Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 19:02 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharing
Resource
win10v2004-20241007-en
General
-
Target
https://drive.google.com/file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharing
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 10 drive.google.com 12 drive.google.com -
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8AEC7724-9ECD-11EF-A7EA-5EA348B38F9D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE -
Modifies registry class 13 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\apk_auto_file\shell\open\command OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\apk_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.apk OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\apk_auto_file OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\apk_auto_file\shell\edit OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\apk_auto_file\shell\edit\command OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\apk_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\apk_auto_file\shell\open OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.apk\ = "apk_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\apk_auto_file\shell OpenWith.exe -
Opens file in notepad (likely ransom note) 3 IoCs
pid Process 5568 NOTEPAD.EXE 5728 NOTEPAD.EXE 6048 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 32 IoCs
pid Process 5080 msedge.exe 5080 msedge.exe 4356 msedge.exe 4356 msedge.exe 2996 identity_helper.exe 2996 identity_helper.exe 5528 msedge.exe 5528 msedge.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 4348 msedge.exe 4348 msedge.exe 4348 msedge.exe 4348 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 5784 OpenWith.exe 5348 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeRestorePrivilege 4564 7zG.exe Token: 35 4564 7zG.exe Token: SeSecurityPrivilege 4564 7zG.exe Token: SeSecurityPrivilege 4564 7zG.exe -
Suspicious use of FindShellTrayWindow 46 IoCs
pid Process 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 5948 AcroRd32.exe 4564 7zG.exe 5404 iexplore.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe -
Suspicious use of SetWindowsHookEx 53 IoCs
pid Process 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5784 OpenWith.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5948 AcroRd32.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5348 OpenWith.exe 5404 iexplore.exe 5404 iexplore.exe 3824 IEXPLORE.EXE 3824 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4356 wrote to memory of 4680 4356 msedge.exe 83 PID 4356 wrote to memory of 4680 4356 msedge.exe 83 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 4136 4356 msedge.exe 84 PID 4356 wrote to memory of 5080 4356 msedge.exe 85 PID 4356 wrote to memory of 5080 4356 msedge.exe 85 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86 PID 4356 wrote to memory of 2288 4356 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharing1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff6e146f8,0x7ffff6e14708,0x7ffff6e147182⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:82⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:5376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5444 /prefetch:82⤵PID:5384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5528
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TeddyLauncherV2.apk2⤵
- Opens file in notepad (likely ransom note)
PID:5728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:4436
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TeddyLauncherV2.apk2⤵
- Opens file in notepad (likely ransom note)
PID:6048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8196786311773096805,1339714362356456334,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4348
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1540
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2412
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5756
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5784 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\TeddyLauncherV2.apk"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5948 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
PID:5156 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=67D236BBD6BF29173449E7AFACF46521 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:2780
