Analysis

  • max time kernel
    127s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-09-2024 05:15

General

  • Target

    http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc5946f8,0x7ffcfc594708,0x7ffcfc594718
      2⤵
        PID:1192
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
        2⤵
          PID:4920
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3952
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
          2⤵
            PID:3864
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
            2⤵
              PID:3624
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
              2⤵
                PID:4928
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                2⤵
                  PID:4464
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
                  2⤵
                    PID:3392
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
                    2⤵
                      PID:860
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4424
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                      2⤵
                        PID:1580
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                        2⤵
                          PID:1612
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1
                          2⤵
                            PID:5016
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                            2⤵
                              PID:784
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
                              2⤵
                                PID:4800
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5536 /prefetch:8
                                2⤵
                                  PID:1280
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                                  2⤵
                                    PID:1360
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1356
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3120
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4896
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2144
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:3876

                                      Network

                                      • flag-us
                                        DNS
                                        drive.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        drive.google.com
                                        IN A
                                        Response
                                        drive.google.com
                                        IN A
                                        142.250.178.14
                                      • flag-gb
                                        GET
                                        http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
                                        msedge.exe
                                        Remote address:
                                        142.250.178.14:80
                                        Request
                                        GET /file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing HTTP/1.1
                                        Host: drive.google.com
                                        Connection: keep-alive
                                        DNT: 1
                                        Upgrade-Insecure-Requests: 1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                        Accept-Encoding: gzip, deflate
                                        Accept-Language: en-US,en;q=0.9
                                        Response
                                        HTTP/1.1 301 Moved Permanently
                                        Content-Type: text/html; charset=UTF-8
                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                        Pragma: no-cache
                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                        Date: Tue, 03 Sep 2024 05:15:37 GMT
                                        Location: https://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
                                        Content-Encoding: gzip
                                        X-Content-Type-Options: nosniff
                                        X-Frame-Options: SAMEORIGIN
                                        Content-Security-Policy: frame-ancestors 'self'
                                        X-XSS-Protection: 1; mode=block
                                        Content-Length: 243
                                        Server: GSE
                                      • flag-gb
                                        GET
                                        https://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
                                        msedge.exe
                                        Remote address:
                                        142.250.178.14:443
                                        Request
                                        GET /file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing HTTP/2.0
                                        host: drive.google.com
                                        dnt: 1
                                        upgrade-insecure-requests: 1
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                        sec-fetch-site: none
                                        sec-fetch-mode: navigate
                                        sec-fetch-user: ?1
                                        sec-fetch-dest: document
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        sec-ch-ua-mobile: ?0
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        154.239.44.20.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        154.239.44.20.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        14.178.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        14.178.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        14.178.250.142.in-addr.arpa
                                        IN PTR
                                        lhr48s27-in-f141e100net
                                      • flag-us
                                        DNS
                                        134.32.126.40.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        134.32.126.40.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        240.221.184.93.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        240.221.184.93.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        95.221.229.192.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        95.221.229.192.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        play.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        play.google.com
                                        IN A
                                        Response
                                        play.google.com
                                        IN A
                                        142.250.200.14
                                      • flag-us
                                        DNS
                                        ogs.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        ogs.google.com
                                        IN A
                                        Response
                                        ogs.google.com
                                        IN CNAME
                                        www3.l.google.com
                                        www3.l.google.com
                                        IN A
                                        172.217.169.14
                                      • flag-us
                                        DNS
                                        apis.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        apis.google.com
                                        IN A
                                        Response
                                        apis.google.com
                                        IN CNAME
                                        plus.l.google.com
                                        plus.l.google.com
                                        IN A
                                        142.250.187.238
                                      • flag-gb
                                        POST
                                        https://play.google.com/log?format=json&hasfast=true
                                        msedge.exe
                                        Remote address:
                                        142.250.200.14:443
                                        Request
                                        POST /log?format=json&hasfast=true HTTP/2.0
                                        host: play.google.com
                                        content-length: 3549
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        dnt: 1
                                        sec-ch-ua-mobile: ?0
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        content-type: text/plain;charset=UTF-8
                                        accept: */*
                                        origin: https://drive.google.com
                                        sec-fetch-site: same-site
                                        sec-fetch-mode: cors
                                        sec-fetch-dest: empty
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
                                      • flag-us
                                        DNS
                                        ssl.gstatic.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        ssl.gstatic.com
                                        IN A
                                        Response
                                        ssl.gstatic.com
                                        IN A
                                        216.58.204.67
                                      • flag-us
                                        DNS
                                        ogads-pa.googleapis.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        ogads-pa.googleapis.com
                                        IN A
                                        Response
                                        ogads-pa.googleapis.com
                                        IN A
                                        172.217.169.10
                                        ogads-pa.googleapis.com
                                        IN A
                                        142.250.179.234
                                        ogads-pa.googleapis.com
