr.arpa
142.250.179.106:443

content.googleapis.com

https

msedge.exe

5.1kB
7.9kB
12
11
8.8.8.8:53

g.bing.com

dns

168 B
151 B
3
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

lh3.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.179.65
142.250.179.65:443

lh3.googleusercontent.com

https

msedge.exe

3.8kB
8.1kB
11
10
8.8.8.8:53

106.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

106.179.250.142.in-addr.arpa
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

drive.usercontent.google.com

dns

msedge.exe

74 B
90 B
1
1

DNS Request

drive.usercontent.google.com

DNS Response

216.58.214.65
216.58.214.65:443

drive.usercontent.google.com

https

msedge.exe

1.2MB
179.5MB
16118
131521
8.8.8.8:53

65.214.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

65.214.58.216.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
224.0.0.251:5353

msedge.exe

515 B
8
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

140 B
144 B
2
1

DNS Request

18.31.95.13.in-addr.arpa

DNS Request

18.31.95.13.in-addr.arpa
142.250.201.174:443

play.google.com

https

msedge.exe

3.6kB
7.1kB
9
10
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

43.56.20.217.in-addr.arpa

dns

142 B
131 B
2
1

DNS Request

43.56.20.217.in-addr.arpa

DNS Request

43.56.20.217.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
6d3680fbc4b8e730fbc5aced9ed026b4

SHA1
9f7388e30a099fcbcbf75495037377abc0f3939d

SHA256
0c84cb1f9646ba8f77fb765ef0cead8cf1a22d778ff2bc09c5dddf012dbf29cf

SHA512
29d94fde6e29939b6c625f5bcf3913eaaad0acb86db8d6c2e4906d322f6d4699f509d69b32360e8f06c0c7dbd161cba9d3a65f71af89566143e9abb14520ef9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbc4a656f923b041f6f4c1c6b4400028

SHA1
47552cea3ef6857aa3a8d104edc0d5c61119c530

SHA256
a410f7e99cce8c11780e9c286d225b6b06bafb672849c7b15287ff4654f1cdcd

SHA512
43200e0b8beacce4f2a1df0072a536dacc3444d8c7b9aa7b508d4c913a4c43279d9e636ffbcb40ae75b92a749572c8ae4cda92a66c7aee951160790d41471919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3070daf6b885c7394f5c605a5f95ef22

SHA1
ac1283d2407fcb060cd934bf7243c51b2e453469

SHA256
da2cc5f22af99b6e5444eaa809181eaaaa9e6ec0ca04fb8c0c5de6cd489ad5fd

SHA512
58171637b1a87181ba2e98c6b1bf61e1b9241e32deda53335b4f20000d26ba2f4e16ad2ee6a7d660e414c84877368c5f85ece3427ec279afebd8af72ec03243c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fea89b5901ffffe798aad76f206763da

SHA1
22ce2ade0caed9404b237973f4834bb0573940d5

SHA256
f343064f824db024244a6de7f8ab6cb5ac77087766624b2ee74e55288eb414e0

SHA512
50eb71e3df2a76dd8f9bb599bad836cf862704383c8891d1c12f05676e20ecb99806fefb52cb9198ded8a04d0a67c5828d2e0b93a30e1bbe43eb241f50fa1c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e16870989543a657dfb04120465355a4

SHA1
1c0142e93bc1cd624f875de645bac1f32e4db54e

SHA256
dda4996299f1e31d48831b4ad15abc1344ff23d40f0ff3cb989355005f5645d9

SHA512
fd1dc52731e05dba3e5c8bf3effd5a308b02231f1349b5afe8875303709fa7d4ceaab5d52b6138f33b3a4b790671aea2997de3e56803de3d8a2e9636ce39a5d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request