Analysis

  • max time kernel
    83s
  • max time network
    85s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11/11/2024, 20:29 UTC

General

  • Target

    https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Network Service Discovery 1 TTPs 1 IoCs

    Attempt to gather information on host's network.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3252
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da8715cd-56c1-4976-99b9-a399f2d6b5f3} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" gpu
        3⤵
          PID:3764
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe0cdc0f-4a52-4971-a028-97d0e2e0afcc} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" socket
          3⤵
            PID:644
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 1216 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b71e9bcc-aef6-4a83-9402-510c06444070} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab
            3⤵
              PID:3056
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 2920 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6813b64-14a1-4b12-a3be-b55add261080} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab
              3⤵
                PID:104
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4736 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4724 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f12c62a-8ed9-4f99-bcd0-5950ad8da878} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" utility
                3⤵
                • Checks processor information in registry
                PID:1980
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5040 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4f4440e-dcb2-47fc-85dd-cdb891c6d026} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab
                3⤵
                  PID:1520
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 4 -isForBrowser -prefsHandle 5596 -prefMapHandle 5600 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59963cf9-3998-48c7-b1b6-ab6697151c0f} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab
                  3⤵
                    PID:3996
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5880 -childID 5 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ee602c7-1fea-4fd5-9590-28d2dbb6d9c4} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" tab
                    3⤵
                      PID:2672
                • C:\Windows\System32\rundll32.exe
                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  1⤵
                    PID:3476
                  • C:\Users\Admin\Downloads\Undertale-20241111T202938Z-001\Undertale\UNDERTALE.exe
                    "C:\Users\Admin\Downloads\Undertale-20241111T202938Z-001\Undertale\UNDERTALE.exe"
                    1⤵
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of SetWindowsHookEx
                    PID:1052
                  • C:\Windows\system32\AUDIODG.EXE
                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E4
                    1⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2168
                  • C:\Windows\System32\GameBarPresenceWriter.exe
                    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                    1⤵
                    • Network Service Discovery
                    PID:4900
                  • C:\Windows\system32\OpenWith.exe
                    C:\Windows\system32\OpenWith.exe -Embedding
                    1⤵
                    • Suspicious use of SetWindowsHookEx
                    PID:4904
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                    1⤵
                    • Drops desktop.ini file(s)
                    • Checks processor information in registry
                    • Modifies registry class
                    PID:2520
                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:3444

