hxxps://drive[.]google[.]com/file/d/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9/view?usp=sharing

Analysis

max time kernel
90s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2024, 22:01 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
3	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758360947102170"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
680	chrome.exe
680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeShutdownPrivilege	680	chrome.exe
Token: SeCreatePagefilePrivilege	680	chrome.exe
Token: SeRestorePrivilege	4840	7zG.exe
Token: 35	4840	7zG.exe
Token: SeSecurityPrivilege	4840	7zG.exe
Token: SeSecurityPrivilege	4840	7zG.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
4840	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 680 wrote to memory of 4432	680	chrome.exe	83
PID 680 wrote to memory of 4432	680	chrome.exe	83
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 1668	680	chrome.exe	84
PID 680 wrote to memory of 4140	680	chrome.exe	85
PID 680 wrote to memory of 4140	680	chrome.exe	85
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86
PID 680 wrote to memory of 3032	680	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd65ffcc40,0x7ffd65ffcc4c,0x7ffd65ffcc58
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2132,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4624,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5232,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5404,i,12076642233281246820,1153360164647237330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:4528

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4320

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap28329:122:7zEvent13804
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4840

Network

DNS

drive.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.250.187.206
GET

https://drive.google.com/file/d/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9/view?usp=sharing

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /file/d/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9/view?usp=sharing HTTP/2.0
host: drive.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CMaBywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
GET

https://drive.google.com/auth_warmup

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /auth_warmup HTTP/2.0
host: drive.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CMaBywE=
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=g3rDxGQw-Hp4hiwwO_IHHOJNfqBjPMqCd8LE_pzZ6oKxLgVo5Nbij3NY9sMDBqSxW9KJsMln-uKc-Of4Qtru0zMX8VFOHaIrPZw4SFrwLnxGB7_L5YCDlyxm2aKqz0vb89T1dZ5SKq42Ujdf2hshz0gm6DxkzAlz9TqgQ4-8kUbIsFg
GET

https://drive.google.com/drivesharing/clientmodel?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.com

chrome.exe

Remote address:

142.250.187.206:443

Request

GET /drivesharing/clientmodel?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.com HTTP/2.0
host: drive.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CMaBywE=
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=g3rDxGQw-Hp4hiwwO_IHHOJNfqBjPMqCd8LE_pzZ6oKxLgVo5Nbij3NY9sMDBqSxW9KJsMln-uKc-Of4Qtru0zMX8VFOHaIrPZw4SFrwLnxGB7_L5YCDlyxm2aKqz0vb89T1dZ5SKq42Ujdf2hshz0gm6DxkzAlz9TqgQ4-8kUbIsFg
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

42.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.169.217.172.in-addr.arpa

IN PTR

Response

42.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f101e100net
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

ogads-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

216.58.212.202

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

172.217.169.10

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

172.217.169.42

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

142.250.187.234
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

172.217.169.74:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

172.217.169.74:443

Request

POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
content-length: 70
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
content-type: application/json+protobuf
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://drive.google.com
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

youtube.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

216.58.212.202

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

142.250.178.10

youtube.googleapis.com

IN A

172.217.169.10

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

216.58.212.234
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=g3rDxGQw-Hp4hiwwO_IHHOJNfqBjPMqCd8LE_pzZ6oKxLgVo5Nbij3NY9sMDBqSxW9KJsMln-uKc-Of4Qtru0zMX8VFOHaIrPZw4SFrwLnxGB7_L5YCDlyxm2aKqz0vb89T1dZ5SKq42Ujdf2hshz0gm6DxkzAlz9TqgQ4-8kUbIsFg
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_1

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=g3rDxGQw-Hp4hiwwO_IHHOJNfqBjPMqCd8LE_pzZ6oKxLgVo5Nbij3NY9sMDBqSxW9KJsMln-uKc-Of4Qtru0zMX8VFOHaIrPZw4SFrwLnxGB7_L5YCDlyxm2aKqz0vb89T1dZ5SKq42Ujdf2hshz0gm6DxkzAlz9TqgQ4-8kUbIsFg
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.16.238
DNS

ssl.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.16.227
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

172.217.16.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 4034
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://drive.google.com
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=g3rDxGQw-Hp4hiwwO_IHHOJNfqBjPMqCd8LE_pzZ6oKxLgVo5Nbij3NY9sMDBqSxW9KJsMln-uKc-Of4Qtru0zMX8VFOHaIrPZw4SFrwLnxGB7_L5YCDlyxm2aKqz0vb89T1dZ5SKq42Ujdf2hshz0gm6DxkzAlz9TqgQ4-8kUbIsFg
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

172.217.16.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 6961
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://drive.google.com
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=g3rDxGQw-Hp4hiwwO_IHHOJNfqBjPMqCd8LE_pzZ6oKxLgVo5Nbij3NY9sMDBqSxW9KJsMln-uKc-Of4Qtru0zMX8VFOHaIrPZw4SFrwLnxGB7_L5YCDlyxm2aKqz0vb89T1dZ5SKq42Ujdf2hshz0gm6DxkzAlz9TqgQ4-8kUbIsFg
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