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=928263FC201D3D99D3267F8066F01484 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=928263FC201D3D99D3267F8066F01484 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:3344
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E05E1A5E492A24E5BBD3E6D88A72992A --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5560
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C96CBA8CDA956F491428DCBD8D3B35C5 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5728
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=41142EC9458A36D877553934B6374D1C --mojo-platform-channel-handle=2360 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5916
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=274A419C11D9FB0A97069320C2D2A43B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=274A419C11D9FB0A97069320C2D2A43B --renderer-client-id=8 --mojo-platform-channel-handle=2516 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:5872
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5556
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5348 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TeddyLauncherV2.apk2⤵
- Opens file in notepad (likely ransom note)
PID:5568
-
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\TeddyLauncherV2\" -ad -an -ai#7zMap31319:92:7zEvent222891⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4564
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Downloads\TeddyLauncherV2\AndroidManifest.xml"1⤵PID:2212
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\TeddyLauncherV2\AndroidManifest.xml2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5404 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5404 CREDAT:17410 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3824
-
-
Network
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestdrive.google.comIN AResponsedrive.google.comIN A142.250.187.206
-
Remote address:142.250.187.206:443RequestGET /file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharing HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request106.209.201.84.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.187.250.142.in-addr.arpaIN PTRResponse206.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f141e100net
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestogs.google.comIN AResponseogs.google.comIN CNAMEwww3.l.google.comwww3.l.google.comIN A216.58.201.110
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A216.58.201.110
-
Remote address:8.8.8.8:53Requestogads-pa.googleapis.comIN AResponseogads-pa.googleapis.comIN A216.58.204.74ogads-pa.googleapis.comIN A142.250.178.10ogads-pa.googleapis.comIN A216.58.212.234ogads-pa.googleapis.comIN A142.250.200.42ogads-pa.googleapis.comIN A142.250.200.10ogads-pa.googleapis.comIN A142.250.179.234ogads-pa.googleapis.comIN A172.217.169.10ogads-pa.googleapis.comIN A142.250.180.10ogads-pa.googleapis.comIN A216.58.201.106ogads-pa.googleapis.comIN A142.250.187.202ogads-pa.googleapis.comIN A142.250.187.234ogads-pa.googleapis.comIN A216.58.212.202ogads-pa.googleapis.comIN A216.58.213.10ogads-pa.googleapis.comIN A172.217.16.234
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0msedge.exeRemote address:216.58.201.110:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=MRag9bfxfgv-cdha8sNJ3Eh2Fzjg3xdhRvD1rar3HaGOB9I7bjoupITXNHBJyoT3gKSbjeYLO9IXCsIZzhILt8_c3jaMgMnFLSBfRqOvt8AZVtRlJ81pMzOcc2izK1G8ea015kYely-jGJAeoxVBtwYgHPYX0RVhFzT25LHrx_s4htU
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_1msedge.exeRemote address:216.58.201.110:443RequestGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=MRag9bfxfgv-cdha8sNJ3Eh2Fzjg3xdhRvD1rar3HaGOB9I7bjoupITXNHBJyoT3gKSbjeYLO9IXCsIZzhILt8_c3jaMgMnFLSBfRqOvt8AZVtRlJ81pMzOcc2izK1G8ea015kYely-jGJAeoxVBtwYgHPYX0RVhFzT25LHrx_s4htU
-
GEThttps://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=msedge.exeRemote address:216.58.201.110:443RequestGET /widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm= HTTP/2.0
host: ogs.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=MRag9bfxfgv-cdha8sNJ3Eh2Fzjg3xdhRvD1rar3HaGOB9I7bjoupITXNHBJyoT3gKSbjeYLO9IXCsIZzhILt8_c3jaMgMnFLSBfRqOvt8AZVtRlJ81pMzOcc2izK1G8ea015kYely-jGJAeoxVBtwYgHPYX0RVhFzT25LHrx_s4htU
-
OPTIONShttps://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDatamsedge.exeRemote address:216.58.204.74:443RequestOPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestplay.google.comIN AResponseplay.google.comIN A172.217.16.238
-
