Analysis
-
max time kernel
83s -
max time network
85s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
11/11/2024, 20:29 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
Resource
win11-20241007-en
General
-
Target
https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
Malware Config
Signatures
-
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 2 drive.google.com 3 drive.google.com 11 drive.google.com 12 drive.google.com -
pid Process 4900 GameBarPresenceWriter.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UNDERTALE.exe -
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{C55B32D2-690A-4B2A-B2F2-C7382A7EFD73} svchost.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\Undertale-20241111T202938Z-001.zip:Zone.Identifier firefox.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe 1052 UNDERTALE.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 2656 firefox.exe Token: SeDebugPrivilege 2656 firefox.exe Token: SeDebugPrivilege 2656 firefox.exe Token: 33 2168 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2168 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 21 IoCs
pid Process 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 2656 firefox.exe 1052 UNDERTALE.exe 4904 OpenWith.exe 3444 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 3252 wrote to memory of 2656 3252 firefox.exe 77 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 3764 2656 firefox.exe 78 PID 2656 wrote to memory of 644 2656 firefox.exe 79 PID 2656 wrote to memory of 644 2656 firefox.exe 79 PID 2656 wrote to memory of 644 2656 firefox.exe 79 PID 2656 wrote to memory of 644 2656 firefox.exe 79 PID 2656 wrote to memory of 644 2656 firefox.exe 79 PID 2656 wrote to memory of 644 2656 firefox.exe 79 PID 2656 wrote to memory of 644 2656 firefox.exe 79 PID 2656 wrote to memory of 644 2656 firefox.exe 79 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq"1⤵
- Suspicious use of WriteProcessMemory
PID:3252 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da8715cd-56c1-4976-99b9-a399f2d6b5f3} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" gpu3⤵PID:3764
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe0cdc0f-4a52-4971-a028-97d0e2e0afcc} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" socket3⤵PID:644
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 1216 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b71e9bcc-aef6-4a83-9402-510c06444070} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab3⤵PID:3056
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 2920 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6813b64-14a1-4b12-a3be-b55add261080} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab3⤵PID:104
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4736 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4724 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f12c62a-8ed9-4f99-bcd0-5950ad8da878} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" utility3⤵
- Checks processor information in registry
PID:1980
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5040 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4f4440e-dcb2-47fc-85dd-cdb891c6d026} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab3⤵PID:1520
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 4 -isForBrowser -prefsHandle 5596 -prefMapHandle 5600 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59963cf9-3998-48c7-b1b6-ab6697151c0f} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab3⤵PID:3996
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5880 -childID 5 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ee602c7-1fea-4fd5-9590-28d2dbb6d9c4} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab3⤵PID:2672
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3476
-
C:\Users\Admin\Downloads\Undertale-20241111T202938Z-001\Undertale\UNDERTALE.exe"C:\Users\Admin\Downloads\Undertale-20241111T202938Z-001\Undertale\UNDERTALE.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1052
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E41⤵
- Suspicious use of AdjustPrivilegeToken
PID:2168
-
C:\Windows\System32\GameBarPresenceWriter.exe"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer1⤵
- Network Service Discovery
PID:4900
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4904
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2520
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3444
Network
-
Remote address:8.8.8.8:53Requestdrive.google.comIN AResponsedrive.google.comIN A142.250.187.206
-
Remote address:8.8.8.8:53Requestfirefox.settings.services.mozilla.comIN AResponsefirefox.settings.services.mozilla.comIN CNAMEprod.remote-settings.prod.webservices.mozgcp.netprod.remote-settings.prod.webservices.mozgcp.netIN A34.149.100.209
-
Remote address:8.8.8.8:53Requestprod.content-signature-chains.prod.webservices.mozgcp.netIN AAAAResponseprod.content-signature-chains.prod.webservices.mozgcp.netIN AAAA2600:1901:0:92a9::
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestssl.gstatic.comIN AResponsessl.gstatic.comIN A172.217.16.227
-
Remote address:8.8.8.8:53Requestgooglehosted.l.googleusercontent.comIN AResponsegooglehosted.l.googleusercontent.comIN A216.58.213.1
-
Remote address:8.8.8.8:53Request110.201.58.216.in-addr.arpaIN PTRResponse110.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f141e100net110.201.58.216.in-addr.arpaIN PTRprg03s02-in-f110�I110.201.58.216.in-addr.arpaIN PTRprg03s02-in-f14�I
-