                                        IN A
                                        142.250.200.42
                                        ogads-pa.googleapis.com
                                        IN A
                                        216.58.212.234
                                        ogads-pa.googleapis.com
                                        IN A
                                        172.217.169.42
                                        ogads-pa.googleapis.com
                                        IN A
                                        142.250.187.234
                                        ogads-pa.googleapis.com
                                        IN A
                                        216.58.201.106
                                        ogads-pa.googleapis.com
                                        IN A
                                        142.250.200.10
                                        ogads-pa.googleapis.com
                                        IN A
                                        142.250.180.10
                                        ogads-pa.googleapis.com
                                        IN A
                                        216.58.204.74
                                        ogads-pa.googleapis.com
                                        IN A
                                        172.217.16.234
                                        ogads-pa.googleapis.com
                                        IN A
                                        216.58.212.202
                                        ogads-pa.googleapis.com
                                        IN A
                                        142.250.178.10
                                        ogads-pa.googleapis.com
                                        IN A
                                        142.250.187.202
                                      • flag-gb
                                        GET
                                        https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=
                                        msedge.exe
                                        Remote address:
                                        172.217.169.14:443
                                        Request
                                        GET /widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm= HTTP/2.0
                                        host: ogs.google.com
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        sec-ch-ua-mobile: ?0
                                        upgrade-insecure-requests: 1
                                        dnt: 1
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                        sec-fetch-site: same-site
                                        sec-fetch-mode: navigate
                                        sec-fetch-dest: iframe
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
                                      • flag-gb
                                        GET
                                        https://ssl.gstatic.com/docs/common/cleardot.gif?zx=r6yy7htc9716
                                        msedge.exe
                                        Remote address:
                                        216.58.204.67:443
                                        Request
                                        GET /docs/common/cleardot.gif?zx=r6yy7htc9716 HTTP/2.0
                                        host: ssl.gstatic.com
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        dnt: 1
                                        sec-ch-ua-mobile: ?0
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                        sec-fetch-site: cross-site
                                        sec-fetch-mode: no-cors
                                        sec-fetch-dest: image
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-gb
                                        GET
                                        https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0
                                        msedge.exe
                                        Remote address:
                                        142.250.187.238:443
                                        Request
                                        GET /_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0 HTTP/2.0
                                        host: apis.google.com
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        dnt: 1
                                        sec-ch-ua-mobile: ?0
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: */*
                                        sec-fetch-site: same-site
                                        sec-fetch-mode: no-cors
                                        sec-fetch-dest: script
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
                                      • flag-gb
                                        GET
                                        https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1
                                        msedge.exe
                                        Remote address:
                                        142.250.187.238:443
                                        Request
                                        GET /_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1 HTTP/2.0
                                        host: apis.google.com
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        dnt: 1
                                        sec-ch-ua-mobile: ?0
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: */*
                                        sec-fetch-site: same-site
                                        sec-fetch-mode: no-cors
                                        sec-fetch-dest: script
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
                                      • flag-gb
                                        OPTIONS
                                        https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
                                        msedge.exe
                                        Remote address:
                                        172.217.169.10:443
                                        Request
                                        OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
                                        host: ogads-pa.googleapis.com
                                        accept: */*
                                        access-control-request-method: POST
                                        access-control-request-headers: content-type,x-goog-api-key,x-user-agent
                                        origin: https://drive.google.com
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        sec-fetch-mode: cors
                                        sec-fetch-site: cross-site
                                        sec-fetch-dest: empty
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        accounts.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        accounts.google.com
                                        IN A
                                        Response
                                        accounts.google.com
                                        IN A
                                        74.125.193.84
                                      • flag-ie
                                        GET
                                        https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com
                                        msedge.exe
                                        Remote address:
                                        74.125.193.84:443
                                        Request
                                        GET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
                                        host: accounts.google.com
                                        upgrade-insecure-requests: 1
                                        dnt: 1
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                        sec-fetch-site: same-site
                                        sec-fetch-mode: navigate
                                        sec-fetch-dest: iframe
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        sec-ch-ua-mobile: ?0
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
                                      • flag-us
                                        DNS
                                        www.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        www.google.com
                                        IN A
                                        Response
                                        www.google.com
                                        IN A
                                        142.250.179.228
                                      • flag-gb
                                        GET
                                        https://www.google.com/images/hpp/Chrome_Owned_96x96.png
                                        msedge.exe
                                        Remote address:
                                        142.250.179.228:443
                                        Request
                                        GET /images/hpp/Chrome_Owned_96x96.png HTTP/2.0
                                        host: www.google.com
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        dnt: 1
                                        sec-ch-ua-mobile: ?0
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                        sec-fetch-site: same-site
                                        sec-fetch-mode: no-cors
                                        sec-fetch-dest: image
                                        referer: https://ogs.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        cookie: NID=517=EqyL5dIU_iP2F7IfzmydpVXPcDi8oWWOzXuEAIf3_7zr5oEPzZBAMCQUmBSwxx6RYJnc33IkNb9rDyXJD78G9l_EwAG5t-c0ML7DKP6dNxpZFTAYguN_pHfqbQQmOXYmq3dvQTsu9ov43nUau0TF6MHari480FjdTJWXkg_kTCg
                                      • flag-us
                                        DNS
                                        99.201.58.216.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        99.201.58.216.in-addr.arpa
                                        IN PTR
                                        Response
                                        99.201.58.216.in-addr.arpa
                                        IN PTR
                                        prg03s02-in-f991e100net
                                        99.201.58.216.in-addr.arpa
                                        IN PTR
