hxxps://drive[.]google[.]com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Resubmissions

31/10/2024, 09:12 UTC

241031-k6b4vswrhk 6

31/10/2024, 09:08 UTC

241031-k35l1awbjn 6

Analysis

max time kernel
1800s
max time network
1728s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
31/10/2024, 09:12 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
1	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4400	msedge.exe
4400	msedge.exe
4144	msedge.exe
4144	msedge.exe
1048	identity_helper.exe
1048	identity_helper.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 4004	4400	msedge.exe	77
PID 4400 wrote to memory of 4004	4400	msedge.exe	77
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 3840	4400	msedge.exe	78
PID 4400 wrote to memory of 4548	4400	msedge.exe	79
PID 4400 wrote to memory of 4548	4400	msedge.exe	79
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80
PID 4400 wrote to memory of 3992	4400	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdcc063cb8,0x7ffdcc063cc8,0x7ffdcc063cd8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,1199662516061165481,8133302907566674221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

Network

DNS

drive.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.250.187.206
DNS

ocsp.digicert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
DNS

110.201.58.216.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f141e100net

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�I

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f110�I
DNS

drivefrontend-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN A

Response

drivefrontend-pa.clients6.google.com

IN A

142.250.180.10
DNS

10.180.250.142.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

people-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN A

Response

people-pa.clients6.google.com

IN A

142.250.179.234
DNS

234.179.250.142.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

nexusrules.officeapps.live.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.243.29
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.16.227
DNS

arc.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com

IN A

20.223.35.26
DNS

tse1.mm.bing.net

msedge.exe

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

arc.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

IN A

20.103.156.88
GET

https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

msedge.exe

Remote address:

142.250.187.206:443

Request

GET /drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD HTTP/2.0
host: drive.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://drive.google.com/_/drive_fe/_/ss/k=drive_fe.main.45oAmghznQ0.L.W.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=0/br=1/rs=AFB8gszG87BVPXvQpLAhGBs03zEsfAL0_Q?cb=101830483

msedge.exe

Remote address:

142.250.187.206:443

Request

GET /_/drive_fe/_/ss/k=drive_fe.main.45oAmghznQ0.L.W.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=0/br=1/rs=AFB8gszG87BVPXvQpLAhGBs03zEsfAL0_Q?cb=101830483 HTTP/2.0
host: drive.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
GET

https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=b?cb=101830483

msedge.exe

Remote address:

142.250.187.206:443

Request

GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=b?cb=101830483 HTTP/2.0
host: drive.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
GET

https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/exm=b/ed=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=RsR2Mc?cb=101830483

msedge.exe

Remote address:

142.250.187.206:443

Request

GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/exm=b/ed=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=RsR2Mc?cb=101830483 HTTP/2.0
host: drive.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
GET

https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=core?cb=101830483

msedge.exe

Remote address:

142.250.187.206:443

Request

GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=core?cb=101830483 HTTP/2.0
host: drive.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

www.gstatic.com

Remote address:

8.8.8.8:53

Request

www.gstatic.com

IN A

Response

www.gstatic.com

IN A

142.250.187.227
DNS

227.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.16.217.172.in-addr.arpa

IN PTR

Response

227.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f31e100net

227.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f3�H
DNS

ogs.google.com

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.16.238
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f14�I
DNS

self.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdcus16.centralus.cloudapp.azure.com

onedscolprdcus16.centralus.cloudapp.azure.com

IN A

52.182.143.213
DNS

ssl.gstatic.com

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.35
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

IN A

20.103.156.88
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR

Response
DNS

ssl.gstatic.com

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.16.227
DNS

ssl.gstatic.com

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.16.227
GET

https://apis.google.com/js/api.js

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /js/api.js HTTP/2.0
host: apis.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
GET

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

msedge.exe

Remote address:

172.217.16.227:443

Request

GET /images/branding/product/1x/drive_2020q4_48dp.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

msedge.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://drive-thirdparty.googleusercontent.com/32/type/application/rar

msedge.exe

Remote address:

142.250.187.193:443

Request

GET /32/type/application/rar HTTP/2.0
host: drive-thirdparty.googleusercontent.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=49&spid=49&hl=en-GB

msedge.exe

Remote address:

142.250.178.14:443

Request

GET /widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=49&spid=49&hl=en-GB HTTP/2.0
host: ogs.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
POST

https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dci8l9gfbaq0l%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.179.234:443

Request

POST /batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dci8l9gfbaq0l%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: people-pa.clients6.google.com
content-length: 604
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain; charset=UTF-8
accept: */*
origin: https://drive.google.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
GET

https://www.google.com/images/hpp/Chrome_Owned_96x96.png

msedge.exe

Remote address:

142.250.179.228:443

Request

GET /images/hpp/Chrome_Owned_96x96.png HTTP/2.0
host: www.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

172.217.16.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://ogs.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://play.google.com/log?format=json&hasfast=true

msedge.exe

Remote address:

172.217.16.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 3508
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://drive.google.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DeOvNWgBxQTHcB-IXvxwFHudGZBs61hzVQ7HQEWUt1whWRPv9tV3wmEatOdY2UabYiACgmgc_CfUIvUPEIQgZ84AVJhunJqcNIEawXYErHjUgFCWfd3PP_cCI09mMiA5p3qeb--Sh9PTjip6FrgpvI6l9h92i6LrpoqYcIzblMuBGU2U
cookie: OGPC=19010599-1:
GET

https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__ HTTP/2.0
host: contacts.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OGPC=19010599-1:
cookie: __Secure-ENID=23.SE=HfErdKcFUCD7RCGwY5ZaK2_6eO8RZW0pEdiPvaWd7zoNZdTF4EfacfgtSN90gqM4TS_qO4pEx8P4TWnc_lea-bAIKJA80piXdcbgvhROIwGahfvOXtjAgqhOhDx9u9sP1J82iSQaMc4mSX9M6a4yogUKD2QoLiIWGF8pgBJ0fTPtkp-mi_oVFBvJTw
cookie: NID=518=b5HQz8SmD1VkudBW8C-3_KvZaQgei1Mfb0OmadMbsrjyCmvjhkDiOQvTkVf971kyFfwEgEV4ARl_p53DB7ii2-GPuTsreu_yQ_GWQJwML11u8gq0dy9xv56_FlmqJkXTWRE39xBbU8UoSQS31i-1BQNiSZpluv1d1i_HwfDJDk_-PD3Jt14JQ-Mq

142.250.187.206:443

https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=core?cb=101830483

tls, http2

msedge.exe

32.6kB
1.1MB
564
828

HTTP Request

GET https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

HTTP Request

GET https://drive.google.com/_/drive_fe/_/ss/k=drive_fe.main.45oAmghznQ0.L.W.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=0/br=1/rs=AFB8gszG87BVPXvQpLAhGBs03zEsfAL0_Q?cb=101830483

HTTP Request

GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=b?cb=101830483

HTTP Request

GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/exm=b/ed=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=RsR2Mc?cb=101830483

HTTP Request

GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.LeY2GVaGcl8.2021.O/am=GIgAAwJMAwzmEEIABAAgExBA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gszrsCa-wuLfR_d8fufn1R-4AmZ_JQ/m=core?cb=101830483
216.58.201.110:443

https://apis.google.com/js/api.js

tls, http2

msedge.exe

2.2kB
12.7kB
21
25

HTTP Request

GET https://apis.google.com/js/api.js
172.217.16.227:443

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

tls, http2

msedge.exe

2.0kB
7.4kB
19
19

HTTP Request

GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png
142.250.180.10:443

drivefrontend-pa.clients6.google.com

tls, http2

msedge.exe

1.1kB
10.7kB
11
12
142.250.180.10:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

msedge.exe

3.3kB
13.0kB
31
40

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.187.193:443

https://drive-thirdparty.googleusercontent.com/32/type/application/rar

tls, http2

msedge.exe

2.1kB
11.7kB
21
23

HTTP Request

GET https://drive-thirdparty.googleusercontent.com/32/type/application/rar
142.250.178.14:443