Remote address:172.217.16.238:443RequestPOST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 3998
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://drive.google.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=MRag9bfxfgv-cdha8sNJ3Eh2Fzjg3xdhRvD1rar3HaGOB9I7bjoupITXNHBJyoT3gKSbjeYLO9IXCsIZzhILt8_c3jaMgMnFLSBfRqOvt8AZVtRlJ81pMzOcc2izK1G8ea015kYely-jGJAeoxVBtwYgHPYX0RVhFzT25LHrx_s4htU
-
Remote address:8.8.8.8:53Requestyoutube.googleapis.comIN AResponseyoutube.googleapis.comIN A142.250.187.234youtube.googleapis.comIN A142.250.200.10youtube.googleapis.comIN A216.58.204.74youtube.googleapis.comIN A172.217.16.234youtube.googleapis.comIN A216.58.213.10youtube.googleapis.comIN A216.58.212.202youtube.googleapis.comIN A172.217.169.42youtube.googleapis.comIN A216.58.201.106youtube.googleapis.comIN A142.250.180.10youtube.googleapis.comIN A142.250.200.42youtube.googleapis.comIN A142.250.179.234youtube.googleapis.comIN A172.217.169.74youtube.googleapis.comIN A216.58.212.234youtube.googleapis.comIN A142.250.187.202youtube.googleapis.comIN A142.250.178.10
-
Remote address:8.8.8.8:53Requestssl.gstatic.comIN AResponsessl.gstatic.comIN A172.217.16.227
-
Remote address:172.217.16.227:443RequestGET /docs/common/cleardot.gif?zx=y64twrblr2fu HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.180.4
-
Remote address:142.250.180.4:443RequestGET /images/hpp/Chrome_Owned_96x96.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=MRag9bfxfgv-cdha8sNJ3Eh2Fzjg3xdhRvD1rar3HaGOB9I7bjoupITXNHBJyoT3gKSbjeYLO9IXCsIZzhILt8_c3jaMgMnFLSBfRqOvt8AZVtRlJ81pMzOcc2izK1G8ea015kYely-jGJAeoxVBtwYgHPYX0RVhFzT25LHrx_s4htU
-
Remote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A173.194.69.84
-
GEThttps://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.commsedge.exeRemote address:173.194.69.84:443RequestGET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DVYmEUQWLu1UVEvCozqVI_teU-rou73PWtXQUMSKOL9rhSBDIeZxN5rECywFfjD0TclFp_U5UoDcWMX6tppQopL1n-ohz29hfgKlY9xkJNv73-Op6NUJIEBB_Ozta8GTKCEzKIPUvxyRK8QiWV16VtQLxPPrzZY0oFgj9ToH8UsFQmzr-QUiqd8
-
Remote address:8.8.8.8:53Request227.187.250.142.in-addr.arpaIN PTRResponse227.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f31e100net
-
Remote address:8.8.8.8:53Request10.178.250.142.in-addr.arpaIN PTRResponse10.178.250.142.in-addr.arpaIN PTRlhr48s27-in-f101e100net
-
Remote address:8.8.8.8:53Request35.200.250.142.in-addr.arpaIN PTRResponse35.200.250.142.in-addr.arpaIN PTRlhr48s30-in-f31e100net
-
Remote address:8.8.8.8:53Request110.201.58.216.in-addr.arpaIN PTRResponse110.201.58.216.in-addr.arpaIN PTRprg03s02-in-f1101e100net110.201.58.216.in-addr.arpaIN PTRprg03s02-in-f14�J110.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f14�J
-
Remote address:8.8.8.8:53Request74.204.58.216.in-addr.arpaIN PTRResponse74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f101e100net74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f74�H74.204.58.216.in-addr.arpaIN PTRlhr48s49-in-f10�H
-
Remote address:8.8.8.8:53Request227.16.217.172.in-addr.arpaIN PTRResponse227.16.217.172.in-addr.arpaIN PTRmad08s04-in-f31e100net227.16.217.172.in-addr.arpaIN PTRlhr48s28-in-f3�H
-
Remote address:8.8.8.8:53Request234.187.250.142.in-addr.arpaIN PTRResponse234.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f101e100net
-
Remote address:8.8.8.8:53Request4.180.250.142.in-addr.arpaIN PTRResponse4.180.250.142.in-addr.arpaIN PTRlhr25s32-in-f41e100net
-
Remote address:8.8.8.8:53Request84.69.194.173.in-addr.arpaIN PTRResponse84.69.194.173.in-addr.arpaIN PTRef-in-f841e100net
-
Remote address:8.8.8.8:53Requestcontent.googleapis.comIN AResponsecontent.googleapis.comIN A216.58.204.74content.googleapis.comIN A142.250.180.10content.googleapis.comIN A142.250.200.42content.googleapis.comIN A172.217.169.42content.googleapis.comIN A216.58.201.106content.googleapis.comIN A216.58.213.10content.googleapis.comIN A216.58.212.202content.googleapis.comIN A142.250.187.234content.googleapis.comIN A172.217.169.74content.googleapis.comIN A142.250.179.234content.googleapis.comIN A172.217.16.234content.googleapis.comIN A142.250.200.10content.googleapis.comIN A142.250.178.10content.googleapis.comIN A142.250.187.202content.googleapis.comIN A172.217.169.10
-
Remote address:8.8.8.8:53Requestblobcomments-pa.clients6.google.comIN AResponseblobcomments-pa.clients6.google.comIN A142.250.200.10
-
