Analysis
-
max time kernel
127s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03-09-2024 05:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
Resource
win10v2004-20240802-en
General
-
Target
http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 4 drive.google.com 13 drive.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3952 msedge.exe 3952 msedge.exe 1944 msedge.exe 1944 msedge.exe 4424 identity_helper.exe 4424 identity_helper.exe 1356 msedge.exe 1356 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe 1944 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1944 wrote to memory of 1192 1944 msedge.exe 85 PID 1944 wrote to memory of 1192 1944 msedge.exe 85 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 4920 1944 msedge.exe 86 PID 1944 wrote to memory of 3952 1944 msedge.exe 87 PID 1944 wrote to memory of 3952 1944 msedge.exe 87 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88 PID 1944 wrote to memory of 3864 1944 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc5946f8,0x7ffcfc594708,0x7ffcfc5947182⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:12⤵PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:12⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5536 /prefetch:82⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10884663643848465704,5076584252924742362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3120
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4896
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2144
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3876
Network
-
Remote address:8.8.8.8:53Requestdrive.google.comIN AResponsedrive.google.comIN A142.250.178.14
-
Remote address:142.250.178.14:80RequestGET /file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing HTTP/1.1
Host: drive.google.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 03 Sep 2024 05:15:37 GMT
Location: https://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 243
Server: GSE
-
Remote address:142.250.178.14:443RequestGET /file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing HTTP/2.0
host: drive.google.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request14.178.250.142.in-addr.arpaIN PTRResponse14.178.250.142.in-addr.arpaIN PTRlhr48s27-in-f141e100net
-
Remote address:8.8.8.8:53Request134.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestplay.google.comIN AResponseplay.google.comIN A142.250.200.14
-
Remote address:8.8.8.8:53Requestogs.google.comIN AResponseogs.google.comIN CNAMEwww3.l.google.comwww3.l.google.comIN A172.217.169.14
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A142.250.187.238
-
Remote address:142.250.200.14:443RequestPOST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 3549
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://drive.google.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
-
Remote address:8.8.8.8:53Requestssl.gstatic.comIN AResponsessl.gstatic.comIN A216.58.204.67
-
Remote address:8.8.8.8:53Requestogads-pa.googleapis.comIN AResponseogads-pa.googleapis.comIN A172.217.169.10ogads-pa.googleapis.comIN A142.250.179.234ogads-pa.googleapis.comIN A142.250.200.42ogads-pa.googleapis.comIN A216.58.212.234ogads-pa.googleapis.comIN A172.217.169.42ogads-pa.googleapis.comIN A142.250.187.234ogads-pa.googleapis.comIN A216.58.201.106ogads-pa.googleapis.comIN A142.250.200.10ogads-pa.googleapis.comIN A142.250.180.10ogads-pa.googleapis.comIN A216.58.204.74ogads-pa.googleapis.comIN A172.217.16.234ogads-pa.googleapis.comIN A216.58.212.202ogads-pa.googleapis.comIN A142.250.178.10ogads-pa.googleapis.comIN A142.250.187.202