Remote address:8.8.8.8:53Requestogads-pa.googleapis.comIN AResponseogads-pa.googleapis.comIN A142.250.200.10ogads-pa.googleapis.comIN A142.250.179.234ogads-pa.googleapis.comIN A172.217.169.74ogads-pa.googleapis.comIN A142.250.180.10ogads-pa.googleapis.comIN A142.250.200.42ogads-pa.googleapis.comIN A216.58.212.202ogads-pa.googleapis.comIN A172.217.16.234ogads-pa.googleapis.comIN A216.58.213.10ogads-pa.googleapis.comIN A142.250.187.234ogads-pa.googleapis.comIN A216.58.212.234ogads-pa.googleapis.comIN A142.250.187.202ogads-pa.googleapis.comIN A216.58.204.74ogads-pa.googleapis.comIN A172.217.169.42ogads-pa.googleapis.comIN A216.58.201.106ogads-pa.googleapis.comIN A142.250.178.10
-
Remote address:8.8.8.8:53Requestwww.google.comIN AAAAResponsewww.google.comIN AAAA2a00:1450:4009:81e::2004
-
Remote address:8.8.8.8:53Requestplay.google.comIN AResponseplay.google.comIN A172.217.16.238
-
Remote address:8.8.8.8:53Request74.204.58.216.in-addr.arpaIN PTRResponse74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f101e100net74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f74�H74.204.58.216.in-addr.arpaIN PTRlhr48s49-in-f10�H
-
Remote address:8.8.8.8:53Requestwww3.l.google.comIN AAAAResponsewww3.l.google.comIN AAAA2a00:1450:4009:815::200e
-
Remote address:8.8.8.8:53Request216.72.190.35.in-addr.arpaIN PTRResponse216.72.190.35.in-addr.arpaIN PTR2167219035bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Requestr2---sn-aigl6ned.gvt1.comIN AResponser2---sn-aigl6ned.gvt1.comIN CNAMEr2.sn-aigl6ned.gvt1.comr2.sn-aigl6ned.gvt1.comIN A173.194.183.71
-
Remote address:8.8.8.8:53Requestfirefox-api-proxy.cdn.mozilla.netIN AResponsefirefox-api-proxy.cdn.mozilla.netIN CNAMEfirefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.netfirefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.netIN A34.149.97.1
-
Remote address:8.8.8.8:53Requestshavar.prod.mozaws.netIN AAAAResponse
-
Remote address:8.8.8.8:53Requestcontile.services.mozilla.comIN AAAAResponse
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A216.58.201.110
-
Remote address:8.8.8.8:53Requestdrive-thirdparty.googleusercontent.comIN AResponsedrive-thirdparty.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A216.58.213.1
-
Remote address:8.8.8.8:53Request10.178.250.142.in-addr.arpaIN PTRResponse10.178.250.142.in-addr.arpaIN PTRlhr48s27-in-f101e100net
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.180.4
-
Remote address:8.8.8.8:53Requestpeople-pa.clients6.google.comIN AAAAResponsepeople-pa.clients6.google.comIN AAAA2a00:1450:4009:81f::200a
-
Remote address:8.8.8.8:53Requestyoutube.googleapis.comIN AAAAResponseyoutube.googleapis.comIN AAAA2a00:1450:4009:81e::200ayoutube.googleapis.comIN AAAA2a00:1450:4009:81f::200ayoutube.googleapis.comIN AAAA2a00:1450:4009:819::200ayoutube.googleapis.comIN AAAA2a00:1450:4009:81d::200a
-
Remote address:8.8.8.8:53Requeststorage.googleapis.comIN AResponsestorage.googleapis.comIN A172.217.169.91storage.googleapis.comIN A172.217.169.59storage.googleapis.comIN A216.58.212.219storage.googleapis.comIN A142.250.187.251storage.googleapis.comIN A142.250.200.59storage.googleapis.comIN A216.58.212.251storage.googleapis.comIN A172.217.169.27storage.googleapis.comIN A172.217.16.251storage.googleapis.comIN A216.58.201.123storage.googleapis.comIN A142.250.200.27storage.googleapis.comIN A142.250.187.219storage.googleapis.comIN A216.58.213.27storage.googleapis.comIN A142.250.178.27storage.googleapis.comIN A142.250.180.27storage.googleapis.comIN A216.58.204.91storage.googleapis.comIN A142.250.179.251
-
Remote address:8.8.8.8:53Requestaus5.mozilla.orgIN AResponseaus5.mozilla.orgIN CNAMEbalrog-aus5.r53-2.services.mozilla.combalrog-aus5.r53-2.services.mozilla.comIN CNAMEprod.balrog.prod.cloudops.mozgcp.netprod.balrog.prod.cloudops.mozgcp.netIN A35.244.181.201
-
Remote address:8.8.8.8:53Requestciscobinary.openh264.orgIN AResponseciscobinary.openh264.orgIN CNAMEa21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.comIN CNAMEa17.rackcdn.coma17.rackcdn.comIN CNAMEa17.rackcdn.com.mdc.edgesuite.neta17.rackcdn.com.mdc.edgesuite.netIN CNAMEa19.dscg10.akamai.neta19.dscg10.akamai.netIN A23.55.161.211a19.dscg10.akamai.netIN A23.55.161.185
-
Remote address:8.8.8.8:53Request14.200.250.142.in-addr.arpaIN PTRResponse14.200.250.142.in-addr.arpaIN PTRlhr48s29-in-f141e100net
-
Remote address:8.8.8.8:53Requestspocs.getpocket.comIN AResponsespocs.getpocket.comIN CNAMEprod.ads.prod.webservices.mozgcp.netprod.ads.prod.webservices.mozgcp.netIN A34.117.188.166
-
Remote address:8.8.8.8:53Requestcontile.services.mozilla.comIN AResponsecontile.services.mozilla.comIN A34.117.188.166
-
Remote address:8.8.8.8:53Requestprod.ads.prod.webservices.mozgcp.netIN AAAAResponse
-
Remote address:8.8.8.8:53Requestattachments.prod.remote-settings.prod.webservices.mozgcp.netIN AAAAResponse
-
Remote address:8.8.8.8:53Requestfonts.googleapis.comIN AAAAResponsefonts.googleapis.comIN AAAA2a00:1450:4009:815::200a
-
Remote address:8.8.8.8:53Requestfonts.gstatic.comIN AResponsefonts.gstatic.comIN A142.250.200.35
-
Remote address:8.8.8.8:53Requestdrivefrontend-pa.clients6.google.comIN AResponsedrivefrontend-pa.clients6.google.comIN A142.250.200.42
-
Remote address:8.8.8.8:53Request35.200.250.142.in-addr.arpaIN PTRResponse35.200.250.142.in-addr.arpaIN PTRlhr48s30-in-f31e100net
-
Remote address:8.8.8.8:53Requestplay.google.comIN AAAAResponseplay.google.comIN AAAA2a00:1450:4009:821::200e
-
Remote address:8.8.8.8:53Requesttakeout-pa-qw.clients6.google.comIN AResponsetakeout-pa-qw.clients6.google.comIN A216.58.204.74
-
Remote address:8.8.8.8:53Requestogs.google.comIN AResponseogs.google.comIN CNAMEwww3.l.google.comwww3.l.google.comIN A142.250.178.14
-
Remote address:8.8.8.8:53Requestprod.classify-client.prod.webservices.mozgcp.netIN AAAAResponse