OPTIONShttps://blobcomments-pa.clients6.google.com/v1/metadata?docId=14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ&revisionId=0B81XTW65YAjqMFM3TFNpWVR1eUM5NDBkL3U1c3BpcnRFbnBjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797msedge.exeRemote address:142.250.200.10:443RequestOPTIONS /v1/metadata?docId=14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ&revisionId=0B81XTW65YAjqMFM3TFNpWVR1eUM5NDBkL3U1c3BpcnRFbnBjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestdrive-thirdparty.googleusercontent.comIN AResponsedrive-thirdparty.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A216.58.213.1
-
Remote address:8.8.8.8:53Requestdrive-thirdparty.googleusercontent.comIN A
-
Remote address:8.8.8.8:53Request10.200.250.142.in-addr.arpaIN PTRResponse10.200.250.142.in-addr.arpaIN PTRlhr48s29-in-f101e100net
-
GEThttps://drive-thirdparty.googleusercontent.com/16/type/application/vnd.android.package-archivemsedge.exeRemote address:216.58.213.1:443RequestGET /16/type/application/vnd.android.package-archive HTTP/2.0
host: drive-thirdparty.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request1.213.58.216.in-addr.arpaIN PTRResponse1.213.58.216.in-addr.arpaIN PTRlhr25s25-in-f11e100net1.213.58.216.in-addr.arpaIN PTRber01s14-in-f1�F
-
Remote address:8.8.8.8:53Requestdrive.usercontent.google.comIN AResponsedrive.usercontent.google.comIN A172.217.16.225
-
GEThttps://drive.usercontent.google.com/uc?id=14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ&export=downloadmsedge.exeRemote address:172.217.16.225:443RequestGET /uc?id=14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ&export=download HTTP/2.0
host: drive.usercontent.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=518=DVYmEUQWLu1UVEvCozqVI_teU-rou73PWtXQUMSKOL9rhSBDIeZxN5rECywFfjD0TclFp_U5UoDcWMX6tppQopL1n-ohz29hfgKlY9xkJNv73-Op6NUJIEBB_Ozta8GTKCEzKIPUvxyRK8QiWV16VtQLxPPrzZY0oFgj9ToH8UsFQmzr-QUiqd8
cookie: OGPC=19010599-1:
cookie: __Secure-ENID=23.SE=NN-5FMQnxlidPxPE9kc5t6YB_cLOfE9UHh299zP2MbZ-l4uUz0DCfi7MxwX4p193EB3yKQ1lSHGrrDwZQCh31vus5TZb6gepO-whGgkGqXPFcaDJnZOOW6kbvSPEOtAUeCUDWFGWBZAU7jsotCDJURiMek_ENe54xjOHg7emu0WMB-hjLVKya5xU_A
-
Remote address:8.8.8.8:53Request225.16.217.172.in-addr.arpaIN PTRResponse225.16.217.172.in-addr.arpaIN PTRlhr48s28-in-f11e100net225.16.217.172.in-addr.arpaIN PTRmad08s04-in-f1�H
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.117.19.2.in-addr.arpaIN PTRResponse75.117.19.2.in-addr.arpaIN PTRa2-19-117-75deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestwww.adobe.comIN AResponsewww.adobe.comIN CNAMEstls.adobe.com-cn.edgesuite.netstls.adobe.com-cn.edgesuite.netIN CNAMEstls.adobe.com-cn.edgesuite.net.globalredir.akadns.netstls.adobe.com-cn.edgesuite.net.globalredir.akadns.netIN CNAMEa1815.dscr.akamai.neta1815.dscr.akamai.netIN A2.19.117.34a1815.dscr.akamai.netIN A2.19.117.8
-
Remote address:8.8.8.8:53Requestwww.adobe.comIN AResponsewww.adobe.comIN CNAMEstls.adobe.com-cn.edgesuite.netstls.adobe.com-cn.edgesuite.netIN CNAMEstls.adobe.com-cn.edgesuite.net.globalredir.akadns.netstls.adobe.com-cn.edgesuite.net.globalredir.akadns.netIN CNAMEa1815.dscr.akamai.neta1815.dscr.akamai.netIN A2.19.117.34a1815.dscr.akamai.netIN A2.19.117.8
-
Remote address:2.19.117.34:80RequestPROPFIND /go/homeacrordrunified18_2018 HTTP/1.1
Accept: */*
Depth: 1
User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 19.10.20064 )
Host: www.adobe.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 501 Not Implemented
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 383
Expires: Sat, 09 Nov 2024 19:03:28 GMT
Date: Sat, 09 Nov 2024 19:03:28 GMT
Connection: close
Server-Timing: sis; desc=0
Akamai-Cache-Status: NotCacheable from child
Akamai-GRN-www.adobe.com: 0.a24bdd58.1731179008.4c4a2924
Server-Timing: ak_p; desc="1731179008715_1490897826_1279928612_10_7095_23_0_-";dur=1
-
Remote address:2.19.117.34:80RequestPROPFIND /go/homeacrordrunified18_2018 HTTP/1.1
Accept: */*
Depth: 1
User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 19.10.20064 )
Host: www.adobe.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 501 Not Implemented
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 383
Expires: Sat, 09 Nov 2024 19:03:28 GMT
Date: Sat, 09 Nov 2024 19:03:28 GMT
Connection: close
Server-Timing: sis; desc=0
Akamai-Cache-Status: NotCacheable from child
Akamai-GRN-www.adobe.com: 0.a24bdd58.1731179008.4c4a29bd
Server-Timing: ak_p; desc="1731179008801_1490897826_1279928765_10_7235_20_0_-";dur=1
-
Remote address:2.19.117.34:80RequestPROPFIND /go/homeacrordrunified18_2018 HTTP/1.1
Accept: */*
Depth: 1