                                        lhr48s48-in-f3�H
                                        99.201.58.216.in-addr.arpa
                                        IN PTR
                                        prg03s02-in-f3�H
                                      • flag-us
                                        DNS
                                        74.204.58.216.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        74.204.58.216.in-addr.arpa
                                        IN PTR
                                        Response
                                        74.204.58.216.in-addr.arpa
                                        IN PTR
                                        lhr25s13-in-f741e100net
                                        74.204.58.216.in-addr.arpa
                                        IN PTR
                                        lhr48s49-in-f10�H
                                        74.204.58.216.in-addr.arpa
                                        IN PTR
                                        lhr25s13-in-f10�H
                                      • flag-us
                                        DNS
                                        14.200.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        14.200.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        14.200.250.142.in-addr.arpa
                                        IN PTR
                                        lhr48s29-in-f141e100net
                                      • flag-us
                                        DNS
                                        14.169.217.172.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        14.169.217.172.in-addr.arpa
                                        IN PTR
                                        Response
                                        14.169.217.172.in-addr.arpa
                                        IN PTR
                                        lhr25s26-in-f141e100net
                                      • flag-us
                                        DNS
                                        238.187.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        238.187.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        238.187.250.142.in-addr.arpa
                                        IN PTR
                                        lhr25s34-in-f141e100net
                                      • flag-us
                                        DNS
                                        67.204.58.216.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        67.204.58.216.in-addr.arpa
                                        IN PTR
                                        Response
                                        67.204.58.216.in-addr.arpa
                                        IN PTR
                                        lhr25s13-in-f31e100net
                                        67.204.58.216.in-addr.arpa
                                        IN PTR
                                        lhr25s13-in-f67�G
                                        67.204.58.216.in-addr.arpa
                                        IN PTR
                                        lhr48s49-in-f3�G
                                      • flag-us
                                        DNS
                                        10.169.217.172.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        10.169.217.172.in-addr.arpa
                                        IN PTR
                                        Response
                                        10.169.217.172.in-addr.arpa
                                        IN PTR
                                        lhr25s26-in-f101e100net
                                      • flag-us
                                        DNS
                                        84.193.125.74.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        84.193.125.74.in-addr.arpa
                                        IN PTR
                                        Response
                                        84.193.125.74.in-addr.arpa
                                        IN PTR
                                        di-in-f841e100net
                                        84.193.125.74.in-addr.arpa
                                        IN PTR
                                        ig-in-f84�B
                                      • flag-us
                                        DNS
                                        content.googleapis.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        content.googleapis.com
                                        IN A
                                        Response
                                        content.googleapis.com
                                        IN A
                                        172.217.16.234
                                        content.googleapis.com
                                        IN A
                                        142.250.200.10
                                        content.googleapis.com
                                        IN A
                                        142.250.187.234
                                        content.googleapis.com
                                        IN A
                                        142.250.200.42
                                        content.googleapis.com
                                        IN A
                                        172.217.169.10
                                        content.googleapis.com
                                        IN A
                                        142.250.187.202
                                        content.googleapis.com
                                        IN A
                                        142.250.179.234
                                        content.googleapis.com
                                        IN A
                                        216.58.204.74
                                        content.googleapis.com
                                        IN A
                                        142.250.180.10
                                        content.googleapis.com
                                        IN A
                                        172.217.169.42
                                        content.googleapis.com
                                        IN A
                                        142.250.178.10
                                        content.googleapis.com
                                        IN A
                                        216.58.201.106
                                      • flag-us
                                        DNS
                                        blobcomments-pa.clients6.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        blobcomments-pa.clients6.google.com
                                        IN A
                                        Response
                                        blobcomments-pa.clients6.google.com
                                        IN A
                                        142.250.187.202
                                      • flag-gb
                                        OPTIONS
                                        https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&revisionId=0B3wR5B-3bqzrMG5CZmMzNjVhdWQyaXpreFlkTnQrZmxJZzcwPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797
                                        msedge.exe
                                        Remote address:
                                        142.250.187.202:443
                                        Request
                                        OPTIONS /v1/metadata?docId=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&revisionId=0B3wR5B-3bqzrMG5CZmMzNjVhdWQyaXpreFlkTnQrZmxJZzcwPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
                                        host: blobcomments-pa.clients6.google.com
                                        accept: */*
                                        access-control-request-method: GET
                                        access-control-request-headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
                                        origin: https://drive.google.com
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        sec-fetch-mode: cors
                                        sec-fetch-site: same-site
                                        sec-fetch-dest: empty
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        drive-thirdparty.googleusercontent.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        drive-thirdparty.googleusercontent.com
                                        IN A
                                        Response
                                        drive-thirdparty.googleusercontent.com
                                        IN CNAME
                                        googlehosted.l.googleusercontent.com
                                        googlehosted.l.googleusercontent.com
                                        IN A
                                        142.250.187.225
                                      • flag-gb
                                        GET
                                        https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.microsoft.portable-executable
                                        msedge.exe
                                        Remote address:
                                        142.250.187.225:443
                                        Request
                                        GET /16/type/application/vnd.microsoft.portable-executable HTTP/2.0
                                        host: drive-thirdparty.googleusercontent.com
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        dnt: 1
                                        sec-ch-ua-mobile: ?0
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                        sec-fetch-site: cross-site
                                        sec-fetch-mode: no-cors
                                        sec-fetch-dest: image
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-gb
                                        GET
                                        https://drive-thirdparty.googleusercontent.com/16/type/Unknown/undefined
                                        msedge.exe
                                        Remote address:
                                        142.250.187.225:443
                                        Request
                                        GET /16/type/Unknown/undefined HTTP/2.0