-
Remote address:8.8.8.8:53Requestredirector.gvt1.comIN AAAAResponseredirector.gvt1.comIN AAAA2a00:1450:4009:822::200e
-
Remote address:142.250.187.206:443RequestGET /drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq HTTP/2.0
host: drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
-
GEThttps://drive.google.com/_/drive_fe/_/ss/k=drive_fe.main.x75CuOwN5Ic.L.F4.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=0/br=1/rs=AFB8gsxC_gTh8fQyDWYTOWnHBg0r-WWphgfirefox.exeRemote address:142.250.187.206:443RequestGET /_/drive_fe/_/ss/k=drive_fe.main.x75CuOwN5Ic.L.F4.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=0/br=1/rs=AFB8gsxC_gTh8fQyDWYTOWnHBg0r-WWphg HTTP/2.0
host: drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
-
GEThttps://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=bfirefox.exeRemote address:142.250.187.206:443RequestGET /_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=b HTTP/2.0
host: drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
-
GEThttps://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=RsR2Mcfirefox.exeRemote address:142.250.187.206:443RequestGET /_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=RsR2Mc HTTP/2.0
host: drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
-
GEThttps://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=corefirefox.exeRemote address:142.250.187.206:443RequestGET /_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=core HTTP/2.0
host: drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
-
GEThttps://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US®ion=GB&count=30firefox.exeRemote address:34.149.97.1:443RequestGET /desktop/v1/recommendations?locale=en-US®ion=GB&count=30 HTTP/2.0
host: firefox-api-proxy.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
consumer_key: 94110-6d5ff7a89d72c869766af0e0
if-none-match: W/"485f-fen988fqv/S2EQEpVs+ik8qVtVA"
te: trailers
-
Remote address:8.8.8.8:53Requestprod.remote-settings.prod.webservices.mozgcp.netIN AResponseprod.remote-settings.prod.webservices.mozgcp.netIN A34.149.100.209
-
Remote address:8.8.8.8:53Requestpush.services.mozilla.comIN AAAAResponse
-
Remote address:8.8.8.8:53Requestfonts.googleapis.comIN AResponsefonts.googleapis.comIN A142.250.178.10
-
Remote address:8.8.8.8:53Requestplus.l.google.comIN AAAAResponseplus.l.google.comIN AAAA2a00:1450:4009:826::200e
-
Remote address:8.8.8.8:53Requestwww.gstatic.comIN AAAAResponsewww.gstatic.comIN AAAA2a00:1450:4009:820::2003
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.180.4
-
Remote address:8.8.8.8:53Requestpeople-pa.clients6.google.comIN AResponsepeople-pa.clients6.google.comIN A216.58.213.10
-
Remote address:8.8.8.8:53Requestyoutube.googleapis.comIN AResponseyoutube.googleapis.comIN A216.58.212.202youtube.googleapis.comIN A142.250.187.202youtube.googleapis.comIN A142.250.178.10youtube.googleapis.comIN A142.250.187.234youtube.googleapis.comIN A216.58.201.106youtube.googleapis.comIN A142.250.179.234youtube.googleapis.comIN A216.58.204.74youtube.googleapis.comIN A172.217.16.234youtube.googleapis.comIN A216.58.213.10youtube.googleapis.comIN A142.250.200.10youtube.googleapis.comIN A142.250.200.42youtube.googleapis.comIN A142.250.180.10youtube.googleapis.comIN A216.58.212.234youtube.googleapis.comIN A172.217.169.42
-
Remote address:8.8.8.8:53Requeststorage.googleapis.comIN AResponsestorage.googleapis.comIN A142.250.178.27storage.googleapis.comIN A142.250.187.251storage.googleapis.comIN A172.217.169.59storage.googleapis.comIN A142.250.187.219storage.googleapis.comIN A216.58.212.251storage.googleapis.comIN A142.250.200.27storage.googleapis.comIN A172.217.169.27storage.googleapis.comIN A216.58.212.219storage.googleapis.comIN A172.217.16.251storage.googleapis.comIN A172.217.169.91storage.googleapis.comIN A216.58.213.27storage.googleapis.comIN A216.58.204.91storage.googleapis.comIN A216.58.201.123storage.googleapis.comIN A142.250.179.251storage.googleapis.comIN A142.250.200.59storage.googleapis.comIN A142.250.180.27
-
Remote address:8.8.8.8:53Requestlocation.services.mozilla.comIN AResponselocation.services.mozilla.comIN CNAMEprod.classify-client.prod.webservices.mozgcp.netprod.classify-client.prod.webservices.mozgcp.netIN A35.190.72.216
-
Remote address:8.8.8.8:53Requestredirector.gvt1.comIN AResponseredirector.gvt1.comIN A142.250.200.14
-
Remote address:8.8.8.8:53Requestr2.sn-aigl6ned.gvt1.comIN AAAAResponser2.sn-aigl6ned.gvt1.comIN AAAA2a00:1450:4009:4e::7
-
Remote address:8.8.8.8:53Requestr2.sn-aigl6ned.gvt1.comIN AAAA
-
Remote address:8.8.8.8:53Requestr2.sn-aigl6ned.gvt1.comIN AAAA
-
GEThttps://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/f2fd2765-a4cc-4e09-b427-a94d7e43fa30.ftlfirefox.exeRemote address:34.117.121.53:443RequestGET /main-workspace/ms-language-packs/f2fd2765-a4cc-4e09-b427-a94d7e43fa30.ftl HTTP/2.0
host: firefox-settings-attachments.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
-
Remote address:216.58.201.110:443RequestGET /js/api.js HTTP/2.0
host: apis.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
-
Remote address:172.217.16.227:443RequestGET /images/branding/product/1x/drive_2020q4_48dp.png HTTP/2.0
host: ssl.gstatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
-
Remote address:216.58.213.1:443RequestGET /32/type/application/x-msdos-program HTTP/2.0
host: drive-thirdparty.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
-
Remote address:216.58.213.1:443RequestGET /32/type/application/octet-stream HTTP/2.0
host: drive-thirdparty.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