User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 19.10.20064 )
Host: www.adobe.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 501 Not Implemented
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 383
Expires: Sat, 09 Nov 2024 19:03:29 GMT
Date: Sat, 09 Nov 2024 19:03:29 GMT
Connection: close
Server-Timing: sis; desc=0
Akamai-Cache-Status: NotCacheable from child
Akamai-GRN-www.adobe.com: 0.a24bdd58.1731179009.4c4a2abd
Server-Timing: ak_p; desc="1731179008936_1490897826_1279929021_12_7433_0_0_-";dur=1
-
Remote address:8.8.8.8:53Request34.117.19.2.in-addr.arpaIN PTRResponse34.117.19.2.in-addr.arpaIN PTRa2-19-117-34deploystaticakamaitechnologiescom
-
Remote address:2.19.117.34:80RequestGET /go/homeacrordrunified18_2018 HTTP/1.1
Accept: */*
User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 19.10.20064 )
Host: www.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://www.adobe.com/go/homeacrordrunified18_2018
Date: Sat, 09 Nov 2024 19:03:29 GMT
Connection: keep-alive
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Server-Timing: sis; desc=0
Akamai-Cache-Status: NotCacheable from child
Akamai-GRN-www.adobe.com: 0.a24bdd58.1731179009.4c4a2d14
Server-Timing: ak_p; desc="1731179009238_1490897826_1279929620_11_7487_21_0_-";dur=1
-
Remote address:2.19.117.34:80RequestPROPFIND /go/homeacrordrunified18_2018 HTTP/1.1
Accept: */*
Depth: 1
User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 19.10.20064 )
Host: www.adobe.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 501 Not Implemented
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 383
Expires: Sat, 09 Nov 2024 19:03:31 GMT
Date: Sat, 09 Nov 2024 19:03:31 GMT
Connection: close
Server-Timing: sis; desc=0
Akamai-Cache-Status: NotCacheable from child
Akamai-GRN-www.adobe.com: 0.a24bdd58.1731179011.4c4a2d27
Server-Timing: ak_p; desc="1731179011411_1490897826_1279929639_8_7212_21_0_-";dur=1
-
Remote address:2.19.117.34:443RequestGET /go/homeacrordrunified18_2018 HTTP/1.1
Accept: */*
User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 19.10.20064 )
Connection: Keep-Alive
Cache-Control: no-cache
Host: www.adobe.com
ResponseHTTP/1.1 301 Moved Permanently
Content-Length: 0
Server: Apache
Location: https://www.adobe.com/content/dam/dx-dc/en/pdfs/Welcome.pdf
X-Adobe-Cache: MISS
Cache-Control: max-age=795
Date: Sat, 09 Nov 2024 19:03:29 GMT
Connection: keep-alive
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=18
Server-Timing: origin; dur=0
Server-Timing: sis; desc=0
Akamai-Cache-Status: Miss from child, Redirect from parent
Akamai-GRN-www.adobe.com: 0.a24bdd58.1731179009.4c4a3026
Strict-Transport-Security: max-age=15768000
Server-Timing: ak_p; desc="1731179009293_1490897826_1279930406_2030_5511_23_375_-";dur=1
-
Remote address:2.19.117.34:443RequestGET /content/dam/dx-dc/en/pdfs/Welcome.pdf HTTP/1.1
Accept: */*
User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 19.10.20064 )
Connection: Keep-Alive
Cache-Control: no-cache
Host: www.adobe.com
ResponseHTTP/1.1 200 OK
Content-Type: application/pdf
Content-Length: 1734720
Server: Apache
X-Adobe-Content: AEM-www
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Adobe-Loc: ew1
X-Adobe-Source: 128.75
X-Content-Type-Options: nosniff
X-Adobe-Cache: MISS
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sun, 10 Nov 2024 01:03:29 GMT
Date: Sat, 09 Nov 2024 19:03:29 GMT
Connection: keep-alive
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Server-Timing: sis; desc=0
Akamai-Cache-Status: Hit from child
Akamai-GRN-www.adobe.com: 0.a24bdd58.1731179009.4c4a327b
Strict-Transport-Security: max-age=15768000
Server-Timing: ak_p; desc="1731179009981_1490897826_1279931003_50_7749_22_0_-";dur=1
-
Remote address:8.8.8.8:53Request204.20.192.23.in-addr.arpaIN PTRResponse204.20.192.23.in-addr.arpaIN PTRa23-192-20-204deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request204.20.192.23.in-addr.arpaIN PTRResponse204.20.192.23.in-addr.arpaIN PTRa23-192-20-204deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request71.117.19.2.in-addr.arpaIN PTRResponse71.117.19.2.in-addr.arpaIN PTRa2-19-117-71deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request71.117.19.2.in-addr.arpaIN PTRResponse71.117.19.2.in-addr.arpaIN PTRa2-19-117-71deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.179.228
-
Remote address:8.8.8.8:53Request228.179.250.142.in-addr.arpaIN PTRResponse228.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f41e100net