-
GEThttps://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=msedge.exeRemote address:172.217.169.14:443RequestGET /widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm= HTTP/2.0
host: ogs.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
-
Remote address:216.58.204.67:443RequestGET /docs/common/cleardot.gif?zx=r6yy7htc9716 HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0msedge.exeRemote address:142.250.187.238:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1msedge.exeRemote address:142.250.187.238:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
-
OPTIONShttps://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDatamsedge.exeRemote address:172.217.169.10:443RequestOPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A74.125.193.84
-
GEThttps://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.commsedge.exeRemote address:74.125.193.84:443RequestGET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=iGTBfPlYjBWJigj3nmQ4lJ3WLpR3GUd3rOvTo4tUFRvNZkFJKbAxjw0ySLcb6KLoEA-xkqeRLhofYqSKV6kWKufbT2zNfFJUBTM3LgB3p-Ia7-3odQeMBUvN00keWX1iO-N_TuOfMfuUmlK2khr0IF27Upia-4ntRwNyPehmYLQ
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.179.228
-
Remote address:142.250.179.228:443RequestGET /images/hpp/Chrome_Owned_96x96.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=EqyL5dIU_iP2F7IfzmydpVXPcDi8oWWOzXuEAIf3_7zr5oEPzZBAMCQUmBSwxx6RYJnc33IkNb9rDyXJD78G9l_EwAG5t-c0ML7DKP6dNxpZFTAYguN_pHfqbQQmOXYmq3dvQTsu9ov43nUau0TF6MHari480FjdTJWXkg_kTCg
-
Remote address:8.8.8.8:53Request99.201.58.216.in-addr.arpaIN PTRResponse99.201.58.216.in-addr.arpaIN PTRprg03s02-in-f991e100net99.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f3�H99.201.58.216.in-addr.arpaIN PTRprg03s02-in-f3�H
-
Remote address:8.8.8.8:53Request74.204.58.216.in-addr.arpaIN PTRResponse74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f741e100net74.204.58.216.in-addr.arpaIN PTRlhr48s49-in-f10�H74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f10�H
-
Remote address:8.8.8.8:53Request14.200.250.142.in-addr.arpaIN PTRResponse14.200.250.142.in-addr.arpaIN PTRlhr48s29-in-f141e100net
-
Remote address:8.8.8.8:53Request14.169.217.172.in-addr.arpaIN PTRResponse14.169.217.172.in-addr.arpaIN PTRlhr25s26-in-f141e100net
-
Remote address:8.8.8.8:53Request238.187.250.142.in-addr.arpaIN PTRResponse238.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f141e100net
-
Remote address:8.8.8.8:53Request67.204.58.216.in-addr.arpaIN PTRResponse67.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f31e100net67.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f67�G67.204.58.216.in-addr.arpaIN PTRlhr48s49-in-f3�G
-
Remote address:8.8.8.8:53Request10.169.217.172.in-addr.arpaIN PTRResponse10.169.217.172.in-addr.arpaIN PTRlhr25s26-in-f101e100net
-
Remote address:8.8.8.8:53Request84.193.125.74.in-addr.arpaIN PTRResponse84.193.125.74.in-addr.arpaIN PTRdi-in-f841e100net84.193.125.74.in-addr.arpaIN PTRig-in-f84�B
-
Remote address:8.8.8.8:53Requestcontent.googleapis.comIN AResponsecontent.googleapis.comIN A172.217.16.234content.googleapis.comIN A142.250.200.10content.googleapis.comIN A142.250.187.234content.googleapis.comIN A142.250.200.42content.googleapis.comIN A172.217.169.10content.googleapis.comIN A142.250.187.202content.googleapis.comIN A142.250.179.234content.googleapis.comIN A216.58.204.74content.googleapis.comIN A142.250.180.10content.googleapis.comIN A172.217.169.42content.googleapis.comIN A142.250.178.10content.googleapis.comIN A216.58.201.106