https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=49&spid=49&hl=en-GB

tls, http2

msedge.exe

2.6kB
23.1kB
26
33

HTTP Request

GET https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=49&spid=49&hl=en-GB
142.250.179.234:443

https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dci8l9gfbaq0l%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

tls, http2

msedge.exe

3.1kB
12.6kB
23
26

HTTP Request

POST https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dci8l9gfbaq0l%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
142.250.179.228:443

https://www.google.com/images/hpp/Chrome_Owned_96x96.png

tls, http2

msedge.exe

2.3kB
12.7kB
23
25

HTTP Request

GET https://www.google.com/images/hpp/Chrome_Owned_96x96.png
172.217.16.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.9kB
8.5kB
18
20

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
172.217.16.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

msedge.exe

5.8kB
9.2kB
22
24

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
216.58.201.110:443

https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__

tls, http2

msedge.exe

2.9kB
19.8kB
26
28

HTTP Request

GET https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__
150.171.28.10:443

tse1.mm.bing.net

tls

1.6kB
7.3kB
17
15
150.171.28.10:443

tse1.mm.bing.net

tls

1.6kB
7.3kB
17
15
150.171.28.10:443

tse1.mm.bing.net

tls

1.6kB
7.3kB
17
15
150.171.28.10:443

tse1.mm.bing.net

tls

138.9kB
4.0MB
2876
2870
150.171.28.10:443

tse1.mm.bing.net

tls

1.6kB
7.3kB
17
15

8.8.8.8:53

drive.google.com

dns

msedge.exe

876 B
1.7kB
13
13

DNS Request

drive.google.com

DNS Response

142.250.187.206

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

apis.google.com

DNS Response

216.58.201.110

DNS Request

110.201.58.216.in-addr.arpa

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

142.250.180.10

DNS Request

10.180.250.142.in-addr.arpa

DNS Request

people-pa.clients6.google.com

DNS Response

142.250.179.234

DNS Request

234.179.250.142.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.243.29

DNS Request

ssl.gstatic.com

DNS Response

172.217.16.227

DNS Request

arc.msn.com

DNS Response

20.223.35.26

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10

DNS Request

arc.msn.com

DNS Response

20.103.156.88
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

861 B
1.6kB
13
13

DNS Request

133.32.126.40.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

www.gstatic.com

DNS Response

142.250.187.227

DNS Request

227.16.217.172.in-addr.arpa

DNS Request

ogs.google.com

DNS Response

142.250.178.14

DNS Request

play.google.com

DNS Response

172.217.16.238

DNS Request

238.16.217.172.in-addr.arpa

DNS Request

self.events.data.microsoft.com

DNS Response

52.182.143.213

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.35

DNS Request

arc.msn.com

DNS Response

20.103.156.88

DNS Request

54.120.234.20.in-addr.arpa

DNS Request

ssl.gstatic.com

DNS Request

ssl.gstatic.com

DNS Response

172.217.16.227

DNS Response

172.217.16.227
142.250.187.206:443

drive.google.com

https

msedge.exe

29.3kB
1.2MB
215
929
216.58.201.110:443

contacts.google.com

https

msedge.exe

13.3kB
503.6kB
98
381
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

7.4kB
66.1kB
60
83
142.250.180.10:443

ogads-pa.googleapis.com

https

msedge.exe

5.6kB
9.2kB
20
22
142.250.187.202:443

ogads-pa.googleapis.com

https

msedge.exe

3.9kB
6.5kB
10
10
142.250.187.193:443

drive-thirdparty.googleusercontent.com

https

msedge.exe

3.6kB
7.6kB
7
10
142.250.179.228:443

www.google.com

https

msedge.exe

3.9kB
7.4kB
10
11
172.217.16.238:443

play.google.com

https

msedge.exe

18.9kB
10.2kB
27
26
172.217.16.238:443

play.google.com

https

msedge.exe

3.7kB
7.3kB
10
13
224.0.0.251:5353

msedge.exe

580 B
9
142.250.187.206:443

drive.google.com

https

msedge.exe

40.7kB
5.8kB
39
28
172.217.16.238:443

play.google.com

https

msedge.exe

5.9kB
3.0kB
10
10
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
15
15
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
15
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
15
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.5kB
14
14
172.217.16.227:443

ssl.gstatic.com

https

msedge.exe

2.8kB
3.4kB
14
14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4eeaaeed-61bb-4999-91eb-96fb3cc8a43e.tmp