172.217.16.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 17268
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://drive.google.com
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=FBC4n8cRG8BveYSvKaPGBmXxTgyEpU87JxmfVJjOSVdMKH61gQskt-Ld0DYbmK2cDHMSOmCetyyvlwTszzYPxlx7SZJToaTwz-KZdctv7N-LsZ37Aiij4rqdS-rjUa1sF_ZYeJMlKDSSP7TKCmvu0WszCXDaz2dfTe9oFwlduSuzDjqSU4VYwTo
GET

https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite60.svg

chrome.exe

Remote address:

172.217.16.227:443

Request

GET /docs/common/viewer/v3/v-sprite60.svg HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.gstatic.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=heojzqvazesf

chrome.exe

Remote address:

172.217.16.227:443

Request

GET /docs/common/cleardot.gif?zx=heojzqvazesf HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_2_archive_x16.png

chrome.exe

Remote address:

172.217.16.227:443

Request

GET /docs/doclist/images/mediatype/icon_2_archive_x16.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_1_folder_x16.png

chrome.exe

Remote address:

172.217.16.227:443

Request

GET /docs/doclist/images/mediatype/icon_1_folder_x16.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

173.194.69.84
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.179.234
GET

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com

chrome.exe

Remote address:

173.194.69.84:443

Request

GET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=g3rDxGQw-Hp4hiwwO_IHHOJNfqBjPMqCd8LE_pzZ6oKxLgVo5Nbij3NY9sMDBqSxW9KJsMln-uKc-Of4Qtru0zMX8VFOHaIrPZw4SFrwLnxGB7_L5YCDlyxm2aKqz0vb89T1dZ5SKq42Ujdf2hshz0gm6DxkzAlz9TqgQ4-8kUbIsFg
GET

https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&osid=1&passive=1209600&ifkv=AcMMx-foJZ8MjPGTLr8f9M2n_jRZMm6H1DQHHPi8U9W1OvI3zvDz7v8jKiv29ea-L8OgdyQ4DH4TOA

chrome.exe

Remote address:

173.194.69.84:443

Request

GET /InteractiveLogin?continue=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&osid=1&passive=1209600&ifkv=AcMMx-foJZ8MjPGTLr8f9M2n_jRZMm6H1DQHHPi8U9W1OvI3zvDz7v8jKiv29ea-L8OgdyQ4DH4TOA HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=FBC4n8cRG8BveYSvKaPGBmXxTgyEpU87JxmfVJjOSVdMKH61gQskt-Ld0DYbmK2cDHMSOmCetyyvlwTszzYPxlx7SZJToaTwz-KZdctv7N-LsZ37Aiij4rqdS-rjUa1sF_ZYeJMlKDSSP7TKCmvu0WszCXDaz2dfTe9oFwlduSuzDjqSU4VYwTo
cookie: __Host-GAPS=1:XOZDwvGBk9Cd7Mil4cGdNHX4Ii7yFg:SjMkq3ihrS2u-jWm
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=AcMMx-fbm421400RMSOgTZntDsuvBy3mFSzP83Yk5ps0qIAVpuMYMWj2jGqB3yp05-6O88JWeFWD5g&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S33912763%3A1731362490349401&ddm=1

chrome.exe

Remote address:

173.194.69.84:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=AcMMx-fbm421400RMSOgTZntDsuvBy3mFSzP83Yk5ps0qIAVpuMYMWj2jGqB3yp05-6O88JWeFWD5g&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S33912763%3A1731362490349401&ddm=1 HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=FBC4n8cRG8BveYSvKaPGBmXxTgyEpU87JxmfVJjOSVdMKH61gQskt-Ld0DYbmK2cDHMSOmCetyyvlwTszzYPxlx7SZJToaTwz-KZdctv7N-LsZ37Aiij4rqdS-rjUa1sF_ZYeJMlKDSSP7TKCmvu0WszCXDaz2dfTe9oFwlduSuzDjqSU4VYwTo
cookie: __Host-GAPS=1:XOZDwvGBk9Cd7Mil4cGdNHX4Ii7yFg:SjMkq3ihrS2u-jWm
DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

blobcomments-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

blobcomments-pa.clients6.google.com

IN A

Response

blobcomments-pa.clients6.google.com

IN A

172.217.169.74
DNS

content.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content.googleapis.com