-
Remote address:8.8.8.8:53Requestblobcomments-pa.clients6.google.comIN AResponseblobcomments-pa.clients6.google.comIN A142.250.187.202
-
OPTIONShttps://blobcomments-pa.clients6.google.com/v1/metadata?docId=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&revisionId=0B3wR5B-3bqzrMG5CZmMzNjVhdWQyaXpreFlkTnQrZmxJZzcwPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797msedge.exeRemote address:142.250.187.202:443RequestOPTIONS /v1/metadata?docId=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&revisionId=0B3wR5B-3bqzrMG5CZmMzNjVhdWQyaXpreFlkTnQrZmxJZzcwPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestdrive-thirdparty.googleusercontent.comIN AResponsedrive-thirdparty.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A142.250.187.225
-
GEThttps://drive-thirdparty.googleusercontent.com/16/type/application/vnd.microsoft.portable-executablemsedge.exeRemote address:142.250.187.225:443RequestGET /16/type/application/vnd.microsoft.portable-executable HTTP/2.0
host: drive-thirdparty.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.187.225:443RequestGET /16/type/Unknown/undefined HTTP/2.0
host: drive-thirdparty.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request202.187.250.142.in-addr.arpaIN PTRResponse202.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f101e100net
-
Remote address:8.8.8.8:53Request225.187.250.142.in-addr.arpaIN PTRResponse225.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f11e100net
-
Remote address:8.8.8.8:53Request234.16.217.172.in-addr.arpaIN PTRResponse234.16.217.172.in-addr.arpaIN PTRmad08s04-in-f101e100net234.16.217.172.in-addr.arpaIN PTRlhr48s28-in-f10�I
-
Remote address:8.8.8.8:53Requestpeoplestackwebexperiments-pa.clients6.google.comIN AResponsepeoplestackwebexperiments-pa.clients6.google.comIN A172.217.16.234
-
OPTIONShttps://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlagsmsedge.exeRemote address:172.217.16.234:443RequestOPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
OPTIONShttps://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlagsmsedge.exeRemote address:172.217.16.234:443RequestOPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestlh3.googleusercontent.comIN AResponselh3.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A142.250.187.225
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestdrive.usercontent.google.comIN AResponsedrive.usercontent.google.comIN A216.58.201.97
-
GEThttps://drive.usercontent.google.com/uc?id=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&export=downloadmsedge.exeRemote address:216.58.201.97:443RequestGET /uc?id=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&export=download HTTP/2.0
host: drive.usercontent.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=517=EqyL5dIU_iP2F7IfzmydpVXPcDi8oWWOzXuEAIf3_7zr5oEPzZBAMCQUmBSwxx6RYJnc33IkNb9rDyXJD78G9l_EwAG5t-c0ML7DKP6dNxpZFTAYguN_pHfqbQQmOXYmq3dvQTsu9ov43nUau0TF6MHari480FjdTJWXkg_kTCg
cookie: OGPC=19010599-2:
cookie: __Secure-ENID=22.SE=izC7OVHTU4mw_nX7d4C0lKTqyA7qcn0-7vHI5jWCMcuji7fSo_X2TVx7chI9edSwYzDydFFqo9W9p-wO8DBC-7h9edkPRCyVUwAP2C1Y4mDZMZVuMtpkQUzvIFAM8iaCObKecbqPfm1zq8t7FrlxA73JdLyq5KH0Eu7pIRKw_ctUyJbHpBXU1ecP
-
Remote address:8.8.8.8:53Request97.201.58.216.in-addr.arpaIN PTRResponse97.201.58.216.in-addr.arpaIN PTRprg03s02-in-f11e100net97.201.58.216.in-addr.arpaIN PTRprg03s02-in-f97�G97.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f1�G