                                        host: drive-thirdparty.googleusercontent.com
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        dnt: 1
                                        sec-ch-ua-mobile: ?0
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                        sec-fetch-site: cross-site
                                        sec-fetch-mode: no-cors
                                        sec-fetch-dest: image
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        202.187.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        202.187.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        202.187.250.142.in-addr.arpa
                                        IN PTR
                                        lhr25s33-in-f101e100net
                                      • flag-us
                                        DNS
                                        225.187.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        225.187.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        225.187.250.142.in-addr.arpa
                                        IN PTR
                                        lhr25s34-in-f11e100net
                                      • flag-us
                                        DNS
                                        234.16.217.172.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        234.16.217.172.in-addr.arpa
                                        IN PTR
                                        Response
                                        234.16.217.172.in-addr.arpa
                                        IN PTR
                                        mad08s04-in-f101e100net
                                        234.16.217.172.in-addr.arpa
                                        IN PTR
                                        lhr48s28-in-f10�I
                                      • flag-us
                                        DNS
                                        peoplestackwebexperiments-pa.clients6.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        peoplestackwebexperiments-pa.clients6.google.com
                                        IN A
                                        Response
                                        peoplestackwebexperiments-pa.clients6.google.com
                                        IN A
                                        172.217.16.234
                                      • flag-gb
                                        OPTIONS
                                        https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
                                        msedge.exe
                                        Remote address:
                                        172.217.16.234:443
                                        Request
                                        OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
                                        host: peoplestackwebexperiments-pa.clients6.google.com
                                        accept: */*
                                        access-control-request-method: POST
                                        access-control-request-headers: content-type,x-goog-api-key,x-user-agent
                                        origin: https://drive.google.com
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        sec-fetch-mode: cors
                                        sec-fetch-site: same-site
                                        sec-fetch-dest: empty
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-gb
                                        OPTIONS
                                        https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
                                        msedge.exe
                                        Remote address:
                                        172.217.16.234:443
                                        Request
                                        OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
                                        host: peoplestackwebexperiments-pa.clients6.google.com
                                        accept: */*
                                        access-control-request-method: POST
                                        access-control-request-headers: content-type,x-goog-api-key,x-user-agent
                                        origin: https://drive.google.com
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        sec-fetch-mode: cors
                                        sec-fetch-site: same-site
                                        sec-fetch-dest: empty
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        lh3.googleusercontent.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        lh3.googleusercontent.com
                                        IN A
                                        Response
                                        lh3.googleusercontent.com
                                        IN CNAME
                                        googlehosted.l.googleusercontent.com
                                        googlehosted.l.googleusercontent.com
                                        IN A
                                        142.250.187.225
                                      • flag-us
                                        DNS
                                        228.249.119.40.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        228.249.119.40.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        13.86.106.20.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        13.86.106.20.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        drive.usercontent.google.com
                                        msedge.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        drive.usercontent.google.com
                                        IN A
                                        Response
                                        drive.usercontent.google.com
                                        IN A
                                        216.58.201.97
                                      • flag-gb
                                        GET
                                        https://drive.usercontent.google.com/uc?id=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&export=download
                                        msedge.exe
                                        Remote address:
                                        216.58.201.97:443
                                        Request
                                        GET /uc?id=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&export=download HTTP/2.0
                                        host: drive.usercontent.google.com
                                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                        sec-ch-ua-mobile: ?0
                                        upgrade-insecure-requests: 1
                                        dnt: 1
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                        sec-fetch-site: same-site
                                        sec-fetch-mode: navigate
                                        sec-fetch-user: ?1
                                        sec-fetch-dest: document
                                        referer: https://drive.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        cookie: NID=517=EqyL5dIU_iP2F7IfzmydpVXPcDi8oWWOzXuEAIf3_7zr5oEPzZBAMCQUmBSwxx6RYJnc33IkNb9rDyXJD78G9l_EwAG5t-c0ML7DKP6dNxpZFTAYguN_pHfqbQQmOXYmq3dvQTsu9ov43nUau0TF6MHari480FjdTJWXkg_kTCg
                                        cookie: OGPC=19010599-2:
                                        cookie: __Secure-ENID=22.SE=izC7OVHTU4mw_nX7d4C0lKTqyA7qcn0-7vHI5jWCMcuji7fSo_X2TVx7chI9edSwYzDydFFqo9W9p-wO8DBC-7h9edkPRCyVUwAP2C1Y4mDZMZVuMtpkQUzvIFAM8iaCObKecbqPfm1zq8t7FrlxA73JdLyq5KH0Eu7pIRKw_ctUyJbHpBXU1ecP
                                      • flag-us
                                        DNS
                                        97.201.58.216.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        97.201.58.216.in-addr.arpa
                                        IN PTR
                                        Response
                                        97.201.58.216.in-addr.arpa
                                        IN PTR
                                        prg03s02-in-f11e100net
                                        97.201.58.216.in-addr.arpa
                                        IN PTR
                                        prg03s02-in-f97�G
                                        97.201.58.216.in-addr.arpa
                                        IN PTR
                                        lhr48s48-in-f1�G
                                      • flag-us
                                        DNS
                                        103.169.127.40.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        103.169.127.40.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        171.39.242.20.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        171.39.242.20.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        134.71.91.104.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        134.71.91.104.in-addr.arpa
                                        IN PTR
                                        Response
                                        134.71.91.104.in-addr.arpa
                                        IN PTR
                                        a104-91-71-134deploystaticakamaitechnologiescom
                                      • flag-us
                                        DNS
                                        48.229.111.52.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        48.229.111.52.in-addr.arpa
                                        IN PTR
                                        Response
                                      • 142.250.178.14:80
                                        drive.google.com
                                        msedge.exe
                                        190 B
                                        156 B
                                        4
                                        3
                                      • 142.250.178.14:80
                                        http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
                                        http
                                        msedge.exe
                                        781 B
                                        1.0kB
                                        6
                                        6