IN A

Response

content.googleapis.com

IN A

142.250.187.202

content.googleapis.com

IN A

142.250.200.42

content.googleapis.com

IN A

142.250.178.10

content.googleapis.com

IN A

142.250.180.10

content.googleapis.com

IN A

172.217.16.234

content.googleapis.com

IN A

216.58.201.106

content.googleapis.com

IN A

216.58.212.202

content.googleapis.com

IN A

172.217.169.10

content.googleapis.com

IN A

142.250.187.234

content.googleapis.com

IN A

172.217.169.74

content.googleapis.com

IN A

142.250.179.234

content.googleapis.com

IN A

142.250.200.10

content.googleapis.com

IN A

216.58.212.234

content.googleapis.com

IN A

216.58.204.74
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
OPTIONS

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&revisionId=0By20F2_IUybeQ2luSXV3dzFPMlIxM252R0x5U01ERmlFVWtjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

chrome.exe

Remote address:

172.217.169.74:443

Request

OPTIONS /v1/metadata?docId=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&revisionId=0By20F2_IUybeQ2luSXV3dzFPMlIxM252R0x5U01ERmlFVWtjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&revisionId=0By20F2_IUybeQ2luSXV3dzFPMlIxM252R0x5U01ERmlFVWtjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

chrome.exe

Remote address:

172.217.169.74:443

Request

GET /v1/metadata?docId=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&revisionId=0By20F2_IUybeQ2luSXV3dzFPMlIxM252R0x5U01ERmlFVWtjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
x-requested-with: XMLHttpRequest
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-goog-authuser: 0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://drive.google.com
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__

chrome.exe

Remote address:

142.250.187.202:443

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__ HTTP/2.0
host: content.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://content.googleapis.com/drive/v2beta/files/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2CrestrictionVisualizationCallouts%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanDownload%2CcanComment%2CcanEdit%2CcanInitiateEsignature%2CcanMoveChildrenWithinDrive%2CcanMoveItemIntoTeamDrive%2CcanRename%2CcanRemoveChildren)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

chrome.exe

Remote address:

142.250.187.202:443

Request

GET /drive/v2beta/files/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2CrestrictionVisualizationCallouts%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanDownload%2CcanComment%2CcanEdit%2CcanInitiateEsignature%2CcanMoveChildrenWithinDrive%2CcanMoveItemIntoTeamDrive%2CcanRename%2CcanRemoveChildren)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k HTTP/2.0
host: content.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-goog-encode-response-if-executable: base64
x-origin: https://drive.google.com
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
x-requested-with: XMLHttpRequest
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-goog-authuser: 0
x-referer: https://drive.google.com
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMaBywE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

10.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.178.250.142.in-addr.arpa

IN PTR

Response

10.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f101e100net
DNS

35.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.200.250.142.in-addr.arpa

IN PTR

Response

35.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f31e100net
DNS

74.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.169.217.172.in-addr.arpa

IN PTR

Response

74.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f101e100net
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f141e100net

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f110�I

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�I
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

227.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.16.217.172.in-addr.arpa

IN PTR

Response

227.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f31e100net

227.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f3�H
GET

https://apis.google.com/js/googleapis.proxy.js?onload=startup

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /js/googleapis.proxy.js?onload=startup HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://content.googleapis.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=519=FBC4n8cRG8BveYSvKaPGBmXxTgyEpU87JxmfVJjOSVdMKH61gQskt-Ld0DYbmK2cDHMSOmCetyyvlwTszzYPxlx7SZJToaTwz-KZdctv7N-LsZ37Aiij4rqdS-rjUa1sF_ZYeJMlKDSSP7TKCmvu0WszCXDaz2dfTe9oFwlduSuzDjqSU4VYwTo
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0?le=scs

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://content.googleapis.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=519=FBC4n8cRG8BveYSvKaPGBmXxTgyEpU87JxmfVJjOSVdMKH61gQskt-Ld0DYbmK2cDHMSOmCetyyvlwTszzYPxlx7SZJToaTwz-KZdctv7N-LsZ37Aiij4rqdS-rjUa1sF_ZYeJMlKDSSP7TKCmvu0WszCXDaz2dfTe9oFwlduSuzDjqSU4VYwTo
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.228
GET

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

chrome.exe

Remote address:

142.250.179.228:443

Request

GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=MKVLMqeelYXrhcnwVz-iKUWBOqxPndYGrbwpo4StIpq2jFIYQpIZZHAIQs514wRtjdp3pIsoLpwbffeTn_UsYox0p6IWSQFAj-DEkFRqPymlusI7XoF8JdOMnZhUXMcS1qnx7rvzwNBO4E_maaCQgCAH4TnyGnmPgTQKnb8afy0C1Mh-1xuKg0xHxE6JcLKs5ug
cookie: NID=519=FBC4n8cRG8BveYSvKaPGBmXxTgyEpU87JxmfVJjOSVdMKH61gQskt-Ld0DYbmK2cDHMSOmCetyyvlwTszzYPxlx7SZJToaTwz-KZdctv7N-LsZ37Aiij4rqdS-rjUa1sF_ZYeJMlKDSSP7TKCmvu0WszCXDaz2dfTe9oFwlduSuzDjqSU4VYwTo
DNS

peoplestackwebexperiments-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

peoplestackwebexperiments-pa.clients6.google.com

IN A

Response

peoplestackwebexperiments-pa.clients6.google.com

IN A

142.250.187.202
OPTIONS

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

chrome.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

chrome.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

chrome.exe

Remote address:

142.250.187.202:443

Request

POST /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
content-length: 30
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
x-goog-api-key: AIzaSyABqJ85_R2irnKzMtGBL0iHuyFBi6Efk1w
content-type: application/json+protobuf
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://drive.google.com
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

chrome.exe

Remote address:

142.250.187.202:443

Request

POST /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
content-length: 30
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
x-goog-api-key: AIzaSyABqJ85_R2irnKzMtGBL0iHuyFBi6Efk1w
content-type: application/json+protobuf
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://drive.google.com
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

84.69.194.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.69.194.173.in-addr.arpa

IN PTR

Response

84.69.194.173.in-addr.arpa

IN PTR

ef-in-f841e100net
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

drive.usercontent.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

172.217.16.225
GET

https://drive.usercontent.google.com/uc?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&export=download

chrome.exe

Remote address:

172.217.16.225:443

Request

GET /uc?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&export=download HTTP/2.0
host: drive.usercontent.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=519=FBC4n8cRG8BveYSvKaPGBmXxTgyEpU87JxmfVJjOSVdMKH61gQskt-Ld0DYbmK2cDHMSOmCetyyvlwTszzYPxlx7SZJToaTwz-KZdctv7N-LsZ37Aiij4rqdS-rjUa1sF_ZYeJMlKDSSP7TKCmvu0WszCXDaz2dfTe9oFwlduSuzDjqSU4VYwTo
cookie: __Secure-ENID=23.SE=E9dGma9N6ve13UXi2rQhbJRFxZCm9xjOvunEljetdp8CqeP5yl251xakpSulP-ypmQFg5EGWyqDjvXUEKGRvuWmoXBiwFl8hPV_hlhhxHH73hWQY2j4ypW4FdLHBCJ86zgr-uKzqDClumfpv-DbudSLOkHVj0YOO2H61gyH6-rbbeaYfcmCteOQNtiWAbcxuPukRQ264
GET

https://drive.usercontent.google.com/download?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&export=download

chrome.exe

Remote address:

172.217.16.225:443

Request

GET /download?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&export=download HTTP/2.0
host: drive.usercontent.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMaBywE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=519=FBC4n8cRG8BveYSvKaPGBmXxTgyEpU87JxmfVJjOSVdMKH61gQskt-Ld0DYbmK2cDHMSOmCetyyvlwTszzYPxlx7SZJToaTwz-KZdctv7N-LsZ37Aiij4rqdS-rjUa1sF_ZYeJMlKDSSP7TKCmvu0WszCXDaz2dfTe9oFwlduSuzDjqSU4VYwTo
cookie: __Secure-ENID=23.SE=E9dGma9N6ve13UXi2rQhbJRFxZCm9xjOvunEljetdp8CqeP5yl251xakpSulP-ypmQFg5EGWyqDjvXUEKGRvuWmoXBiwFl8hPV_hlhhxHH73hWQY2j4ypW4FdLHBCJ86zgr-uKzqDClumfpv-DbudSLOkHVj0YOO2H61gyH6-rbbeaYfcmCteOQNtiWAbcxuPukRQ264
GET

https://ssl.gstatic.com/docs/doclist/images/drive_2022q3_32dp.png

chrome.exe

Remote address:

172.217.16.227:443

Request

GET /docs/doclist/images/drive_2022q3_32dp.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMaBywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

225.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.16.217.172.in-addr.arpa

IN PTR

Response

225.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f11e100net

225.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f1�H
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

28.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.117.19.2.in-addr.arpa

IN PTR

Response

28.117.19.2.in-addr.arpa

IN PTR

a2-19-117-28deploystaticakamaitechnologiescom
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet

142.250.187.206:443

https://drive.google.com/drivesharing/clientmodel?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.com

tls, http2

chrome.exe

3.7kB
39.5kB
32
46

HTTP Request

GET https://drive.google.com/file/d/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9/view?usp=sharing