-
Remote address:8.8.8.8:53Requestssl.gstatic.comIN AResponsessl.gstatic.comIN A142.250.200.35
-
142.250.187.206:443https://drive.google.com/file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharingtls, http2msedge.exe2.5kB 35.4kB 27 40
HTTP Request
GET https://drive.google.com/file/d/14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ/view?usp=sharing -
216.58.201.110:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_1tls, http2msedge.exe5.8kB 122.9kB 93 96
HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_1 -
216.58.201.110:443https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=tls, http2msedge.exe2.4kB 23.0kB 20 26
HTTP Request
GET https://ogs.google.com/widget/callout?prid=19016403&pgid=19010599&puid=1b10da64bfa91688&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm= -
216.58.204.74:443https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDatatls, http2msedge.exe1.8kB 6.7kB 14 14
HTTP Request
OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData -
6.1kB 8.8kB 18 17
HTTP Request
POST https://play.google.com/log?format=json&hasfast=true -
172.217.16.227:443https://ssl.gstatic.com/docs/common/cleardot.gif?zx=y64twrblr2futls, http2msedge.exe1.8kB 6.6kB 15 15
HTTP Request
GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=y64twrblr2fu -
2.2kB 12.9kB 20 21
HTTP Request
GET https://www.google.com/images/hpp/Chrome_Owned_96x96.png -
173.194.69.84:443https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.comtls, http2msedge.exe2.4kB 7.7kB 16 17
HTTP Request
GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com -
142.250.200.10:443https://blobcomments-pa.clients6.google.com/v1/metadata?docId=14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ&revisionId=0B81XTW65YAjqMFM3TFNpWVR1eUM5NDBkL3U1c3BpcnRFbnBjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797tls, http2msedge.exe2.1kB 12.2kB 17 20
HTTP Request
OPTIONS https://blobcomments-pa.clients6.google.com/v1/metadata?docId=14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ&revisionId=0B81XTW65YAjqMFM3TFNpWVR1eUM5NDBkL3U1c3BpcnRFbnBjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 -
216.58.213.1:443https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.android.package-archivetls, http2msedge.exe1.9kB 12.2kB 15 17
HTTP Request
GET https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.android.package-archive -
172.217.16.225:443https://drive.usercontent.google.com/uc?id=14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ&export=downloadtls, http2msedge.exe2.3kB 7.5kB 15 16
HTTP Request
GET https://drive.usercontent.google.com/uc?id=14B4oJ9II5rDyYUSUa1-M1dZBuJsuRCcJ&export=download -
999 B 5.9kB 9 8
-
506 B 1.0kB 6 5
HTTP Request
PROPFIND http://www.adobe.com/go/homeacrordrunified18_2018HTTP Response
501 -
506 B 1.0kB 6 5
HTTP Request
PROPFIND http://www.adobe.com/go/homeacrordrunified18_2018HTTP Response
501 -
828 B 1.1kB 8 6
HTTP Request
PROPFIND http://www.adobe.com/go/homeacrordrunified18_2018HTTP Response
501 -
788 B 1.6kB 8 7
HTTP Request
GET http://www.adobe.com/go/homeacrordrunified18_2018HTTP Response
301HTTP Request
PROPFIND http://www.adobe.com/go/homeacrordrunified18_2018HTTP Response
501 -
66.1kB 1.8MB 1301 1294
HTTP Request
GET https://www.adobe.com/go/homeacrordrunified18_2018HTTP Response
301HTTP Request
GET https://www.adobe.com/content/dam/dx-dc/en/pdfs/Welcome.pdfHTTP Response
200
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
62 B 78 B 1 1
DNS Request
drive.google.com
DNS Response
142.250.187.206
-
73 B 133 B 1 1
DNS Request
106.209.201.84.in-addr.arpa
-
74 B 113 B 1 1
DNS Request
206.187.250.142.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
60 B 97 B 1 1
DNS Request
ogs.google.com
DNS Response
216.58.201.110
-
61 B 98 B 1 1
DNS Request
apis.google.com
DNS Response
216.58.201.110
-
69 B 293 B 1 1
DNS Request
ogads-pa.googleapis.com
DNS Response
216.58.204.74142.250.178.10216.58.212.234142.250.200.42142.250.200.10142.250.179.234172.217.169.10142.250.180.10216.58.201.106142.250.187.202142.250.187.234216.58.212.202216.58.213.10172.217.16.234
-
4.3kB 10.7kB 13 17
-
3.8kB 7.3kB 8 10
-
61 B 77 B 1 1
DNS Request
play.google.com
DNS Response
172.217.16.238
-
68 B 308 B 1 1
DNS Request
youtube.googleapis.com
DNS Response
142.250.187.234142.250.200.10216.58.204.74172.217.16.234216.58.213.10216.58.212.202172.217.169.42216.58.201.106142.250.180.10142.250.200.42142.250.179.234172.217.169.74216.58.212.234142.250.187.202142.250.178.10