-
GEThttps://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:142.250.200.42:443RequestGET /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-GB
accept-encoding: gzip, deflate, br
x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,modified_by_me_date_millis,last_viewed_by_me_date_millis,file_size,owner(id,focus_user_id,is_me,type),shortcut_details(target_id,target_mime_type,target_lookup_status),last_modifying_user(id,focus_user_id,is_me,type),has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,shared,shared_with_me_date_millis,capabilities(can_copy_non_authoritative,can_download_non_authoritative,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_read_team_drive,can_move_team_drive_item),user_role,explicitly_trashed,quota_bytes_used,starred,file_extension,sharing_user(id,focus_user_id,is_me,type),spaces,trashed,restricted,version,viewed,team_drive_id,has_own_permissions,create_date_millis,trashing_user(id,focus_user_id,is_me,type),trashed_date_millis))
content-type: application/json+protobuf
x-goog-ext-472780938-jspb: W1sxNDk3LG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSxudWxsLG51bGwsWzJdXV0=
x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
GEThttps://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:142.250.200.42:443RequestGET /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-GB
accept-encoding: gzip, deflate, br
x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,modified_by_me_date_millis,last_viewed_by_me_date_millis,file_size,owner(id,focus_user_id,is_me,type),shortcut_details(target_id,target_mime_type,target_lookup_status),last_modifying_user(id,focus_user_id,is_me,type),has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,shared,shared_with_me_date_millis,capabilities(can_copy_non_authoritative,can_download_non_authoritative,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_read_team_drive,can_move_team_drive_item),user_role,explicitly_trashed,quota_bytes_used,starred,file_extension,sharing_user(id,focus_user_id,is_me,type),spaces,trashed,restricted,version,viewed,team_drive_id,has_own_permissions,create_date_millis,trashing_user(id,focus_user_id,is_me,type),trashed_date_millis))
content-type: application/json+protobuf
x-goog-ext-472780938-jspb: W1sxNDk3LG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSxudWxsLG51bGwsWzJdXV0=
x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
GEThttps://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:142.250.200.42:443RequestGET /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-GB
accept-encoding: gzip, deflate, br
x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,modified_by_me_date_millis,last_viewed_by_me_date_millis,file_size,owner(id,focus_user_id,is_me,type),shortcut_details(target_id,target_mime_type,target_lookup_status),last_modifying_user(id,focus_user_id,is_me,type),has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,shared,shared_with_me_date_millis,capabilities(can_copy_non_authoritative,can_download_non_authoritative,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_read_team_drive,can_move_team_drive_item),user_role,explicitly_trashed,quota_bytes_used,starred,file_extension,sharing_user(id,focus_user_id,is_me,type),spaces,trashed,restricted,version,viewed,team_drive_id,has_own_permissions,create_date_millis,trashing_user(id,focus_user_id,is_me,type),trashed_date_millis))
content-type: application/json+protobuf
x-goog-ext-472780938-jspb: W1szMTAsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxLG51bGwsbnVsbCxbMl1dXQ==
x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
GEThttps://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:142.250.200.42:443RequestGET /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-GB
accept-encoding: gzip, deflate, br
x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,modified_by_me_date_millis,last_viewed_by_me_date_millis,file_size,owner(id,focus_user_id,is_me,type),shortcut_details(target_id,target_mime_type,target_lookup_status),last_modifying_user(id,focus_user_id,is_me,type),has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,shared,shared_with_me_date_millis,capabilities(can_copy_non_authoritative,can_download_non_authoritative,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_read_team_drive,can_move_team_drive_item),user_role,explicitly_trashed,quota_bytes_used,starred,file_extension,sharing_user(id,focus_user_id,is_me,type),spaces,trashed,restricted,version,viewed,team_drive_id,has_own_permissions,create_date_millis,trashing_user(id,focus_user_id,is_me,type),trashed_date_millis))
content-type: application/json+protobuf
x-goog-ext-472780938-jspb: W1sxMDAxLDEsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSxudWxsLG51bGwsWzJdXV0=
x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
OPTIONShttps://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:142.250.200.42:443RequestOPTIONS /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
OPTIONShttps://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:142.250.200.42:443RequestOPTIONS /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
OPTIONShttps://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDatafirefox.exeRemote address:142.250.200.42:443RequestOPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
-
POSThttps://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDatafirefox.exeRemote address:142.250.200.42:443RequestPOST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
content-length: 70
origin: https://drive.google.com
referer: https://drive.google.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