Filesize
3KB

MD5
796762380ab136eaa9c5f44706392b7e

SHA1
5ce3d4297af8d850dad6ac5ed882bd68c31c75ae

SHA256
18e4fc49c223a9043348e4c332f037ea99adca0afd8534c836b8c326c6f62f42

SHA512
f3a6ea4cdebfa2c380760e457e3365e9687c310b7d28a08e8c0de39ca8255c586014c6b6e551ab26752459e141f21c303255695e391d07b60be96e4c8ba91c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
ed2b5463fa7082fb41342d1debbe0c89

SHA1
6dbd79bd41ba5c78015f6db6709137e2a78b7c77

SHA256
287ae2f5ee843e24b1bbb79f197bd11313ee64725ec8541319244417e0738708

SHA512
05bdec14ba8878ddf74bc1c5db11413eba6c6c0f9a95b4bb13dc4bd2a412277301cb57d58b4cc48fb08a2fc1703f82f2653ec2d34dbd91773355cbefa0131c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
f7377e3891d3c2332785bfc9807d2811

SHA1
e2e820f7e416bda4a1f2c2cb33b6d67209e0d8ad

SHA256
99786994fc81ee3c351f8ccf1268f9048f71e40f3f98b741618e240d1e0d96a1

SHA512
4eee536985cfacce5d6acfc66d6edfaff7e476c903d28786f8ca86919895a479a9d01edc60d5bd58177646e5ff382b0a1e14d53261c9a137fa6dd90131fffee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
87c8d1464adb9ecb8f8ba963974a2559

SHA1
45f03347d15334fafe942c3014b027405374f3b4

SHA256
74fcaf0c784c821749eca1b85c4ab0d35c900725525ea51445638446bd17a986

SHA512
eedcc94f7c8b94f2700ea58ddd06ce3bcdc4bcc0fcd8889695723a62fece2d20ad540f788e769bacaa3df2426ccfa997bf7b1dcc358ab60d20dfd3541801ce49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f2e27699e1c7ba201ea720ba76f1f9ac

SHA1
1329b2ee2c3f35ae92c909aafc4de9e0049935f2

SHA256
737a77318bbb60488227355baeb1cb0bb5f1f4d734d19d2ed942d91826d2abf2

SHA512
c775ad2a41631645a87a4d9ab2d9e4d8971934fadae2a5f855ca355175797dba19057f471f3791b254dca42f937dcb73ecee6eabac10c0d997309d4f46cf5117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
523f8f1c5c1fd4bd3dc333a9b8b18928

SHA1
df73fef52ce08dfdc906a308b23f4f3633d53bfd

SHA256
497ecb4aeb9e8e4cc96e7e377603dbe0730258d8513cd0092915f97a978d1957

SHA512
7559cbb1fb043e37fd213de228832adb412207ea6dd2dc4fbd3f5f9f23da1508ef8ff31143c28a6010827b840fea3c9540c0a970d37121c4b73b33ff55e779fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
51635dc08c84e3a553e00a40834a2a02

SHA1
997009ba141ee53c04b66252c33825557013a5ba

SHA256
6a7f49630a052fc59ace4d8929dff17ed2c1b282c185119fff96d8506f00f4a9

SHA512
3eb710c20c9f1836687e0c9aafa2b25ea41c439cd1c2af76c2a9a4dc26c16269d9a15b8c3feda749163adb71110ca6b0e18cdf81243dfe04540eba92b5ef0183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
313a01ff75485e2e35054a598fdbf57a