HTTP Request

GET https://drive.google.com/auth_warmup

HTTP Request

GET https://drive.google.com/drivesharing/clientmodel?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&foreignService=texmex&authuser=0&origin=https%3A%2F%2Fdrive.google.com
172.217.169.74:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

chrome.exe

2.3kB
7.3kB
15
16

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Request

POST https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
216.58.201.110:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_1

tls, http2

chrome.exe

4.7kB
122.9kB
65
95

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_1
216.58.201.110:443

apis.google.com

tls, http2

chrome.exe

999 B
5.6kB
9
8
172.217.16.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

31.9kB
10.5kB
40
34

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
172.217.16.227:443

https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_1_folder_x16.png

tls, http2

chrome.exe

3.5kB
60.9kB
44
55

HTTP Request

GET https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite60.svg

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=heojzqvazesf

HTTP Request

GET https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_2_archive_x16.png

HTTP Request

GET https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_1_folder_x16.png
172.217.16.227:443

ssl.gstatic.com

chrome.exe

98 B
52 B
2
1
173.194.69.84:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=AcMMx-fbm421400RMSOgTZntDsuvBy3mFSzP83Yk5ps0qIAVpuMYMWj2jGqB3yp05-6O88JWeFWD5g&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S33912763%3A1731362490349401&ddm=1

tls, http2

chrome.exe

4.0kB
12.4kB
20
25

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&osid=1&passive=1209600&ifkv=AcMMx-foJZ8MjPGTLr8f9M2n_jRZMm6H1DQHHPi8U9W1OvI3zvDz7v8jKiv29ea-L8OgdyQ4DH4TOA

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&followup=https%3A%2F%2Fdrive.google.com%2Fdrivesharing%2Fclientmodel%3Fid%3D1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps%3A%2F%2Fdrive.google.com&ifkv=AcMMx-fbm421400RMSOgTZntDsuvBy3mFSzP83Yk5ps0qIAVpuMYMWj2jGqB3yp05-6O88JWeFWD5g&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S33912763%3A1731362490349401&ddm=1
172.217.169.74:443

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&revisionId=0By20F2_IUybeQ2luSXV3dzFPMlIxM252R0x5U01ERmlFVWtjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

tls, http2

chrome.exe

3.0kB
13.8kB
18
23

HTTP Request

OPTIONS https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&revisionId=0By20F2_IUybeQ2luSXV3dzFPMlIxM252R0x5U01ERmlFVWtjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

HTTP Request

GET https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&revisionId=0By20F2_IUybeQ2luSXV3dzFPMlIxM252R0x5U01ERmlFVWtjPQ&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797
142.250.187.202:443

https://content.googleapis.com/drive/v2beta/files/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2CrestrictionVisualizationCallouts%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanDownload%2CcanComment%2CcanEdit%2CcanInitiateEsignature%2CcanMoveChildrenWithinDrive%2CcanMoveItemIntoTeamDrive%2CcanRename%2CcanRemoveChildren)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k

tls, http2

chrome.exe

3.5kB
8.2kB
15
16

HTTP Request

GET https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__

HTTP Request

GET https://content.googleapis.com/drive/v2beta/files/1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9?fields=alternateLink%2CcopyRequiresWriterPermission%2CcreatedDate%2Cdescription%2CdriveId%2CfileSize%2CiconLink%2Cid%2Clabels(starred%2C%20trashed)%2ClastViewedByMeDate%2CmodifiedDate%2Cshared%2CteamDriveId%2CabuseNoticeReason%2CrestrictionVisualizationCallouts%2ClabelInfo%2CuserPermission(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cpermissions(id%2Cname%2CemailAddress%2Cdomain%2Crole%2CadditionalRoles%2CphotoLink%2Ctype%2CwithLink)%2Cparents(id)%2Ccapabilities(canMoveItemWithinDrive%2CcanMoveItemOutOfDrive%2CcanMoveItemOutOfTeamDrive%2CcanAddChildren%2CcanDownload%2CcanComment%2CcanEdit%2CcanInitiateEsignature%2CcanMoveChildrenWithinDrive%2CcanMoveItemIntoTeamDrive%2CcanRename%2CcanRemoveChildren)%2Ckind&supportsTeamDrives=true&includeBadgedLabels=true&enforceSingleParent=true&key=AIzaSyC1eQ1xj69IdTMeii5r7brs3R90eck-m7k
216.58.201.110:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0?le=scs

tls, http2

chrome.exe

2.9kB
40.1kB
28
39

HTTP Request

GET https://apis.google.com/js/googleapis.proxy.js?onload=startup

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0?le=scs
142.250.179.228:443

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

tls, http2

chrome.exe

2.2kB
9.6kB
14
15

HTTP Request

GET https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
142.250.187.202:443

peoplestackwebexperiments-pa.clients6.google.com

tls, http2

chrome.exe

1.1kB
11.3kB
11
12
142.250.187.202:443

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

tls, http2

chrome.exe

2.9kB
13.9kB
21
28

HTTP Request

OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

HTTP Request

OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

HTTP Request

POST https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

HTTP Request

POST https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
172.217.16.225:443

https://drive.usercontent.google.com/download?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&export=download

tls, http2

chrome.exe

2.8kB
10.8kB
17
20

HTTP Request

GET https://drive.usercontent.google.com/uc?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&export=download