-
OPTIONShttps://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:142.250.200.42:443RequestOPTIONS /v1/items:get?ids=1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
Remote address:142.250.180.4:443RequestGET /images/cleardot.gif HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
-
POSThttps://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3D7nf2jspv2sl8%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:216.58.213.10:443RequestPOST /batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3D7nf2jspv2sl8%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: people-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain; charset=UTF-8
content-length: 604
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
Remote address:172.217.16.238:443RequestPOST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/x-www-form-urlencoded;charset=utf-8
content-length: 1316
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
POSThttps://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:216.58.204.74:443RequestPOST /v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: takeout-pa-qw.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
content-length: 82
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=519=KtLLugWDVsdiapimOggu55IovG_3j7siqpGH9SypUAWnort7nSu9FcNH_uG7v_Q_nPuvXtBqaikBOsDClXyW317pLGPEH_vPHyjd3mZubfmjbcjg-IX04QQkJ1Mc3PQ17vQuQeY7AvzLyXl5aeH4fFTyhKrs0-b2FZMeSnb2KZX_4shhaLLdKFWJ
cookie: __Secure-ENID=23.SE=VB2QoNi5r1qMWdRw7hSO8-V2U7Kq7BcJy5MV9l3OIVEXImETFYld1kyuf2AiZURlLWnUwp5bsRX4bSAsV4euii2-KGqVbM9Tg9xupJvUNbsifumy5OhufopXrrq6GDYiK2AZPOwE5SB0Bp5uOXH1kwl6oCUelEuJokLzw8hsOeClhISYa1oRSg709Iw
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
OPTIONShttps://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:216.58.204.74:443RequestOPTIONS /v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: takeout-pa-qw.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-drive-client-version
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
OPTIONShttps://takeout-pa-qw.clients6.google.com/v1/exports/d39cf74c-394c-4116-b079-5610607b5ca3?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEfirefox.exeRemote address:216.58.204.74:443RequestOPTIONS /v1/exports/d39cf74c-394c-4116-b079-5610607b5ca3?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: takeout-pa-qw.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: x-goog-drive-client-version
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
-
GEThttps://storage.googleapis.com/drive-bulk-export-anonymous/20241111T202938.092Z/4133399871716478688/d39cf74c-394c-4116-b079-5610607b5ca3/1/8b740fe4-17e8-4239-85e4-8f4c6ef22372?authuserfirefox.exeRemote address:142.250.178.27:443RequestGET /drive-bulk-export-anonymous/20241111T202938.092Z/4133399871716478688/d39cf74c-394c-4116-b079-5610607b5ca3/1/8b740fe4-17e8-4239-85e4-8f4c6ef22372?authuser HTTP/2.0
host: storage.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
-
GEThttps://ogs.google.com/widget/app/so?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en-GBfirefox.exeRemote address:142.250.178.14:443RequestGET /widget/app/so?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en-GB HTTP/2.0
host: ogs.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
cookie: NID=519=KtLLugWDVsdiapimOggu55IovG_3j7siqpGH9SypUAWnort7nSu9FcNH_uG7v_Q_nPuvXtBqaikBOsDClXyW317pLGPEH_vPHyjd3mZubfmjbcjg-IX04QQkJ1Mc3PQ17vQuQeY7AvzLyXl5aeH4fFTyhKrs0-b2FZMeSnb2KZX_4shhaLLdKFWJ
cookie: __Secure-ENID=23.SE=VB2QoNi5r1qMWdRw7hSO8-V2U7Kq7BcJy5MV9l3OIVEXImETFYld1kyuf2AiZURlLWnUwp5bsRX4bSAsV4euii2-KGqVbM9Tg9xupJvUNbsifumy5OhufopXrrq6GDYiK2AZPOwE5SB0Bp5uOXH1kwl6oCUelEuJokLzw8hsOeClhISYa1oRSg709Iw
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: same-site
te: trailers
-
GEThttps://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213ebfirefox.exeRemote address:35.190.72.216:443RequestGET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/2.0
host: location.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
te: trailers
-
Remote address:142.250.200.14:443RequestGET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
host: redirector.gvt1.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
-
GEThttp://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zipfirefox.exeRemote address:23.55.161.211:80RequestGET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
ResponseHTTP/1.1 200 OK
ETag: 09372174e83dbbf696ee732fd2e875bb
Content-Length: 491284
Accept-Ranges: bytes
X-Timestamp: 1731033473.13891
Content-Type: application/zip
X-Trans-Id: txa94bf5004bf64d468a932-00672e043edfw1
Cache-Control: public, max-age=135852
Expires: Wed, 13 Nov 2024 10:14:13 GMT
Date: Mon, 11 Nov 2024 20:30:01 GMT
Connection: keep-alive
-
GEThttps://r2---sn-aigl6ned.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1731357001,&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigl6ned&ms=nvh&mt=1731356660&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ned.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.comfirefox.exeRemote address:173.194.183.71:443RequestGET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1731357001,&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigl6ned&ms=nvh&mt=1731356660&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ned.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com HTTP/1.1
Host: r2---sn-aigl6ned.gvt1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
ResponseHTTP/1.1 200 OK
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 14485862
Content-Security-Policy: default-src 'none'
Content-Type: application/zip