                                        HTTP Request

                                        GET http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing

                                        HTTP Response

                                        301
                                      • 142.250.178.14:443
                                        https://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
                                        tls, http2
                                        msedge.exe
                                        2.4kB
                                        35.6kB
                                        26
                                        37

                                        HTTP Request

                                        GET https://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
                                      • 142.250.200.14:443
                                        https://play.google.com/log?format=json&hasfast=true
                                        tls, http2
                                        msedge.exe
                                        5.7kB
                                        9.0kB
                                        19
                                        19

                                        HTTP Request

                                        POST https://play.google.com/log?format=json&hasfast=true
                                      • 172.217.169.14:443
                                        https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=
                                        tls, http2
                                        msedge.exe
                                        2.5kB
                                        23.1kB
                                        23
                                        26

                                        HTTP Request

                                        GET https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=
                                      • 216.58.204.67:443
                                        https://ssl.gstatic.com/docs/common/cleardot.gif?zx=r6yy7htc9716
                                        tls, http2
                                        msedge.exe
                                        1.8kB
                                        6.5kB
                                        14
                                        15

                                        HTTP Request

                                        GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=r6yy7htc9716
                                      • 142.250.187.238:443
                                        apis.google.com
                                        tls, http2
                                        msedge.exe
                                        999 B
                                        5.6kB
                                        9
                                        8
                                      • 142.250.187.238:443
                                        https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1
                                        tls, http2
                                        msedge.exe
                                        4.8kB
                                        126.8kB
                                        71
                                        100

                                        HTTP Request

                                        GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0

                                        HTTP Request

                                        GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1
                                      • 172.217.169.10:443
                                        https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
                                        tls, http2
                                        msedge.exe
                                        1.8kB
                                        6.8kB
                                        14
                                        15

                                        HTTP Request

                                        OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
                                      • 74.125.193.84:443
                                        https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com
                                        tls, http2
                                        msedge.exe
                                        2.4kB
                                        7.7kB
                                        16
                                        17

                                        HTTP Request

                                        GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com
                                      • 142.250.179.228:443
                                        https://www.google.com/images/hpp/Chrome_Owned_96x96.png
                                        tls, http2
                                        msedge.exe
                                        2.2kB
                                        13.0kB
                                        20
                                        22

                                        HTTP Request

                                        GET https://www.google.com/images/hpp/Chrome_Owned_96x96.png
                                      • 142.250.187.202:443
                                        https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&revisionId=0B3wR5B-3bqzrMG5CZmMzNjVhdWQyaXpreFlkTnQrZmxJZzcwPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797
                                        tls, http2
                                        msedge.exe
                                        2.1kB
                                        12.2kB
                                        16
                                        20

                                        HTTP Request

                                        OPTIONS https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&revisionId=0B3wR5B-3bqzrMG5CZmMzNjVhdWQyaXpreFlkTnQrZmxJZzcwPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797
                                      • 142.250.187.225:443
                                        drive-thirdparty.googleusercontent.com
                                        tls, http2
                                        msedge.exe
                                        1.0kB
                                        10.8kB
                                        10
                                        11
                                      • 142.250.187.225:443
                                        https://drive-thirdparty.googleusercontent.com/16/type/Unknown/undefined
                                        tls, http2
                                        msedge.exe
                                        2.1kB
                                        12.1kB
                                        19
                                        22

                                        HTTP Request

                                        GET https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.microsoft.portable-executable

                                        HTTP Request

                                        GET https://drive-thirdparty.googleusercontent.com/16/type/Unknown/undefined
                                      • 172.217.16.234:443
                                        peoplestackwebexperiments-pa.clients6.google.com
                                        tls, http2
                                        msedge.exe
                                        1.1kB
                                        11.3kB
                                        11
                                        12
                                      • 172.217.16.234:443
                                        https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
                                        tls, http2
                                        msedge.exe
                                        2.2kB
                                        12.3kB
                                        19
                                        21

                                        HTTP Request

                                        OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

                                        HTTP Request

                                        OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
                                      • 216.58.201.97:443
                                        https://drive.usercontent.google.com/uc?id=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&export=download
                                        tls, http2
                                        msedge.exe
                                        2.2kB
                                        7.4kB
                                        14
                                        16

                                        HTTP Request

                                        GET https://drive.usercontent.google.com/uc?id=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&export=download
                                      • 216.58.201.97:443
                                        drive.usercontent.google.com
                                        tls, http2
                                        msedge.exe
                                        999 B
                                        5.9kB
                                        9
                                        8
                                      • 52.111.227.14:443
                                        322 B
                                        7
                                      • 8.8.8.8:53
                                        drive.google.com
                                        dns
                                        msedge.exe
                                        62 B
                                        78 B
                                        1
                                        1

                                        DNS Request

                                        drive.google.com

                                        DNS Response

                                        142.250.178.14

                                      • 8.8.8.8:53
                                        154.239.44.20.in-addr.arpa
                                        dns
                                        72 B
                                        158 B
                                        1
                                        1

                                        DNS Request

                                        154.239.44.20.in-addr.arpa

                                      • 8.8.8.8:53
                                        14.178.250.142.in-addr.arpa
                                        dns
                                        73 B
                                        112 B
                                        1
                                        1

                                        DNS Request

                                        14.178.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        134.32.126.40.in-addr.arpa
                                        dns
                                        72 B
                                        158 B
                                        1
                                        1

                                        DNS Request

                                        134.32.126.40.in-addr.arpa

                                      • 8.8.8.8:53
                                        240.221.184.93.in-addr.arpa
                                        dns
                                        73 B
                                        144 B
                                        1
                                        1

                                        DNS Request

                                        240.221.184.93.in-addr.arpa

                                      • 8.8.8.8:53
                                        95.221.229.192.in-addr.arpa
                                        dns
                                        73 B
                                        144 B
                                        1
                                        1

                                        DNS Request

                                        95.221.229.192.in-addr.arpa

                                      • 142.250.178.14:443
                                        drive.google.com
                                        https
                                        msedge.exe
                                        8.8kB
                                        45.2kB
                                        56
                                        76
                                      • 8.8.8.8:53
                                        play.google.com
                                        dns
                                        msedge.exe
                                        61 B
                                        77 B
                                        1
                                        1

                                        DNS Request

                                        play.google.com

                                        DNS Response

                                        142.250.200.14

                                      • 8.8.8.8:53
                                        ogs.google.com
                                        dns
                                        msedge.exe
                                        60 B
                                        97 B
                                        1
                                        1

                                        DNS Request

                                        ogs.google.com

                                        DNS Response

                                        172.217.169.14

                                      • 8.8.8.8:53
                                        apis.google.com
                                        dns
                                        msedge.exe
                                        61 B
                                        98 B
                                        1
                                        1

                                        DNS Request

                                        apis.google.com

                                        DNS Response

                                        142.250.187.238

                                      • 8.8.8.8:53
                                        ssl.gstatic.com
                                        dns
                                        msedge.exe
                                        61 B
                                        77 B
                                        1
                                        1