SHA1
7e691342870ae310a12c0191c734effd9e822f0d

SHA256
4bab66bd134b0900643df5e54e8d8b69bb352503589de922b0de84e4d06d9ec5

SHA512
fcc9f63db64957dc5031826b9e4f0642249586c38b3216ae9efc0f6b72011065f17c19d6938e48f5cadfec99c889a3334699fecb31d2a26fc7a95bfd6c28b9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
64afb4e9c086744b098549d9ef1d4ecd

SHA1
9c8e64dc53bc2b3d1d1723ee39ddef0dad48ffbb

SHA256
66e407eb2c36f9da49f5d9bf973447e372b2bc55b5641d537272cb752d240e3f

SHA512
14d5094d63a88571c89f6d6fc99e11c1cf3ff70e8d9e66539d9b4205fb097b8a4aa1443c53072d7943aeabd8ab48e42f97ad1194fb37fab3dbe7fc0fa23c3938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4358fd1cd0ec615d622ed973691dad89

SHA1
0d5d7358a3e3c24a8048bc683772a49609fd6e8b

SHA256
b2a445674043b62a5818bc41f162ba3e7c184dfefeaaaf120add76e1657c2b3a

SHA512
1c95c069ba3625bd769aced2fdaeab8ab35699b23ddc8cd44eb04f053ad223ef55bf571ca16ce7fe855b22c6ecc1e4716c55f0db77e4354d980095c45a29a06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1b2069fbab302d6bde24fce294a7258a

SHA1
f6da6b11171bdb5e5b2911af75fc2cbb83330257

SHA256
b54fbb04809bb5c4fc054bc17b4c13061cb50658403bb4b0a8fead799a09b4b3

SHA512
36e97f7f5ed2ed76ef4c39a93be23b9e58e6c93c8f0a5eb550cd5dea647b61080e78352c3f5084b37d3e820501def1cd06aa370bd4492684cdd14ba7e08295b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
740362f91b7ada06e93878398417bbea

SHA1
fb7fe7275cca1e9d7a94e85328a444271baddc45

SHA256
9f8d96c1c4a5be7de0335ea0701bc26bbcc6f023c5718fc2e9575baa3dd0cbf8

SHA512
b29a776123368a47dae06fae166e0557704c5a64328b96a1f0900e9ed8565a11c5355c2773aff3e607fe7916a802f5f2b246726ee89acac755610a3c167970af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
40523332af558eb18b7fa264403e9392

SHA1
a29ecfa677131fc6891bc702fce0c9ce09df72f7

SHA256
c09cfc682f9362a00fee9875b29b8cfb2affa2396001a8a0b8968cc9ed1e642f

SHA512
83148653ccef630a26c147b4bc25e5ac580d91bfed9bd4a57b9ff8222d7e5680481bb24df3cfa0656e176c5420bf2a293601ad4180f9fe3beaa03d831841a32a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8d57da75efafeef08d6cf32ee6d4b839

SHA1
c62b347aea658acabdd25e1ee50df4b3f8390695

SHA256
222182babaccda6ad848c8a0de11861fc14aeaa75a7297c96828884162784909

SHA512
5e1a960d9c6463b61657c9d7d7f0cf82ca1d03f0a34b89f4d663f1c2e3c3851e69773933e324b1a75a1dab25ad3d0cfa04d8c665d5442c695508b21c3dc83c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
41913f29bc9cac683fa4e3563d304432

SHA1
a4c69810de0dce2a66424a4f4f4d8bcc053499ce

SHA256
0ca660bfbea4b413da9a90546621a0ed1a995bb82a409bdb2e5c9f4a6390afd4

SHA512
08d9aaecceedb3650af78b8f77badc7edfdf96c0a2555d56a8ca9c428f90e955331a0575f55aa6b601240659efd07b00aaf4c839da1b29c15e81836b3f2b48a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4e0becf3e4d3e6f0ed71808c76711e83

SHA1
2ab3808dd2a77043d6be61fb7799ccc510971c2f

SHA256
54e821e809fa21ccab79fc52e12fd37e10bb78d1a185aeedacd4fac5b48226ad

SHA512
99348c64458e6022fec6d44d4159951b42a31d1485263fbf5e81519f65b93096825c55fb438f3b340eb4eb3b485acf463941f130a4f70996f50b2e57c1e9c544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1f5986c3288d9b6cedaff04a5fc582ba