Etag: "1d3918c"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Mon, 11 Nov 2024 09:28:58 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
-
-
1.4kB 7.6kB 10 10
-
142.250.187.206:443https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=coretls, http2firefox.exe10.6kB 1.1MB 181 833
HTTP Request
GET https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPqHTTP Request
GET https://drive.google.com/_/drive_fe/_/ss/k=drive_fe.main.x75CuOwN5Ic.L.F4.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=0/br=1/rs=AFB8gsxC_gTh8fQyDWYTOWnHBg0r-WWphgHTTP Request
GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=bHTTP Request
GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=RsR2McHTTP Request
GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=core -
34.149.97.1:443https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US®ion=GB&count=30tls, http2firefox.exe2.0kB 13.3kB 16 18
HTTP Request
GET https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US®ion=GB&count=30 -
34.117.121.53:443https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/f2fd2765-a4cc-4e09-b427-a94d7e43fa30.ftltls, http2firefox.exe1.4kB 9.1kB 13 16
HTTP Request
GET https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/f2fd2765-a4cc-4e09-b427-a94d7e43fa30.ftl -
2.1kB 12.1kB 16 19
HTTP Request
GET https://apis.google.com/js/api.js -
172.217.16.227:443https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.pngtls, http2firefox.exe2.0kB 7.1kB 15 15
HTTP Request
GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png -
1.4kB 10.3kB 10 12
-
216.58.213.1:443https://drive-thirdparty.googleusercontent.com/32/type/application/octet-streamtls, http2firefox.exe2.1kB 13.1kB 16 17
HTTP Request
GET https://drive-thirdparty.googleusercontent.com/32/type/application/x-msdos-programHTTP Request
GET https://drive-thirdparty.googleusercontent.com/32/type/application/octet-stream -
1.4kB 10.9kB 10 15
-
1.4kB 10.9kB 11 15
-
142.250.200.42:443https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEtls, http2firefox.exe3.9kB 13.9kB 21 28
HTTP Request
GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEHTTP Request
GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEHTTP Request
GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEHTTP Request
GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE -
142.250.200.42:443https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEtls, http2firefox.exe3.5kB 13.1kB 26 35
HTTP Request
OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEHTTP Request
OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEHTTP Request
OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDataHTTP Request
POST https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDataHTTP Request
OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE -
1.4kB 5.5kB 10 9
-
1.4kB 5.6kB 10 11
-
2.1kB 5.9kB 15 14
HTTP Request
GET https://www.google.com/images/cleardot.gif -
216.58.213.10:443https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3D7nf2jspv2sl8%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEtls, http2firefox.exe3.0kB 12.2kB 18 19
HTTP Request
POST https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3D7nf2jspv2sl8%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE -
3.5kB 8.9kB 16 17
HTTP Request
POST https://play.google.com/log?format=json&hasfast=true -
-
1.4kB 5.3kB 10 11
-
1.5kB 10.5kB 12 14
-
1.4kB 5.5kB 10 9
-
216.58.204.74:443https://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEtls, http2firefox.exe2.6kB 12.0kB 17 19
HTTP Request
POST https://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE -
216.58.204.74:443https://takeout-pa-qw.clients6.google.com/v1/exports/d39cf74c-394c-4116-b079-5610607b5ca3?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEtls, http2firefox.exe2.5kB 11.8kB 19 23
HTTP Request
OPTIONS https://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIEHTTP Request
OPTIONS https://takeout-pa-qw.clients6.google.com/v1/exports/d39cf74c-394c-4116-b079-5610607b5ca3?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE -
1.4kB 7.6kB 11 10
-
142.250.178.27:443https://storage.googleapis.com/drive-bulk-export-anonymous/20241111T202938.092Z/4133399871716478688/d39cf74c-394c-4116-b079-5610607b5ca3/1/8b740fe4-17e8-4239-85e4-8f4c6ef22372?authusertls, http2firefox.exe1.4MB 134.6MB 28202 96340
HTTP Request
GET https://storage.googleapis.com/drive-bulk-export-anonymous/20241111T202938.092Z/4133399871716478688/d39cf74c-394c-4116-b079-5610607b5ca3/1/8b740fe4-17e8-4239-85e4-8f4c6ef22372?authuser -
142.250.178.14:443https://ogs.google.com/widget/app/so?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en-GBtls, http2firefox.exe2.6kB 23.7kB 20 27
HTTP Request
GET https://ogs.google.com/widget/app/so?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en-GB -
35.190.72.216:443https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213ebtls, http2firefox.exe1.6kB 4.4kB 10 11
HTTP Request
GET https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb -
142.250.200.14:443https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.ziptls, http2firefox.exe1.5kB 8.7kB 15 17
HTTP Request
GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip -
23.55.161.211:80http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.ziphttpfirefox.exe15.5kB 506.7kB 240 372
HTTP Request
GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zipHTTP Response
200 -
173.194.183.71:443https://r2---sn-aigl6ned.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1731357001,&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigl6ned&ms=nvh&mt=1731356660&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ned.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.comtls, httpfirefox.exe344.3kB 15.0MB 5557 10746