                                        DNS Request

                                        ssl.gstatic.com

                                        DNS Response

                                        216.58.204.67

                                      • 8.8.8.8:53
                                        ogads-pa.googleapis.com
                                        dns
                                        msedge.exe
                                        69 B
                                        293 B
                                        1
                                        1

                                        DNS Request

                                        ogads-pa.googleapis.com

                                        DNS Response

                                        172.217.169.10
                                        142.250.179.234
                                        142.250.200.42
                                        216.58.212.234
                                        172.217.169.42
                                        142.250.187.234
                                        216.58.201.106
                                        142.250.200.10
                                        142.250.180.10
                                        216.58.204.74
                                        172.217.16.234
                                        216.58.212.202
                                        142.250.178.10
                                        142.250.187.202

                                      • 8.8.8.8:53
                                        accounts.google.com
                                        dns
                                        msedge.exe
                                        65 B
                                        81 B
                                        1
                                        1

                                        DNS Request

                                        accounts.google.com

                                        DNS Response

                                        74.125.193.84

                                      • 172.217.169.10:443
                                        ogads-pa.googleapis.com
                                        https
                                        msedge.exe
                                        4.4kB
                                        7.5kB
                                        12
                                        14
                                      • 216.58.204.67:443
                                        ssl.gstatic.com
                                        https
                                        msedge.exe
                                        7.3kB
                                        64.9kB
                                        55
                                        75
                                      • 8.8.8.8:53
                                        www.google.com
                                        dns
                                        msedge.exe
                                        60 B
                                        76 B
                                        1
                                        1

                                        DNS Request

                                        www.google.com

                                        DNS Response

                                        142.250.179.228

                                      • 8.8.8.8:53
                                        99.201.58.216.in-addr.arpa
                                        dns
                                        72 B
                                        169 B
                                        1
                                        1

                                        DNS Request

                                        99.201.58.216.in-addr.arpa

                                      • 8.8.8.8:53
                                        74.204.58.216.in-addr.arpa
                                        dns
                                        72 B
                                        171 B
                                        1
                                        1

                                        DNS Request

                                        74.204.58.216.in-addr.arpa

                                      • 8.8.8.8:53
                                        14.200.250.142.in-addr.arpa
                                        dns
                                        73 B
                                        112 B
                                        1
                                        1

                                        DNS Request

                                        14.200.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        14.169.217.172.in-addr.arpa
                                        dns
                                        73 B
                                        112 B
                                        1
                                        1

                                        DNS Request

                                        14.169.217.172.in-addr.arpa

                                      • 8.8.8.8:53
                                        238.187.250.142.in-addr.arpa
                                        dns
                                        74 B
                                        113 B
                                        1
                                        1

                                        DNS Request

                                        238.187.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        67.204.58.216.in-addr.arpa
                                        dns
                                        72 B
                                        169 B
                                        1
                                        1

                                        DNS Request

                                        67.204.58.216.in-addr.arpa

                                      • 8.8.8.8:53
                                        10.169.217.172.in-addr.arpa
                                        dns
                                        73 B
                                        112 B
                                        1
                                        1

                                        DNS Request

                                        10.169.217.172.in-addr.arpa

                                      • 8.8.8.8:53
                                        84.193.125.74.in-addr.arpa
                                        dns
                                        72 B
                                        129 B
                                        1
                                        1

                                        DNS Request

                                        84.193.125.74.in-addr.arpa

                                      • 142.250.200.14:443
                                        play.google.com
                                        https
                                        msedge.exe
                                        91.7kB
                                        17.2kB
                                        107
                                        86
                                      • 74.125.193.84:443
                                        accounts.google.com
                                        https
                                        msedge.exe
                                        5.8kB
                                        16.1kB
                                        23
                                        30
                                      • 8.8.8.8:53
                                        content.googleapis.com
                                        dns
                                        msedge.exe
                                        68 B
                                        260 B
                                        1
                                        1

                                        DNS Request

                                        content.googleapis.com

                                        DNS Response

                                        172.217.16.234
                                        142.250.200.10
                                        142.250.187.234
                                        142.250.200.42
                                        172.217.169.10
                                        142.250.187.202
                                        142.250.179.234
                                        216.58.204.74
                                        142.250.180.10
                                        172.217.169.42
                                        142.250.178.10
                                        216.58.201.106

                                      • 8.8.8.8:53
                                        blobcomments-pa.clients6.google.com
                                        dns
                                        msedge.exe
                                        81 B
                                        97 B
                                        1
                                        1

                                        DNS Request

                                        blobcomments-pa.clients6.google.com

                                        DNS Response

                                        142.250.187.202

                                      • 8.8.8.8:53
                                        drive-thirdparty.googleusercontent.com
                                        dns
                                        msedge.exe
                                        84 B
                                        129 B
                                        1
                                        1

                                        DNS Request

                                        drive-thirdparty.googleusercontent.com

                                        DNS Response

                                        142.250.187.225

                                      • 142.250.179.228:443
                                        www.google.com
                                        https
                                        msedge.exe
                                        3.9kB
                                        11.0kB
                                        10
                                        12
                                      • 142.250.187.202:443
                                        blobcomments-pa.clients6.google.com
                                        https
                                        msedge.exe
                                        4.6kB
                                        10.0kB
                                        13
                                        15
                                      • 142.250.187.238:443
                                        apis.google.com
                                        https
                                        msedge.exe
                                        4.8kB
                                        45.0kB
                                        24
                                        38
                                      • 172.217.16.234:443
                                        content.googleapis.com
                                        https
                                        msedge.exe
                                        5.9kB
                                        9.3kB
                                        19
                                        18
                                      • 8.8.8.8:53
                                        202.187.250.142.in-addr.arpa
                                        dns
                                        74 B
                                        113 B
                                        1
                                        1

                                        DNS Request

                                        202.187.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        225.187.250.142.in-addr.arpa
                                        dns
                                        74 B
                                        112 B
                                        1
                                        1