HTTP Request

GET https://drive.usercontent.google.com/download?id=1N3Yz9U2NGlIEwiR7jz6oGzITBHU32kv9&export=download
172.217.16.225:443

drive.usercontent.google.com

tls, http2

chrome.exe

957 B
5.9kB
8
8
172.217.16.227:443

https://ssl.gstatic.com/docs/doclist/images/drive_2022q3_32dp.png

tls, http2

chrome.exe

1.8kB
8.1kB
12
14

HTTP Request

GET https://ssl.gstatic.com/docs/doclist/images/drive_2022q3_32dp.png

8.8.8.8:53

drive.google.com

dns

chrome.exe

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

142.250.187.206
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.187.250.142.in-addr.arpa
8.8.8.8:53

42.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.169.217.172.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

ogads-pa.googleapis.com

dns

chrome.exe

69 B
325 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

172.217.169.74

216.58.201.106

142.250.179.234

142.250.178.10

216.58.213.10

216.58.204.74

216.58.212.202

142.250.180.10

172.217.16.234

172.217.169.10

142.250.187.202

142.250.200.42

142.250.200.10

172.217.169.42

216.58.212.234

142.250.187.234
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
142.250.187.206:443

drive.google.com

https

chrome.exe

5.4kB
13.5kB
18
24
8.8.8.8:53

youtube.googleapis.com

dns

chrome.exe

68 B
308 B
1
1

DNS Request

youtube.googleapis.com

DNS Response

172.217.169.42

142.250.187.234

216.58.204.74

216.58.212.202

142.250.200.10

142.250.179.234

142.250.200.42

172.217.16.234

142.250.187.202

142.250.180.10

172.217.169.74

142.250.178.10

172.217.169.10

216.58.201.106

216.58.212.234
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

172.217.16.238
8.8.8.8:53

ssl.gstatic.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.16.227
172.217.169.74:443

youtube.googleapis.com

https

chrome.exe

2.9kB
6.5kB
6
8
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

173.194.69.84
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
269 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

172.217.169.42

216.58.201.106

142.250.178.10

142.250.200.10

216.58.204.74

172.217.16.234

172.217.169.10

142.250.187.234

142.250.180.10

142.250.187.202

142.250.200.42

142.250.179.234
8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

blobcomments-pa.clients6.google.com

dns

chrome.exe

81 B
97 B
1
1

DNS Request

blobcomments-pa.clients6.google.com

DNS Response

172.217.169.74
8.8.8.8:53

content.googleapis.com

dns

chrome.exe

68 B
292 B
1
1

DNS Request

content.googleapis.com

DNS Response

142.250.187.202

142.250.200.42

142.250.178.10

142.250.180.10

172.217.16.234

216.58.201.106

216.58.212.202

172.217.169.10

142.250.187.234

172.217.169.74

142.250.179.234

142.250.200.10

216.58.212.234

216.58.204.74
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
172.217.16.238:443

play.google.com

https

chrome.exe

15.3kB
9.8kB
26
28
8.8.8.8:53

10.178.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.178.250.142.in-addr.arpa
8.8.8.8:53

35.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

35.200.250.142.in-addr.arpa
8.8.8.8:53

74.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

74.169.217.172.in-addr.arpa
8.8.8.8:53

110.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

110.201.58.216.in-addr.arpa
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

227.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

227.16.217.172.in-addr.arpa
172.217.16.227:443

ssl.gstatic.com

https

chrome.exe

3.7kB
8.1kB
10
12
173.194.69.84:443

accounts.google.com

https

chrome.exe

1.7kB
7.1kB
7
8
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.228
172.217.169.74:443

content.googleapis.com

https

chrome.exe

1.6kB
7.0kB
4
8
216.58.201.110:443

apis.google.com

https

chrome.exe

1.7kB
7.1kB
7
8
142.250.187.202:443

content.googleapis.com

https

chrome.exe

2.9kB
6.5kB
5
8
8.8.8.8:53

peoplestackwebexperiments-pa.clients6.google.com

dns

chrome.exe

94 B
110 B
1
1

DNS Request

peoplestackwebexperiments-pa.clients6.google.com

DNS Response

142.250.187.202
8.8.8.8:53

84.69.194.173.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.69.194.173.in-addr.arpa
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
142.250.187.202:443

peoplestackwebexperiments-pa.clients6.google.com

https

chrome.exe

2.9kB
7.0kB
5
8
8.8.8.8:53

drive.usercontent.google.com

dns

chrome.exe

74 B
90 B
1
1

DNS Request

drive.usercontent.google.com

DNS Response

172.217.16.225
172.217.16.225:443

drive.usercontent.google.com

https

chrome.exe

1.5MB
107.5MB
14764
84931
8.8.8.8:53

225.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

225.16.217.172.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
172.217.16.238:443

play.google.com

https

chrome.exe

2.1kB
7.1kB
7
11
8.8.8.8:53

28.117.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

28.117.19.2.in-addr.arpa
172.217.16.227:443

ssl.gstatic.com

https

chrome.exe

2.2kB
3.2kB
8
9
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9e2d4b5786366b764e79639032a6323a