HTTP Request
GET https://r2---sn-aigl6ned.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1731357001,&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigl6ned&ms=nvh&mt=1731356660&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ned.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.comHTTP Response
200
-
998 B 1.8kB 14 14
DNS Request
drive.google.com
DNS Response
142.250.187.206
DNS Request
firefox.settings.services.mozilla.com
DNS Response
34.149.100.209
DNS Request
prod.content-signature-chains.prod.webservices.mozgcp.net
DNS Response
2600:1901:0:92a9::
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
ssl.gstatic.com
DNS Response
172.217.16.227
DNS Request
googlehosted.l.googleusercontent.com
DNS Response
216.58.213.1
DNS Request
110.201.58.216.in-addr.arpa
DNS Request
ogads-pa.googleapis.com
DNS Response
142.250.200.10142.250.179.234172.217.169.74142.250.180.10142.250.200.42216.58.212.202172.217.16.234216.58.213.10142.250.187.234216.58.212.234142.250.187.202216.58.204.74172.217.169.42216.58.201.106142.250.178.10
DNS Request
www.google.com
DNS Response
2a00:1450:4009:81e::2004
DNS Request
play.google.com
DNS Response
172.217.16.238
DNS Request
74.204.58.216.in-addr.arpa
DNS Request
www3.l.google.com
DNS Response
2a00:1450:4009:815::200e
DNS Request
216.72.190.35.in-addr.arpa
DNS Request
r2---sn-aigl6ned.gvt1.com
DNS Response
173.194.183.71
-
915 B 2.1kB 13 13
DNS Request
firefox-api-proxy.cdn.mozilla.net
DNS Response
34.149.97.1
DNS Request
shavar.prod.mozaws.net
DNS Request
contile.services.mozilla.com
DNS Request
apis.google.com
DNS Response
216.58.201.110
DNS Request
drive-thirdparty.googleusercontent.com
DNS Response
216.58.213.1
DNS Request
10.178.250.142.in-addr.arpa
DNS Request
www.google.com
DNS Response
142.250.180.4
DNS Request
people-pa.clients6.google.com
DNS Response
2a00:1450:4009:81f::200a
DNS Request
youtube.googleapis.com
DNS Response
2a00:1450:4009:81e::200a2a00:1450:4009:81f::200a2a00:1450:4009:819::200a2a00:1450:4009:81d::200a
DNS Request
storage.googleapis.com
DNS Response
172.217.169.91172.217.169.59216.58.212.219142.250.187.251142.250.200.59216.58.212.251172.217.169.27172.217.16.251216.58.201.123142.250.200.27142.250.187.219216.58.213.27142.250.178.27142.250.180.27216.58.204.91142.250.179.251
DNS Request
aus5.mozilla.org
DNS Response
35.244.181.201
DNS Request
ciscobinary.openh264.org
DNS Response
23.55.161.21123.55.161.185
DNS Request
14.200.250.142.in-addr.arpa
-
970 B 1.5kB 13 13
DNS Request
spocs.getpocket.com
DNS Response
34.117.188.166
DNS Request
contile.services.mozilla.com
DNS Response
34.117.188.166
DNS Request
prod.ads.prod.webservices.mozgcp.net
DNS Request
attachments.prod.remote-settings.prod.webservices.mozgcp.net
DNS Request
fonts.googleapis.com
DNS Response
2a00:1450:4009:815::200a
DNS Request
fonts.gstatic.com
DNS Response
142.250.200.35
DNS Request
drivefrontend-pa.clients6.google.com
DNS Response
142.250.200.42
DNS Request
35.200.250.142.in-addr.arpa
DNS Request
play.google.com
DNS Response
2a00:1450:4009:821::200e
DNS Request
takeout-pa-qw.clients6.google.com
DNS Response
216.58.204.74
DNS Request
ogs.google.com
DNS Response
142.250.178.14
DNS Request
prod.classify-client.prod.webservices.mozgcp.net
DNS Request
redirector.gvt1.com
DNS Response
2a00:1450:4009:822::200e
-
973 B 1.6kB 14 12
DNS Request
prod.remote-settings.prod.webservices.mozgcp.net
DNS Response
34.149.100.209
DNS Request
push.services.mozilla.com
DNS Request
fonts.googleapis.com
DNS Response
142.250.178.10
DNS Request
plus.l.google.com
DNS Response
2a00:1450:4009:826::200e
DNS Request
www.gstatic.com
DNS Response
2a00:1450:4009:820::2003
DNS Request
www.google.com
DNS Response
142.250.180.4
DNS Request
people-pa.clients6.google.com
DNS Response
216.58.213.10
DNS Request
youtube.googleapis.com
DNS Response
216.58.212.202142.250.187.202142.250.178.10142.250.187.234216.58.201.106142.250.179.234216.58.204.74172.217.16.234216.58.213.10142.250.200.10142.250.200.42142.250.180.10216.58.212.234172.217.169.42
DNS Request
storage.googleapis.com
DNS Response
142.250.178.27142.250.187.251172.217.169.59142.250.187.219216.58.212.251142.250.200.27172.217.169.27216.58.212.219172.217.16.251172.217.169.91216.58.213.27216.58.204.91216.58.201.123142.250.179.251142.250.200.59142.250.180.27
DNS Request
location.services.mozilla.com
DNS Response
35.190.72.216
DNS Request
redirector.gvt1.com
DNS Response
142.250.200.14
DNS Request
r2.sn-aigl6ned.gvt1.com
DNS Request
r2.sn-aigl6ned.gvt1.com
DNS Request
r2.sn-aigl6ned.gvt1.com
DNS Response
2a00:1450:4009:4e::7
-
1.7kB 4.4kB 5 6
-
36.6kB 1.2MB 193 921
-
9.6kB 219.2kB 91 192
-
17.4kB 519.1kB 131 393
-
2.9kB 13.7kB 15 16
-
3.5kB 13.4kB 12 16
-
2.2kB 7.2kB 10 9
-
2.0kB 12.5kB 8 13
-
1.9kB 12.5kB 7 12
-
24.8kB 13.6kB 37 33
-
2.0kB 9.3kB 8 10
-
2.5kB 9.7kB 10 13
-
2.3kB 7.2kB 11 9
-
2.3kB 9.4kB 11 11
-
4.6kB 15.2kB 23 24
-
2.1kB 12.5kB 10 12
-
1.9kB 6.7kB 7 8
-
2.0kB 9.4kB 7 11
-
1.8kB 4.3kB 5 6
-
2.0kB 9.4kB 8 11
-
1.8kB 5.9kB 5 8
-
47.7kB 6.1kB 42 28
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json
Filesize19KB
MD53ff4bf4e060a1d7f156626492c7b54ba
SHA14452f10c2532d4efbdd66bb1819a91ba1ff1c6f9
SHA256d38522de8f87aa69bedfc5e6bea89daa28fd66eba4bbb83de32e07721228dfa1
SHA51223de51f40e7f742fec54d4348446f91e3f4bbbcf9651157f49a4e24eb186670e73a37fad72a2a3205d3cd4c31999883788215cd9667590bd7b5fab93f0ca8500
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5069c37bf9e39b121efb7a28ece933aee