                                        DNS Request

                                        225.187.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        234.16.217.172.in-addr.arpa
                                        dns
                                        73 B
                                        142 B
                                        1
                                        1

                                        DNS Request

                                        234.16.217.172.in-addr.arpa

                                      • 8.8.8.8:53
                                        peoplestackwebexperiments-pa.clients6.google.com
                                        dns
                                        msedge.exe
                                        94 B
                                        110 B
                                        1
                                        1

                                        DNS Request

                                        peoplestackwebexperiments-pa.clients6.google.com

                                        DNS Response

                                        172.217.16.234

                                      • 172.217.16.234:443
                                        peoplestackwebexperiments-pa.clients6.google.com
                                        https
                                        msedge.exe
                                        4.4kB
                                        9.9kB
                                        15
                                        19
                                      • 8.8.8.8:53
                                        lh3.googleusercontent.com
                                        dns
                                        msedge.exe
                                        71 B
                                        116 B
                                        1
                                        1

                                        DNS Request

                                        lh3.googleusercontent.com

                                        DNS Response

                                        142.250.187.225

                                      • 142.250.187.225:443
                                        lh3.googleusercontent.com
                                        https
                                        msedge.exe
                                        3.8kB
                                        8.1kB
                                        11
                                        11
                                      • 224.0.0.251:5353
                                        513 B
                                        8
                                      • 8.8.8.8:53
                                        228.249.119.40.in-addr.arpa
                                        dns
                                        73 B
                                        159 B
                                        1
                                        1

                                        DNS Request

                                        228.249.119.40.in-addr.arpa

                                      • 8.8.8.8:53
                                        13.86.106.20.in-addr.arpa
                                        dns
                                        71 B
                                        157 B
                                        1
                                        1

                                        DNS Request

                                        13.86.106.20.in-addr.arpa

                                      • 8.8.8.8:53
                                        drive.usercontent.google.com
                                        dns
                                        msedge.exe
                                        74 B
                                        90 B
                                        1
                                        1

                                        DNS Request

                                        drive.usercontent.google.com

                                        DNS Response

                                        216.58.201.97

                                      • 216.58.201.97:443
                                        drive.usercontent.google.com
                                        https
                                        msedge.exe
                                        22.6kB
                                        3.2MB
                                        301
                                        2358
                                      • 8.8.8.8:53
                                        97.201.58.216.in-addr.arpa
                                        dns
                                        72 B
                                        169 B
                                        1
                                        1

                                        DNS Request

                                        97.201.58.216.in-addr.arpa

                                      • 8.8.8.8:53
                                        103.169.127.40.in-addr.arpa
                                        dns
                                        73 B
                                        147 B
                                        1
                                        1

                                        DNS Request

                                        103.169.127.40.in-addr.arpa

                                      • 8.8.8.8:53
                                        171.39.242.20.in-addr.arpa
                                        dns
                                        72 B
                                        158 B
                                        1
                                        1

                                        DNS Request

                                        171.39.242.20.in-addr.arpa

                                      • 8.8.8.8:53
                                        134.71.91.104.in-addr.arpa
                                        dns
                                        72 B
                                        137 B
                                        1
                                        1

                                        DNS Request

                                        134.71.91.104.in-addr.arpa

                                      • 142.250.200.14:443
                                        play.google.com
                                        https
                                        msedge.exe
                                        3.6kB
                                        7.2kB
                                        8
                                        11
                                      • 8.8.8.8:53
                                        48.229.111.52.in-addr.arpa
                                        dns
                                        72 B
                                        158 B
                                        1
                                        1

                                        DNS Request

                                        48.229.111.52.in-addr.arpa

                                      • 142.250.200.14:443
                                        play.google.com
                                        https
                                        msedge.exe
                                        8.4kB
                                        3.1kB
                                        11
                                        10

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        eeaa8087eba2f63f31e599f6a7b46ef4

                                        SHA1

                                        f639519deee0766a39cfe258d2ac48e3a9d5ac03

                                        SHA256

                                        50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                                        SHA512

                                        eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        b9569e123772ae290f9bac07e0d31748

                                        SHA1

                                        5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                                        SHA256

                                        20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                                        SHA512

                                        cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                        Filesize

                                        41KB

                                        MD5

                                        0d17932e0626482afe8b6f310e47cb24

                                        SHA1

                                        78dd115cea950e82c6428486836b1975b6630573

                                        SHA256

                                        1f5b32a1afcdf9092cf1f0bb84eae0a6be1c8b4ddeb4d2fc4d271d1314aab252

                                        SHA512

                                        75e51a80add7329ddf91df268fe15a827931325283f15212b55a2dc41b76c1050863b0c0eecc4e7f20c069c0b8cf0c5b4e666ec9dca843c37a8e25867785edb1

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        696B

                                        MD5

                                        2e8a9848ebe106754859ca4960799bf8

                                        SHA1

                                        64e37700cb7368ab5034568c1b9c1958c4796019

                                        SHA256

                                        0daebe9db9f3df8af3ff9bd7dca0c65bc1aadcdd489efba054489d80b61c6ba5

                                        SHA512

                                        2b4e1672475683f295cdc3f5a0a80c9f46bd493abcf7b0acde40885ef519dbb2d2fa572015ffc0c17321d48d31422cd7a00cd8d2a43f2682ef43934d746eea58

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        3KB

                                        MD5

                                        87fdda11fcdc69ff25cd9b15c0af71a4

                                        SHA1

                                        1bf4c918d02b6c8c47381966fd38e3bbc27e5197

                                        SHA256

                                        2dcce8509c4d8b74461453693859317f28408cf5e17407395f8dbd6f1fb094d5

                                        SHA512

                                        81af38abcbe63e7ae2bc3cb965eaf994a34d157297c80dff8a673e0e9ed6d98e3093d744b18e8b12ff5f2b988bf7668632bba7e865323d1d25d63458c0fda856