SHA1
e70d5605dd3bffe2ff1851779c1b98ea5d17b789

SHA256
1e9a47a589502812faa8b54ce05632109411da6bf55538219045e59ac7781518

SHA512
dcf655400fb92c58d7dfdb600a7974e442d11a41054a9f45a95e862c8b717f5bbc10b5ddcb71217b1022df6d46409b5d1820f9a12a6b38f6d4446e51691979d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
348aa4aeaa185deee753cd06180b3182

SHA1
70af6bf8d459f0d36ac0b6cff89b925037a71bb5

SHA256
5782fd2effdcc4853ba968c6efa6fa833297663e6e990411c2d41a4061e6538e

SHA512
3ad2baaec9f4d2b495f4799b2798bfd9edbb4f09c91e651eb068a9f4510665b33c798d9faf04fe8b357ca30d1a22b9afa25c418703758fa702deacfd4d80a778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5fe49b41bb3d235ce6a9b165a19441df

SHA1
e3f48005ef0dae5b7d2265be93062286a9d2a490

SHA256
ef6faeb041fd5985d69104b7f5741e3cc6daf6ab280dabb1acb3ce6d3bbc9efa

SHA512
fde31c2c9ffcf6722d9b0a73f48029261a514393c48606a8cdc467de5663386abe7641d43136f89e9e0a5b0eb33ca2ff06d58e6259a74607e597d730ab8078ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6730657a061e98112548e1dbfca2055

SHA1
7289f80ad03a8a585e192e40480fe1b17fd8eb89

SHA256
cf27a6b2248ee024ad31baac3864be954494d7632faab5c5c69b80255f63ada9

SHA512
7a1aaebb5e2d5eb5ad6cb30542659bf398438dedbf0e9139fa670565f3dfd924c0f6856a9b1b562c1b0a4cf0cb17a76525e50b829fcc21d8f7037d3fc20a255f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27290b142e4a111baa7379b9e08f88e9

SHA1
63de5d4aa8602fedc7b1eef11802ac8b440378b8

SHA256
f20b1cbe6b97bd3ab6b87651720a54760ac4cd04dbdcfa344b8aebbbeab80cfd

SHA512
7f72098e97fbab2cd9d6a5d0bbcb8d26c0fd1b7e464f25b5a399532d2c30a1b66f3d7c536e29325d623c8a32e4a6cd51a52e87ec0c7b216874dc56388892e81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c6f4ff0e2a7fb18d7bf67a3ae2a2d162

SHA1
928dfc1c24ea37feb06e920cd697ee2bc82a80ed

SHA256
f892b1f5148bee3a47b7e464b79114a7939e121ff2728699fb5850385e4bedd1

SHA512
6242fdacc731248c6a9621cef9d60175d568e519aa0ed13953bebfce1fb6aa895eb3fbd34a61ab0095a515e0900d10b6fbb276a6c102dbc84899211a6a9cc4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587c6e.TMP

Filesize
1KB

MD5
064b53a866b41f8752a679cb04ebb8f4

SHA1
2096f2ef17d0438c082518f39a72682e2cb89919

SHA256
8b3618e7df6a8f9a0d4e064011e2ddf1bfd76c43602564a6f614955c5e5c8f2c

SHA512
48b2a140a35a7640ea99fcb17151493ee559189ac03489e7b0a0ad1e2def3d684b3c2f42f17c2ea5d7f0fcef0837b06aa2d3c7bf823cef8314f7f7adab1487ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b5e3c35de1e89e3175ab5cf441af18e

SHA1
953932f6e75edf0454cd3cbad899ef859e78d585

SHA256
69c8de9729184027b04e88ad6eccc8e80b5f64eb06c4921c0dd366d29b340732

SHA512
e02a2845a3b6bdd01675bba31fe27c3daf6f532be1bb85ff5325302c80e049a1c3c44c579eb71404a918cc9585cdf93cd8e7abb7bfe321f2d5a1f22d3d9d8091

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.