SHA1
290c03555f534c94e2853a21d2943b84b860a19b

SHA256
a4011a0b77553c3b29b0ff753683af3c4211fa603e1ba5a0f453baadd25bf6fd

SHA512
9922e333c3ae47675087a789aa13031d2371138c85dc561723bb69118b4bd926f8df8f93353a6c569206f4ce9991cdcbff9532b26f2933793b27a2a531aa9f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
60e35076c90579269434a9fd50f04365

SHA1
8904fc4c6dd08713b0a7ea6ee9435d81b9abd6c8

SHA256
94c8317326667afe75b82b9e21141ddf8d27cba81295b60f3dceea0ce1238cbe

SHA512
5a0506787c748e65f16d48450293de1390432a30370876b56681e683e868b9ed1b3adee3e2249889f820a860921aecfeaaa20196c70fb2f27af36fb465cc4530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f9bbddb024b61871aaaf73891259fa20

SHA1
b72d8f208a869ed52987ee5d3a00866d97df8a8f

SHA256
05dfec94606ee80bc235e2690e8d6c328c72e5d5fc658fca921aeb4b9f221c54

SHA512
7037a149b1af457c6f8b8699695a1f3a9943dd1b8e4bc9d61f2e528710be3b54e48f2c1793582ba9c8dbe192230630664f0fc6bdddbc51d43241b23b6d7e0013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5461c4abb2ab07fb2a5766c1abf1e4c

SHA1
5ca594ca1bad4fca1a45c9dca2b70582336a40ca

SHA256
fa662cc7b0acc81b441a60f5a210653b2db06028ab8354c69c346d2e8ebd438d

SHA512
ae1b3c39e30beab391754719224f56084a4883a8aa35e6458c06e7fc463c3abe5e03f4e67b0bc4a72923cadce0760b842505529049e94ca5b65cda715c83ca50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
198392519c912648e25d6f37245230b6

SHA1
c9f4c2f012efc1110ee4df420ecbc4a2ec92c0b9

SHA256
092fc963e095bc3494e79d974a38fb09ad0b5a48737f38434ab8bdd4e05b421e

SHA512
95eeb7cfb337890bec12845d5fb96e0fe47b0eb7d5eb08c266fe9c338d52d9a673c5eb08a238ffb355d4b2f01bc7293add88a9f2b879236a45982a21ffa98890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6ec8ca2809d99457bf291bbb4df0689

SHA1
c2fed1490c82d3ad6878e56538af416946f3ec03

SHA256
6d0a24f033c5e0eaf94db12feba4384226204d66952e2a380e010f2761940625

SHA512
55a8ae69f53af1b6b4d7a3298e57fb05abc0c4280f665607618fb5ab38e02df2afc1cd8e5ce3fe5c872cd807c3c07d0e303df43b909ec3c650991bef989ca6d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74a658c300501e5f038e7c86662788b0

SHA1
0ba45bb3b68c735d0ce78070c0b3dd29202a8f8c

SHA256
ad774870406a989144a40eee884681cbe670d37de728a208d2ae9b2b349fb847

SHA512
529272fec57a1ab4c22aed23c122aeb8526b9837320b22fbf2b73854157777e2256c3d7aa30ca06fc8320ae793e92c0420b6ace8e92241a66d678546b8634721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
142924bceee213e1d9a229c7b0ba83f2

SHA1
40982e1def1206a8754b1c1be8d6add61cbc7b03

SHA256
f446db64e07cfc521b27268c1b469fde0c0926f7914fb834c5f9e46ee7662cf4

SHA512
882e0dd725728227b7cb91a5ce36b17623402abac22aa4c167ef932718fb2a9dc5a21635ebe6e65211d803e65c8952c34295ab421a8a32baed061629059e0435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1709587594357ec58c1a26dae7e2dc40

SHA1
246dd7a236f32ffb70e9a5801bba138be1ffe82b

SHA256
f71d17212209db96f07d3fb49b686ec9332e6289a73b65bec592f71dabb14ab7

SHA512
94f699ed8b2e1ba7d9fe8bc63457285c2f293133414a45a8002afd52d95e6123c74eb055f4e325c0bec2d435b3345105b0ad1f1553fd18f59e70107b62e901d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
625525271153604fd3aa84247f006825

SHA1
9c59b9f43784c093d55452b590d8803b1426f127

SHA256
ead64e4bd9148e4d04bc4f1d40bebdb4c66140d0988db101e8fc196ae5b9cc6e

SHA512
4df14fbc5131f05e989d09fa8a07df314ac6142c7b8189067c23ad17ed50b8e10a131b3aa5fc987e266d536a6697dd44b2922ff5c86fd26d0ee047b553f5bd41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
067f3b133fb836763c3d8279451db635