-
61 B 77 B 1 1
DNS Request
ssl.gstatic.com
DNS Response
172.217.16.227
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.180.4
-
5.6kB 18.4kB 19 21
-
6.1kB 64.0kB 41 58
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
173.194.69.84
-
29.7kB 10.4kB 40 35
-
74 B 112 B 1 1
DNS Request
227.187.250.142.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
10.178.250.142.in-addr.arpa
-
73 B 111 B 1 1
DNS Request
35.200.250.142.in-addr.arpa
-
73 B 173 B 1 1
DNS Request
110.201.58.216.in-addr.arpa
-
72 B 171 B 1 1
DNS Request
74.204.58.216.in-addr.arpa
-
73 B 140 B 1 1
DNS Request
227.16.217.172.in-addr.arpa
-
74 B 113 B 1 1
DNS Request
234.187.250.142.in-addr.arpa
-
72 B 110 B 1 1
DNS Request
4.180.250.142.in-addr.arpa
-
72 B 105 B 1 1
DNS Request
84.69.194.173.in-addr.arpa
-
68 B 308 B 1 1
DNS Request
content.googleapis.com
DNS Response
216.58.204.74142.250.180.10142.250.200.42172.217.169.42216.58.201.106216.58.213.10216.58.212.202142.250.187.234172.217.169.74142.250.179.234172.217.16.234142.250.200.10142.250.178.10142.250.187.202172.217.169.10
-
3.8kB 12.4kB 15 19
-
81 B 97 B 1 1
DNS Request
blobcomments-pa.clients6.google.com
DNS Response
142.250.200.10
-
7.0kB 10.5kB 15 14
-
5.5kB 41.4kB 26 37
-
168 B 129 B 2 1
DNS Request
drive-thirdparty.googleusercontent.com
DNS Request
drive-thirdparty.googleusercontent.com
DNS Response
216.58.213.1
-
4.1kB 11.0kB 12 13
-
73 B 112 B 1 1
DNS Request
10.200.250.142.in-addr.arpa
-
71 B 138 B 1 1
DNS Request
1.213.58.216.in-addr.arpa
-
74 B 90 B 1 1
DNS Request
drive.usercontent.google.com
DNS Response
172.217.16.225
-
426.2kB 84.7MB 6182 62021
-
73 B 140 B 1 1
DNS Request
225.16.217.172.in-addr.arpa
-
462 B 7
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
3.7kB 7.2kB 8 11
-
70 B 133 B 1 1
DNS Request
75.117.19.2.in-addr.arpa
-
118 B 466 B 2 2
DNS Request
www.adobe.com
DNS Request
www.adobe.com
DNS Response
2.19.117.342.19.117.8
DNS Response
2.19.117.342.19.117.8
-
70 B 133 B 1 1
DNS Request
34.117.19.2.in-addr.arpa
-
144 B 274 B 2 2
DNS Request
204.20.192.23.in-addr.arpa
DNS Request
204.20.192.23.in-addr.arpa
-
140 B 266 B 2 2
DNS Request
71.117.19.2.in-addr.arpa
DNS Request
71.117.19.2.in-addr.arpa
-
3.7kB 3.3kB 9 10
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
3.6kB 6.3kB 18 17
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.179.228
-
2.9kB 13.2kB 12 17
-
74 B 112 B 1 1
DNS Request
228.179.250.142.in-addr.arpa
-
61 B 77 B 1 1
DNS Request
ssl.gstatic.com
DNS Response
142.250.200.35
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
64KB
MD5f0b2775d33a3f60cd153d5d88bffff89
SHA1581b3068d2e2f07470a9afe7b7cd9e8438ec5114
SHA256ca8506cdff979fc815f50515f0c6b3f8797fecb81ae8cff8a6d4f07c160061f4
SHA512a98c467155e55cf76231764780d150feacb91e9680bc26f02f0b6c3625713afab733a133654df54fe1a7f04ad0d15d574fc16bd91682199fbd6fb2eb68d1919d
-
Filesize
12KB
MD5a15625dad7f02a05670c17b4556cc0c4
SHA1a64dc303ff268decb610b784f9b0cbe8180dfa35
SHA2563d94c354215069fbfa417408be706441899e25d8eacf72cbad9846f752d979cd
SHA512250928e8b694dfccf17d3902fdd569542eec605c085faea9f8dc7c6f5d54118e40bd4395b872985e4ed3770feecb186fcf2ae1e0c0be93d99577a2e806316a19
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD5819a01937b73fdf9995b96a3a2d301ae
SHA1365fc8d5da5ea0a8fb86aed191595d96f811c0a8
SHA256d95644e9a8e2ded778be2fa859ac5d314b2aee8d1e5f1f4d944133cd240c155c
SHA512f9320cad9161c845feb3531de9cfd699499333b1ca62cc7dd17912258a108d91c9904a89d30775c7fbcff568f61f529ee78949a28e2225d7e0c97dd3f3ebb7d0
-
Filesize
3KB
MD5e9a24d771fef4a73d3275f087e050185
SHA1040707f72ae4d03efcb20e120924a916a38d4c2a
SHA256a5f02fe8eac805a878a63b33dc793fb17f8c197c445de875bc20a927c0a461c2
SHA512fd8daca95c4279dcf0306a1df20302ded2211ec14a12846531ea3dd95e793b3593eabb98ddf813bad9052503119eca05e740a7b52d91d1972542c13cfcd289df
-
Filesize
3KB
MD53972e9989b8784015f0c2941362f9a1e
SHA1520d46ef2b0fe41db0b467251f9dee9143da4779
SHA256d3dba48abcf324ba4ddb80c5315bd01f5d25388c7714647c45ae98bb539066fc
SHA51211651553ec00c49e6c7097805273875a3dcf53d852b147cee8d689904cd79f7ed319f220399957abb870589a3b63a4a9aa53555501c1f28312063855f9d59c55
-
Filesize
6KB
MD5f17cb228511b788d81d97a0bfcda4d84
SHA1b18b5d52dbac5ab1e11a330305cc90be878ed42c
SHA25606847cfb6da2001d89a83c3bd96cada03de27dccadc4c7bb4a8fc8fb4ebe3087
SHA5122afec2648fcc42482fbed9196c33daf309fb047cbbf06c710e00a096ac3e91794edf2e4f95a46e3353b637502d73fe2dfad2331bb82abd6571c9a1aa1a8a0772
-
Filesize
7KB