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        0dff126a18f47bc1f941ed399a4d25d9

                                        SHA1

                                        691cdb703b7434d4ecebfba2b7fdb9268830d171

                                        SHA256

                                        09913fc49a16708cd86236f62ea030a9b2f77a5d654b4711eef6ca6184b64efc

                                        SHA512

                                        d9355b29ef8241edeb85804bf1f5097016e7b72da74398c4147f1c4fffb8cb1df28e16876fe73a0d69f6c163483977f08ec52bb63065561651df0cf429cd42bb

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        4586f989bbe290a33474af952685a6a1

                                        SHA1

                                        dafaa5122eb2b8fb28b4d22744d5e334b0e3d014

                                        SHA256

                                        4d51611bf6a5bbac87a50441ec10621df88fa4dc13c4daecb730528efa006cee

                                        SHA512

                                        3bd76cf785cd61de74eaa06d32a26f70f7e948566882316cc55b6f41ddb1b0a0d31a655ea41c671c42c30ac11c217ba5ef8f47a9487011eaa7b072de4fc878a0

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        bc1ca7ef3982958b670fb35cfa90e3e7

                                        SHA1

                                        9aec72d5dcc5bd2f20137bcb27821e0075216eaa

                                        SHA256

                                        1f4f3a81bdc81938d1c43d1d13f57f26479eb46f28c3d0edce1641c4881d5140

                                        SHA512

                                        d59bcc9a75e916231220375f1ac0b1e6d0548973172accbc48bb537e4dbdbe1bba84c605bde60ce67ff3321ff0735fb21e3fd896fceb42a5d51aaac605c619de

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        881375e042371670dc82536ab15ab282

                                        SHA1

                                        ffbdcd721f4c2820d6078c8cf567a3ebf480f3b6

                                        SHA256

                                        dc4606931c875eac7c37c4bfae35ea9d4a32ab96d0bbaa7ff52c3e9ac51601cf

                                        SHA512

                                        8b1cd52e62f9f07e5388ddc8a9f632583898af2669eed0af42c96981af569513483c805dfe0efc30601fa9940007d564f8f49a90800c3805142bc4b7353d68f6

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        3536dc72ab834a627a010d67377ab4d7

                                        SHA1

                                        74e3258ba552a349eb78e51c4d122e56e765e954

                                        SHA256

                                        434855183c0138dac2009fdbbfcf33a8bd3eba4f75e7e00cde64305c5ae27778

                                        SHA512

                                        bbdf75f1cec9d69a099be9fddd8c8286518c5e1633d9d9b5c0c6f5b385f8132f3a4be985102317c8dfb8e16f8edeeeb807078ae2f2d2cf166d2bd778de64818f

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                        Filesize

                                        1KB

                                        MD5

                                        6df67ce957f67daffef4934edc2a4849

                                        SHA1

                                        f59d0e332f222af480f7484b1998c1a770e91b55

                                        SHA256

                                        fced99f0aca4480693ad609c4559e5d7de3286cbaf09aaff6ab2b32f897c3256

                                        SHA512

                                        aebe06fbb9dd29c79f2ee42c86dd8aff8f2fb29302dcf6508a5f5d571dada35cf7a05c051dce1386d317d93a7c5357f62a0181717d1b3480763870eb430919a0

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58468a.TMP

                                        Filesize

                                        1KB

                                        MD5

                                        7e7c8a03b543882278c5e46b965c7cbd

                                        SHA1

                                        6cb15ee2996c385493166e07399c40bb1d743445

                                        SHA256

                                        d7696aad2b0663ef5b36958173cd3ad95d52f675407907a5641a0f95dbfdc088

                                        SHA512

                                        59e41d907b399991f0a16c1adc12fbf51b473786efab94f43bbcd21778c9a2f086734557454d79946bd2e38db07b553f97a1d20002038bcbf489938b79e8fb8c

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        11KB

                                        MD5

                                        baba88a5f5b9d1b91c8a697676e92600

                                        SHA1

                                        b4c296b44213d2a1e24a96c557e458c7505c0b07

                                        SHA256

                                        d20740f131fe46314b438f2b2ab6e9fa8ee67a5ec6b9e685f36159e00b16106c

                                        SHA512

                                        ebbda688cbb6b3d9daebba4060fed325b6c933ca5df79e828d4a5bacf92bfd5df55c22459aed3a1d3d4d7f182320d1386a127e737c5b5b2ebb2cb08999b3b633

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        10KB

                                        MD5

                                        509a1a218b1f0d679c29a43b00eb5fcb

                                        SHA1

                                        9eb14fe5fe581b7ba078fa4017f70b33e6c1156d

                                        SHA256

                                        d6a99c387537999f43f7544d8d8bd2e513d1accfa41269843d9f0163df82858a

                                        SHA512

                                        2e37eb8e2e452318d04f127cf8141baa9cb1cc71736b5877184d28d14a6e2db351ee0c81b6ed056cd421057494533b13251b0b3dda5425d6b98298930b23b009

                                      • C:\Users\Admin\Downloads\Unconfirmed 374866.crdownload

                                        Filesize

                                        2.9MB

                                        MD5

                                        a219eea6caf651871f9a980725bf1244

                                        SHA1

                                        2750d54dd1fce44cc483160c0ac8235083171190

                                        SHA256

                                        893a8303f416ee05dae05c66bf0fc690894cfdbfc71ee455e45f3dc51b5efaee

                                        SHA512

                                        1fcf8a749b7475f98b354787a94a3656348a0723b3063b93845e6c2cd7f11dcdbb690bd0d6c9192f19f58eafa981da204f8064b9db4648ff8bdc814478b647c1

                                      We care about your privacy.

                                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.