SHA1
aaecc86acfb1f5552a154d5b42a9ce3c322768ab

SHA256
04c1588420f86918a0d6721c4f1215487e38e19e88fe0306a567d6ad7b84c377

SHA512
27ba475bbef4c81176b0f2e4ab61002a079d40c87a26217aa52c2f43cead9e2ffe145524d3e691a6d83f4c390db10de4bfa3aa07c9804638b4b0b1d4e704463c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
648bc61f53f1b14a363343be0287f972

SHA1
a9a29bfb32b78d3c9fda227f96dcbe2829e8fc6d

SHA256
e9ed35d45c14ab45606d217a539bbe688f63e965d1d32e1df133b4eb1e928e5a

SHA512
4a577e2024f8cb75458c13aff1fac2e2bf5afa9978eb024b7a4c91238723faff91449933563d5acfbc8f03abc5b77ae9ef94bde70f7b7fc4ed3421f58b839366

Download Submit
C:\Users\Admin\Downloads\osamason---flex-musix-drum-kit\! FLEX MUSIX DRUM KIT - ARTIFICIAL\№1 FLEX MUSIX DRUM KIT - ARTIFICIAL\Clap.nfo

Filesize
40B

MD5
65dad8f8148d56608492e83a6075be2a

SHA1
1fccf00b5db1126635f941b72c021fd618e85083

SHA256
7f8ab9628cdea1d723a198b57257d7b253ef94f438f8177ecb4129febf4832db

SHA512
ddfb9befa0a9e612ebd121a2db7136f03308302d6f4afbd5aedf30625948f730afb89bdae234d019dc694b7418c1931d0e554b8df39194d94202392c025065ab

Download Submit
C:\Users\Admin\Downloads\osamason---flex-musix-drum-kit\! FLEX MUSIX DRUM KIT - ARTIFICIAL\№2 FLEX MUSIX DECONSTRUCTED KIT - ARTIFICIAL\№11 Kome Thru\MIDI.nfo

Filesize
50B

MD5
d49a847a6ce99c868e483fc050bf3556

SHA1
f3f57ff2810f09d9fc2cc81081d7884c0386d27f

SHA256
6800089c1947f340741f69b96ce5052b594d0beb777791a76559406dc1e34032

SHA512
fa516d238e1b4cabe7c824fe010d7c7ac5685c4bbcb2f92cd231564bf3f2aee78d2617430806119e3f82c2158518c698fc5e255679206cb24417ce32206c24ef

Download Submit
C:\Users\Admin\Downloads\osamason---flex-musix-drum-kit\! FLEX MUSIX DRUM KIT - ARTIFICIAL\№2 FLEX MUSIX DECONSTRUCTED KIT - ARTIFICIAL\№4 For Da Flex\For Da Flex Clap.wav

Filesize
65KB

MD5
c8a5d33f2618b4da68c89b483c7d9fcf

SHA1
9464fa3d6d347e57d03f71b8d325937c4af5e7fd

SHA256
c6a369e3797186f40dbf8981b347df7dffa527975d062f3bb48b3880fd1a4dbf

SHA512
084c36d286a52e764367d76e9cd3677d50b9e35683cf40cb5bf7cb9e09ae925ba130d32072e6e7105cc9b1fc3ee31783d174eb9286acc9497f8ddb7f08df7623

Download Submit
C:\Users\Admin\Downloads\osamason---flex-musix-drum-kit\! FLEX MUSIX DRUM KIT - ARTIFICIAL\№2 FLEX MUSIX DECONSTRUCTED KIT - ARTIFICIAL\№4 For Da Flex\For Da Flex Hi Hat.wav

Filesize
20KB

MD5
f68b40da0dff06d17922e04d28386a22

SHA1
7f41f5dff2b9b65db24f6ac0bdac66e8d0d450bc

SHA256
0fb70d1e10fde16a7ff4ac9f1512e0c7cfede17aef897ed39b9545a2091bc878

SHA512
d99656d53ed613c6edc9ddd14b079602bf1b7c63d463989d9d84cd741987351e21ac4a0ec2dd3c54d020c4dd59d70769c9a754fb6dab7e7db1fd83cfefa55de2

Download Submit
C:\Users\Admin\Downloads\osamason---flex-musix-drum-kit\! FLEX MUSIX DRUM KIT - ARTIFICIAL\№2 FLEX MUSIX DECONSTRUCTED KIT - ARTIFICIAL\№4 For Da Flex\For Da Flex Open Hat.wav

Filesize
170KB

MD5
267e8a1a482c77676c26ac002043efc3

SHA1
d630bebd70ecdbe89c019abfab2e18976c67068d

SHA256
0475ad59a1868bde2793febc233ce7c7e9716a7eaca37d8ac006699ec6e28821

SHA512
e6e34285d0749fa9a2ae09668902b2c3c3da78933ddb740a1c978e4c626801676cb5e41d08d8f9de22e4713a9ea475c68e7ddca75aaa30c8fbe52fe49d5d781e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request