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request134.71.91.104.in-addr.arpaIN PTRResponse134.71.91.104.in-addr.arpaIN PTRa104-91-71-134deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
190 B 156 B 4 3
-
142.250.178.14:80http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharinghttpmsedge.exe781 B 1.0kB 6 6
HTTP Request
GET http://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharingHTTP Response
301 -
142.250.178.14:443https://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharingtls, http2msedge.exe2.4kB 35.6kB 26 37
HTTP Request
GET https://drive.google.com/file/d/1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT/view?usp=sharing -
5.7kB 9.0kB 19 19
HTTP Request
POST https://play.google.com/log?format=json&hasfast=true -
172.217.169.14:443https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=tls, http2msedge.exe2.5kB 23.1kB 23 26
HTTP Request
GET https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm= -
216.58.204.67:443https://ssl.gstatic.com/docs/common/cleardot.gif?zx=r6yy7htc9716tls, http2msedge.exe1.8kB 6.5kB 14 15
HTTP Request
GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=r6yy7htc9716 -
999 B 5.6kB 9 8
-
142.250.187.238:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1tls, http2msedge.exe4.8kB 126.8kB 71 100
HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_0HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.h-1D-JOvizc.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo_3dbjO7NaEjkPT0PwzLRJUFrcOJQ/cb=gapi.loaded_1 -
172.217.169.10:443https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDatatls, http2msedge.exe1.8kB 6.8kB 14 15
HTTP Request
OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData -
74.125.193.84:443https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.comtls, http2msedge.exe2.4kB 7.7kB 16 17
HTTP Request
GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com -
2.2kB 13.0kB 20 22
HTTP Request
GET https://www.google.com/images/hpp/Chrome_Owned_96x96.png -
142.250.187.202:443https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&revisionId=0B3wR5B-3bqzrMG5CZmMzNjVhdWQyaXpreFlkTnQrZmxJZzcwPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797tls, http2msedge.exe2.1kB 12.2kB 16 20
HTTP Request
OPTIONS https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&revisionId=0B3wR5B-3bqzrMG5CZmMzNjVhdWQyaXpreFlkTnQrZmxJZzcwPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 -
1.0kB 10.8kB 10 11
-
142.250.187.225:443https://drive-thirdparty.googleusercontent.com/16/type/Unknown/undefinedtls, http2msedge.exe2.1kB 12.1kB 19 22
HTTP Request
GET https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.microsoft.portable-executableHTTP Request
GET https://drive-thirdparty.googleusercontent.com/16/type/Unknown/undefined -
1.1kB 11.3kB 11 12
-
172.217.16.234:443https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlagstls, http2msedge.exe2.2kB 12.3kB 19 21
HTTP Request
OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlagsHTTP Request
OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags -
216.58.201.97:443https://drive.usercontent.google.com/uc?id=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&export=downloadtls, http2msedge.exe2.2kB 7.4kB 14 16
HTTP Request
GET https://drive.usercontent.google.com/uc?id=1bnslbWVyB6KsoVguc9GX-YHfy8JGGKsT&export=download -