SHA1eaef2e55b66e543a14a6780c23bb83fe60f2f04d
SHA256485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8
SHA512f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5eed640164203d0d0a2a1e7919a6fdbdf
SHA19af74121e090cf2970beee82d22ef4ebb886c0ae
SHA2564ca7fe712b4322fdb497733e015f4ae4496d3998772a6c37305da3cbba3eb7ae
SHA5121bf6de193ae00189525ea9a685bbe3dc7722eceb6ccfb83c70adc766b6301b4978abf73b2f8f41b865f1521925308e4f96285dca569e9c2b2c61e79db1100e3d
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin
Filesize6KB
MD5a9bedf21998ed835094eb3dd0932b61a
SHA1e14fca1b2bd7c2ecc1416497e7211e1969a1d3bf
SHA256dbf95627ee2b19c75acf15bf237fdc7cf1a6626ab34ff5fd76d8ee3bb191324e
SHA51212d18f633bae673038645f5ae5e0d62c04787f1d97e6fc552bfc258046a6caf4e0b4039785f01bc407bb59c4d1bbf8486b3f9607e4244ddfeae2cef6421eb41a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin
Filesize7KB
MD5c70c73fdad79f3ca07f14a0eb0b96479
SHA1385c4b631487caccbb98d67033aec7ef48a75a3a
SHA2569edc689917584603e5a9f70976065cc53d34b9c54c192827a70fa8f0e143c827
SHA5123a57349aef90eda366e1ef8b1f706a6dcdd7b9f13566436ed1e1e7f0e30d8f31b453d0ef5445ef7595eb36649f8305a9934d751fd1fe8a082f96af49a1326075
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin
Filesize11KB
MD5b49af5fb8f03305d717d91f1b8aa6af0
SHA14772e3fcee04a7048e9b71d67ff5cd83632eb8b6
SHA25665f77b4b4b72599698fc6e6f4505ffc1945e56dfc040cac8b30539be8031da45
SHA5128bf6987e380439ee40f9f441627f74983930495e4aab7747108ec980211b890ecedd164a89ca89423e3f89f19711b42a48ce666820d18d2434e37b451715a021
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin
Filesize30KB
MD509325ad577859f2535617583c30bd5ad
SHA1cd02b4cbec8eb0dcdbabf7f962713570a6dba00a
SHA2567e1faca93313c06cb0df1a4ebdebe00c243e4f0f544e729ef4a1d576047f3577
SHA512ca9b411d5608398e2c4d329d169fbf9c7700035af37641212ac111b25fb69167a468b50a4de99e412bcd3519d6d6aca11c1228bf830f8a0a5759de12cb2eb779
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5ed749074b1e0edab9f3f8e669485fd7f
SHA14ba245603977e334ac5bf38dfbe29517e1e10b86
SHA2560cf53bd4a46da401948e66eac7af8362cbb1ecda55729aa4302a1a4e97a5310e
SHA5129925e7afd24ae595304599d7d7f61f4d1acbdfface5507c2e4171699294fe2648bd7632ca5b7db4087a3ccfd5c92fc442e3e0bbb01ea6e37f909a366f20c5076
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5857a79769543803a03114361343226ae
SHA188d6e3e88e90a5e67570926062690713430a0eac
SHA2566075b97d46c0a13fa5cbfd7c7e520bbd8d2b040936f63cc7b16948cc0dd38168
SHA5120c813a80f01d6e38e0368f3bd0d18b6b731b500b2a2d2e454cc0737ddf150ecd55a7d9c5605491d601814e89c3dc6f592b6819425bac80d62f7c8ffc9909fcd5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5054dc44e6651399e16f8e4f8dd9f7e22
SHA184a562b15b776633faf14622f8a42e682890f46a
SHA256522d43d8243ec64e6e1adab265a6fcbb4a863c455b71a79cfe3135ceea11f211
SHA5127c396021b59549058b00baf99f61c3943558bf04fc18096a3ab467ec3d28ced30dadca731369ae74b89a790e43f0af113c9ea1724eb53bc72f7e08b824bca596
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\278cefa0-04af-48a8-8f10-06cea9674fb2
Filesize982B
MD56bf218f2a3acada822785e0c13a3b95b
SHA130c2ad1dde07b95b6e8579ae1e7a33c96b4485ad
SHA2568e4c9ff0fba5f4a105da660edd1971ad5234b5b224e3137cfde6609e99fc4b0e
SHA5122cd02373766777d47042bbfc26207c93a4b7078752e2fdaf13f39af4d8b22f3108c20ff3922d15374cad986e2a64c75c4c34add44593b7764011e8d28a1d1989
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\466bc1d4-e388-4bab-815a-faa56e88a6d0
Filesize671B
MD5c2e1769dd114058f746d58de9e89acdf
SHA1b277012719c2a18184e1653c0f237d791d8ddb0a
SHA256eef9a14fed7333cf54b1082578c347bc03ff97b2e9c7c16e85e7a3f958915259
SHA5126c1d9bd3eccabc57f69eda0280d44cc3d4d8974854884ed33d248ec70782ddbe52b072666fc01307e3aa57e9c9b8cc3761d144356c002206f9cbb1a5da82fa48
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\f5596ce7-db0e-4e4e-bfa2-cc1db00010cc
Filesize25KB
MD58a475aceac666ea8f7544416cdd55504
SHA15d13d7c34a5967bdb41b700d607deded651d541f
SHA256710d6d48eae8889c6169431c5f8192e19503dacf792ec4a2b10bd10707ed9ff5
SHA512b49a027103210905c31ade6646bc378a214363f73a09cc42d342d166f31b2b2dadf78efb56831400e34b5fef226c37e8977c199fd1c017a0f3414f5e22a0aed8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD5070cea63ba552bb8c63cb9a0c49337e4
SHA19604c3a3c8284d6115b4560cd321695985ad6925
SHA256088308fd307fc13589f86a94a16be64be64f9390b507a968da70c0e5827a5eaf
SHA5125f69ef820258ed8215fc4b75309eeb6b3476fe30715f4a67ac3e2b4d4e77e4820d6ab05e491be8493985045215493f4d448258d3914a97e33b5459d23fb6c504
-
Filesize
10KB
MD53882cffa4b2ce9ef7202225b1d7564f3
SHA1323e9634dea5d90ef0818a333cdb4a8877012331
SHA256863f9e1a21b214b0cb855f556c7c5ce39650f5de79b623fa9226ce113093905f
SHA512dbe0d436f4b043f60c23f5693e571f1e3121ef207a64979dd3025a46edf4767929babfaa480ec2effee74d67787969a7097a9751828a1ec1e4a2dfea11cb1ce8
-
Filesize
11KB
MD5994b9875e9479de67848c6199da3198b
SHA1b63dd308b71091d9b97ded2833c67a656c0e398c
SHA256807e865572cfbe007454abffd3b73c5e2e241db6e608dc63d3de3459ee3a22f5
SHA512f790def6d01259aafb258fd31ef83f58a8c14ee165f6815007826277f4c1c40d35654475ca509b76fdee44de7194603db931da2578b2216ca91e6016497914b1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4
Filesize3KB
MD55d6578a5a71f4160fd717e00c133c5be
SHA1eb5454e88925f650eedc4d021a635374ba6b366f
SHA2561778880eaf79fa80110c2e5f3ec1ff4b97c62a9043047e9d46b32e43795b9966
SHA5124a3f700e6f81956f3004846b34c4dad7ca062ff9a6dc1abef5742834712c18a454484c5fc2025fa749d008a1fa03189c8c0584d1e3a7b7657f73261d7447bedc
-
Filesize
190B
MD5b0d27eaec71f1cd73b015f5ceeb15f9d
SHA162264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA25686d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA5127b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c