MD508965445eee9450d2ab865a35e37b6ac
SHA11662f46c0ef2279f3166dba16877a52e365b6446
SHA256bdb0b478884be0ad53df1e90f7ebdae7bef1ec1de11ba3a71188c6db9db206f9
SHA512bde30ab94f3c79553f84bee764b44a9d7bd82cccc39c075e3b19627c38caeff0f675a75cc2ba2ba45558cb0f0c91b405dcbd82336be6dd6d8f982a1ac0bfca30
-
Filesize
5KB
MD5d3a5af7d58de459faa6d7f564452817d
SHA150fce6da5d178fdbc3b105510a47bd088c9f2e1e
SHA2564efeff8ceaaf526ea292b8fea1e4a8c1600e8389880635d42766badb8cd35411
SHA5124338f2dc4a505f7ed509a87d54d376b1ee96a7d119f6b1fe3efe67699a5d268f142e367c7b520e1b2bc9ce4696104cbf08ac57c391640e7b942d546d55cbe679
-
Filesize
6KB
MD5e3e4966469c248a05ad64dc880ca69a7
SHA14a849804b67093cfeb8af92ee9371d2f98f5bc23
SHA256b748c9427f45f0dc6ddc4f69b4deaac317ae9f1340d47f044dfe915d8c9030c7
SHA51283d58f316312b498ea406f0d8c350b773c3deaeec56dd12f32be363f11337dd3d4cc91c20fe8a80dd4ac8901dd247fb6a565b682ab22caba8133dc15b36775e1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bf29878098633f11f0297d1d05a48a04
SHA11910ccef5c255145c70273a8a2755a487b1b3549
SHA25652ba228921ad9b23366520e4ca46ed3831919e16fbe52ae8953e1ef1b8fd3284
SHA5122fe0aa6f58e66d7874fa2275ff858a5a0d4d96fb12113231c5a4ae17e43f6f57cb8689cc15868b12cfd8a37102695ed15d1cf8aea164f5bac2943fd6edbaa3f5
-
Filesize
10KB
MD5332b2cd29c6b649df400b67d5af5079e
SHA1f942907dfeb3521644479a8f91f8b650bab7a599
SHA25663ced2a13fa9e7ff84aa23ee464131cba6ac17cdc0aec4114b7bc2ac7d3cf1e6
SHA51241bd1e15ebd2201ec7afd7bb3ffa9abddaac3e4d5dcf50aedd7ce48b49b2703977a210268fc28957aa6a009dc5b66bb276e4bde1c9a67b09f5b590acf9a57778
-
Filesize
10KB
MD553bdeb86262f67fab9ff8a8616a95663
SHA19c7763084f3e2df252910ec84004a75dd7f34dd4
SHA2567550f75ec3f3545e0cc35e38e6e9e75344cb9c12ff4a1638b3e11f70a8be1a92
SHA512d25f351f7c39d4b013a69d3ef2093428141f1246b8ab433ff358085fbd76018e90b11d61512ca64e3cc1430b05a6e6a31eab9e6268e36423e82ea096f9be8693
-
Filesize
4KB
MD554fa4cec4be04f311d0b637b688b64ca
SHA14292dbdba244d6a54a4243be908d4ed5e30c4860
SHA25661e283840f6c0bef4f0899081c843339cb8ca72ffb0f41805d100d3516e526de
SHA5126bd075b87380c13493859f8de48187c605f8f4ea0a9a1d1f00793208d39fc826bf3b6fd7966d047542e838b5abf0110b43f030ab3a0df26c0550611bbef94e2f
-
Filesize
6B
MD5c9e47dbb0e1927076ed7b2e1ec157be7
SHA1c538b66c7110ca3a028ccfe422d0f1fa200a9935
SHA25659854984853104df5c353e2f681a15fc7924742f9a2e468c29af248dce45ce03
SHA512c6e5081ce77f5971474ff994acc1b8887818f3007a4e3db32c91640203906f0bd2df3012441c9e1b6c1ae4e54dfea465ec23034092779cf6852aece45bf1df21
-
Filesize
6B
MD54049400e232490d58f1e26d9ab973a03
SHA1cf744bd007850b04601dc865815ec0f5e60c6970
SHA2561e5b51cde515396a9fa762909cf8ca6584ccc564b325d2eebeea76175fe95c4d
SHA5128da6b544889de1985ee82a224a8a8a40dcc4a2eea849ae98a9806655a88ffd5a9931d910cc0b0463742dafb10554c3e312565f0a4829fa6fb723033e227309aa
-
C:\Users\Admin\Downloads\TeddyLauncherV2\META-INF\androidx.lifecycle_lifecycle-viewmodel-savedstate.version
Filesize6B
MD590d03bebeb88f1b007f47b68aaeb9893
SHA19a1a4bc4ca9e44b3ccf4c764cb670aae41b078a0
SHA25699600f6a7bfe6c33ebd1a2518f44a861a67afc40c25da42bc622595716529584
SHA512f2dd4209f2ff2a09aaa63267411caaaf0434ba9e1df833add86dbb4b1c96397670e3173b22ecf087bf9fe8236a703e8fb080e14c12fed081c3710b57993b0925
-
Filesize
6B
MD530a04cf33ee91a3ecf4b75c71268f316
SHA105e17b646a817240c206186f94f8f4c70974d5dc
SHA2561575e1af4a95f12f70b4ee6a6adce8160953d93ea17dc2611b90883ccc3ad3b8
SHA51245068042776137c07c26a0a005777fed7966ee689c1eef6a4bf3500857aadcb026eca047e6c0665482273dead269de7c810ccbf5753aa71703ae79272f278c51
-
C:\Users\Admin\Downloads\TeddyLauncherV2\META-INF\androidx.versionedparcelable_versionedparcelable.version
Filesize6B
MD5375e8a39ec9331ddd89c8acbeb620028
SHA13b1c4a149729cc044e1a39df31b3628cdbf5f895
SHA256cc52f678848b814373757b460383bf61960e4943c203735adde0a350b3e50989
SHA51232bac321e3df5237d7e66c72179befdc5ce68ca80eaa2766705c31d84d20e0409df49a39a521c2bd7e6783513395834c1a75240f97f2405a5fd914e1e15864dc
-
Filesize
6B
MD5fad559d22a5329a1ac596bbef9e2c9e2
SHA17223cdd0ba007d056ed9cf20936fee53968ab70a
SHA2566430a242e9486093ef6f71d9086d48f61ba102f0d2fb0f5b95334c6007a46db3
SHA51264676d311742a12b58ced632491ed358ddd6dbe6cb4f9109e571c04d3c056a7c162fe726394181e3b44c74e502d096b1798b7e4db542e84a57ee7215487ac0c3
-
Filesize
124B
MD58b40c428b5b0d9ad329f439e73363216
SHA1d84478ee99eba9d8c5af5a09189a7de687be8b72
SHA2569b0ac791a3fa953e28b526e020fd2e629b40812ee1bc4693ff5fdfef15044202
SHA512f13ff9cd26405117470729075a37f8db56eb287e906f6710d80a36cc0c798e6e2904c0eb8745169a2b1cfcea3bee4b55be3c85748fb96e8bf7000d9bcf4a31be