999 B 5.9kB 9 8
-
322 B 7
-
62 B 78 B 1 1
DNS Request
drive.google.com
DNS Response
142.250.178.14
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
14.178.250.142.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
134.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
8.8kB 45.2kB 56 76
-
61 B 77 B 1 1
DNS Request
play.google.com
DNS Response
142.250.200.14
-
60 B 97 B 1 1
DNS Request
ogs.google.com
DNS Response
172.217.169.14
-
61 B 98 B 1 1
DNS Request
apis.google.com
DNS Response
142.250.187.238
-
61 B 77 B 1 1
DNS Request
ssl.gstatic.com
DNS Response
216.58.204.67
-
69 B 293 B 1 1
DNS Request
ogads-pa.googleapis.com
DNS Response
172.217.169.10142.250.179.234142.250.200.42216.58.212.234172.217.169.42142.250.187.234216.58.201.106142.250.200.10142.250.180.10216.58.204.74172.217.16.234216.58.212.202142.250.178.10142.250.187.202
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
74.125.193.84
-
4.4kB 7.5kB 12 14
-
7.3kB 64.9kB 55 75
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.179.228
-
72 B 169 B 1 1
DNS Request
99.201.58.216.in-addr.arpa
-
72 B 171 B 1 1
DNS Request
74.204.58.216.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
14.200.250.142.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
14.169.217.172.in-addr.arpa
-
74 B 113 B 1 1
DNS Request
238.187.250.142.in-addr.arpa
-
72 B 169 B 1 1
DNS Request
67.204.58.216.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
10.169.217.172.in-addr.arpa
-
72 B 129 B 1 1
DNS Request
84.193.125.74.in-addr.arpa
-
91.7kB 17.2kB 107 86
-
5.8kB 16.1kB 23 30
-
68 B 260 B 1 1
DNS Request
content.googleapis.com
DNS Response
172.217.16.234142.250.200.10142.250.187.234142.250.200.42172.217.169.10142.250.187.202142.250.179.234216.58.204.74142.250.180.10172.217.169.42142.250.178.10216.58.201.106
-
81 B 97 B 1 1
DNS Request
blobcomments-pa.clients6.google.com
DNS Response
142.250.187.202
-
84 B 129 B 1 1
DNS Request
drive-thirdparty.googleusercontent.com
DNS Response
142.250.187.225
-
3.9kB 11.0kB 10 12
-
4.6kB 10.0kB 13 15
-
4.8kB 45.0kB 24 38
-
5.9kB 9.3kB 19 18
-
74 B 113 B 1 1
DNS Request
202.187.250.142.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
225.187.250.142.in-addr.arpa
-
73 B 142 B 1 1
DNS Request
234.16.217.172.in-addr.arpa
-
94 B 110 B 1 1
DNS Request
peoplestackwebexperiments-pa.clients6.google.com
DNS Response
172.217.16.234
-
4.4kB 9.9kB 15 19
-
71 B 116 B 1 1
DNS Request
lh3.googleusercontent.com
DNS Response
142.250.187.225
-
3.8kB 8.1kB 11 11
-
513 B 8
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
74 B 90 B 1 1
DNS Request
drive.usercontent.google.com
DNS Response
216.58.201.97
-
22.6kB 3.2MB 301 2358
-
72 B 169 B 1 1
DNS Request
97.201.58.216.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
134.71.91.104.in-addr.arpa
-
3.6kB 7.2kB 8 11
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa
-
8.4kB 3.1kB 11 10
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
41KB
MD50d17932e0626482afe8b6f310e47cb24
SHA178dd115cea950e82c6428486836b1975b6630573
SHA2561f5b32a1afcdf9092cf1f0bb84eae0a6be1c8b4ddeb4d2fc4d271d1314aab252
SHA51275e51a80add7329ddf91df268fe15a827931325283f15212b55a2dc41b76c1050863b0c0eecc4e7f20c069c0b8cf0c5b4e666ec9dca843c37a8e25867785edb1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize696B
MD52e8a9848ebe106754859ca4960799bf8
SHA164e37700cb7368ab5034568c1b9c1958c4796019
SHA2560daebe9db9f3df8af3ff9bd7dca0c65bc1aadcdd489efba054489d80b61c6ba5
SHA5122b4e1672475683f295cdc3f5a0a80c9f46bd493abcf7b0acde40885ef519dbb2d2fa572015ffc0c17321d48d31422cd7a00cd8d2a43f2682ef43934d746eea58
-
Filesize
3KB
MD587fdda11fcdc69ff25cd9b15c0af71a4
SHA11bf4c918d02b6c8c47381966fd38e3bbc27e5197
SHA2562dcce8509c4d8b74461453693859317f28408cf5e17407395f8dbd6f1fb094d5
SHA51281af38abcbe63e7ae2bc3cb965eaf994a34d157297c80dff8a673e0e9ed6d98e3093d744b18e8b12ff5f2b988bf7668632bba7e865323d1d25d63458c0fda856
-
Filesize
6KB
MD50dff126a18f47bc1f941ed399a4d25d9
SHA1691cdb703b7434d4ecebfba2b7fdb9268830d171
SHA25609913fc49a16708cd86236f62ea030a9b2f77a5d654b4711eef6ca6184b64efc
SHA512d9355b29ef8241edeb85804bf1f5097016e7b72da74398c4147f1c4fffb8cb1df28e16876fe73a0d69f6c163483977f08ec52bb63065561651df0cf429cd42bb
-
Filesize
6KB
MD54586f989bbe290a33474af952685a6a1
SHA1dafaa5122eb2b8fb28b4d22744d5e334b0e3d014
SHA2564d51611bf6a5bbac87a50441ec10621df88fa4dc13c4daecb730528efa006cee
SHA5123bd76cf785cd61de74eaa06d32a26f70f7e948566882316cc55b6f41ddb1b0a0d31a655ea41c671c42c30ac11c217ba5ef8f47a9487011eaa7b072de4fc878a0
-
Filesize
6KB
MD5bc1ca7ef3982958b670fb35cfa90e3e7
SHA19aec72d5dcc5bd2f20137bcb27821e0075216eaa
SHA2561f4f3a81bdc81938d1c43d1d13f57f26479eb46f28c3d0edce1641c4881d5140
SHA512d59bcc9a75e916231220375f1ac0b1e6d0548973172accbc48bb537e4dbdbe1bba84c605bde60ce67ff3321ff0735fb21e3fd896fceb42a5d51aaac605c619de
-
Filesize
6KB
MD5881375e042371670dc82536ab15ab282
SHA1ffbdcd721f4c2820d6078c8cf567a3ebf480f3b6
SHA256dc4606931c875eac7c37c4bfae35ea9d4a32ab96d0bbaa7ff52c3e9ac51601cf
SHA5128b1cd52e62f9f07e5388ddc8a9f632583898af2669eed0af42c96981af569513483c805dfe0efc30601fa9940007d564f8f49a90800c3805142bc4b7353d68f6
-
Filesize
7KB
MD53536dc72ab834a627a010d67377ab4d7
SHA174e3258ba552a349eb78e51c4d122e56e765e954
SHA256434855183c0138dac2009fdbbfcf33a8bd3eba4f75e7e00cde64305c5ae27778
SHA512bbdf75f1cec9d69a099be9fddd8c8286518c5e1633d9d9b5c0c6f5b385f8132f3a4be985102317c8dfb8e16f8edeeeb807078ae2f2d2cf166d2bd778de64818f
-
Filesize
1KB
MD56df67ce957f67daffef4934edc2a4849
SHA1f59d0e332f222af480f7484b1998c1a770e91b55
SHA256fced99f0aca4480693ad609c4559e5d7de3286cbaf09aaff6ab2b32f897c3256
SHA512aebe06fbb9dd29c79f2ee42c86dd8aff8f2fb29302dcf6508a5f5d571dada35cf7a05c051dce1386d317d93a7c5357f62a0181717d1b3480763870eb430919a0
-
Filesize
1KB
MD57e7c8a03b543882278c5e46b965c7cbd
SHA16cb15ee2996c385493166e07399c40bb1d743445
SHA256d7696aad2b0663ef5b36958173cd3ad95d52f675407907a5641a0f95dbfdc088
SHA51259e41d907b399991f0a16c1adc12fbf51b473786efab94f43bbcd21778c9a2f086734557454d79946bd2e38db07b553f97a1d20002038bcbf489938b79e8fb8c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5baba88a5f5b9d1b91c8a697676e92600
SHA1b4c296b44213d2a1e24a96c557e458c7505c0b07
SHA256d20740f131fe46314b438f2b2ab6e9fa8ee67a5ec6b9e685f36159e00b16106c
SHA512ebbda688cbb6b3d9daebba4060fed325b6c933ca5df79e828d4a5bacf92bfd5df55c22459aed3a1d3d4d7f182320d1386a127e737c5b5b2ebb2cb08999b3b633
-
Filesize
10KB
MD5509a1a218b1f0d679c29a43b00eb5fcb
SHA19eb14fe5fe581b7ba078fa4017f70b33e6c1156d
SHA256d6a99c387537999f43f7544d8d8bd2e513d1accfa41269843d9f0163df82858a
SHA5122e37eb8e2e452318d04f127cf8141baa9cb1cc71736b5877184d28d14a6e2db351ee0c81b6ed056cd421057494533b13251b0b3dda5425d6b98298930b23b009
-
Filesize
2.9MB
MD5a219eea6caf651871f9a980725bf1244
SHA12750d54dd1fce44cc483160c0ac8235083171190
SHA256893a8303f416ee05dae05c66bf0fc690894cfdbfc71ee455e45f3dc51b5efaee
SHA5121fcf8a749b7475f98b354787a94a3656348a0723b3063b93845e6c2cd7f11dcdbb690bd0d6c9192f19f58eafa981da204f8064b9db4648ff8bdc814478b647c1