                  Network

                  • flag-us
                    DNS
                    drive.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    drive.google.com
                    IN A
                    Response
                    drive.google.com
                    IN A
                    142.250.187.206
                  • flag-us
                    DNS
                    firefox.settings.services.mozilla.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    firefox.settings.services.mozilla.com
                    IN A
                    Response
                    firefox.settings.services.mozilla.com
                    IN CNAME
                    prod.remote-settings.prod.webservices.mozgcp.net
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.149.100.209
                  • flag-us
                    DNS
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN AAAA
                    2600:1901:0:92a9::
                  • flag-us
                    DNS
                    8.8.8.8.in-addr.arpa
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    8.8.8.8.in-addr.arpa
                    IN PTR
                    Response
                    8.8.8.8.in-addr.arpa
                    IN PTR
                    dnsgoogle
                  • flag-us
                    DNS
                    ssl.gstatic.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ssl.gstatic.com
                    IN A
                    Response
                    ssl.gstatic.com
                    IN A
                    172.217.16.227
                  • flag-us
                    DNS
                    googlehosted.l.googleusercontent.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    googlehosted.l.googleusercontent.com
                    IN A
                    Response
                    googlehosted.l.googleusercontent.com
                    IN A
                    216.58.213.1
                  • flag-us
                    DNS
                    110.201.58.216.in-addr.arpa
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    110.201.58.216.in-addr.arpa
                    IN PTR
                    Response
                    110.201.58.216.in-addr.arpa
                    IN PTR
                    lhr48s48-in-f141e100net
                    110.201.58.216.in-addr.arpa
                    IN PTR
                    prg03s02-in-f110�I
                    110.201.58.216.in-addr.arpa
                    IN PTR
                    prg03s02-in-f14�I
                  • flag-us
                    DNS
                    ogads-pa.googleapis.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ogads-pa.googleapis.com
                    IN A
                    Response
                    ogads-pa.googleapis.com
                    IN A
                    142.250.200.10
                    ogads-pa.googleapis.com
                    IN A
                    142.250.179.234
                    ogads-pa.googleapis.com
                    IN A
                    172.217.169.74
                    ogads-pa.googleapis.com
                    IN A
                    142.250.180.10
                    ogads-pa.googleapis.com
                    IN A
                    142.250.200.42
                    ogads-pa.googleapis.com
                    IN A
                    216.58.212.202
                    ogads-pa.googleapis.com
                    IN A
                    172.217.16.234
                    ogads-pa.googleapis.com
                    IN A
                    216.58.213.10
                    ogads-pa.googleapis.com
                    IN A
                    142.250.187.234
                    ogads-pa.googleapis.com
                    IN A
                    216.58.212.234
                    ogads-pa.googleapis.com
                    IN A
                    142.250.187.202
                    ogads-pa.googleapis.com
                    IN A
                    216.58.204.74
                    ogads-pa.googleapis.com
                    IN A
                    172.217.169.42
                    ogads-pa.googleapis.com
                    IN A
                    216.58.201.106
                    ogads-pa.googleapis.com
                    IN A
                    142.250.178.10
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN AAAA
                    Response
                    www.google.com
                    IN AAAA
                    2a00:1450:4009:81e::2004
                  • flag-us
                    DNS
                    play.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    play.google.com
                    IN A
                    Response
                    play.google.com
                    IN A
                    172.217.16.238
                  • flag-us
                    DNS
                    74.204.58.216.in-addr.arpa
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    74.204.58.216.in-addr.arpa
                    IN PTR
                    Response
                    74.204.58.216.in-addr.arpa
                    IN PTR
                    lhr25s13-in-f101e100net
                    74.204.58.216.in-addr.arpa
                    IN PTR
                    lhr25s13-in-f74�H
                    74.204.58.216.in-addr.arpa
                    IN PTR
                    lhr48s49-in-f10�H
                  • flag-us
                    DNS
                    www3.l.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www3.l.google.com
                    IN AAAA
                    Response
                    www3.l.google.com
                    IN AAAA
                    2a00:1450:4009:815::200e
                  • flag-us
                    DNS
                    216.72.190.35.in-addr.arpa
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    216.72.190.35.in-addr.arpa
                    IN PTR
                    Response
                    216.72.190.35.in-addr.arpa
                    IN PTR
                    2167219035bcgoogleusercontentcom
                  • flag-us
                    DNS
                    r2---sn-aigl6ned.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r2---sn-aigl6ned.gvt1.com
                    IN A
                    Response
                    r2---sn-aigl6ned.gvt1.com
                    IN CNAME
                    r2.sn-aigl6ned.gvt1.com
                    r2.sn-aigl6ned.gvt1.com
                    IN A
                    173.194.183.71
                  • flag-us
                    DNS
                    firefox-api-proxy.cdn.mozilla.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    firefox-api-proxy.cdn.mozilla.net
                    IN A
                    Response
                    firefox-api-proxy.cdn.mozilla.net
                    IN CNAME
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    IN A
                    34.149.97.1
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    contile.services.mozilla.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    contile.services.mozilla.com
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    apis.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    apis.google.com
                    IN A
                    Response
                    apis.google.com
                    IN CNAME
                    plus.l.google.com
                    plus.l.google.com
                    IN A
                    216.58.201.110
                  • flag-us
                    DNS
                    drive-thirdparty.googleusercontent.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    drive-thirdparty.googleusercontent.com
                    IN A
                    Response
                    drive-thirdparty.googleusercontent.com
                    IN CNAME
                    googlehosted.l.googleusercontent.com
                    googlehosted.l.googleusercontent.com
                    IN A
                    216.58.213.1
                  • flag-us
                    DNS
                    10.178.250.142.in-addr.arpa
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    10.178.250.142.in-addr.arpa
                    IN PTR
                    Response
                    10.178.250.142.in-addr.arpa
                    IN PTR
                    lhr48s27-in-f101e100net
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.180.4
                  • flag-us
                    DNS
                    people-pa.clients6.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    people-pa.clients6.google.com
                    IN AAAA
                    Response
                    people-pa.clients6.google.com
                    IN AAAA
                    2a00:1450:4009:81f::200a
                  • flag-us
                    DNS
                    youtube.googleapis.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.googleapis.com
                    IN AAAA
                    Response
                    youtube.googleapis.com
                    IN AAAA
                    2a00:1450:4009:81e::200a
                    youtube.googleapis.com
                    IN AAAA
                    2a00:1450:4009:81f::200a
                    youtube.googleapis.com
                    IN AAAA
                    2a00:1450:4009:819::200a
                    youtube.googleapis.com
                    IN AAAA
                    2a00:1450:4009:81d::200a
                  • flag-us
                    DNS
                    storage.googleapis.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    storage.googleapis.com
                    IN A
                    Response
                    storage.googleapis.com
                    IN A
                    172.217.169.91
                    storage.googleapis.com
                    IN A
                    172.217.169.59
                    storage.googleapis.com
                    IN A
                    216.58.212.219
                    storage.googleapis.com
                    IN A
                    142.250.187.251
                    storage.googleapis.com
                    IN A
                    142.250.200.59
                    storage.googleapis.com
                    IN A
                    216.58.212.251
                    storage.googleapis.com
                    IN A
                    172.217.169.27
                    storage.googleapis.com
                    IN A
                    172.217.16.251
                    storage.googleapis.com
                    IN A
                    216.58.201.123
                    storage.googleapis.com
                    IN A
                    142.250.200.27
                    storage.googleapis.com
                    IN A
                    142.250.187.219
                    storage.googleapis.com
                    IN A
                    216.58.213.27
                    storage.googleapis.com
                    IN A
                    142.250.178.27
                    storage.googleapis.com
                    IN A
                    142.250.180.27
                    storage.googleapis.com
                    IN A
                    216.58.204.91
                    storage.googleapis.com
                    IN A
                    142.250.179.251
                  • flag-us
                    DNS
                    aus5.mozilla.org
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    aus5.mozilla.org
                    IN A
                    Response
                    aus5.mozilla.org
                    IN CNAME
                    balrog-aus5.r53-2.services.mozilla.com
                    balrog-aus5.r53-2.services.mozilla.com
                    IN CNAME
                    prod.balrog.prod.cloudops.mozgcp.net
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN A
                    35.244.181.201
                  • flag-us
                    DNS
                    ciscobinary.openh264.org
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ciscobinary.openh264.org
                    IN A
                    Response
                    ciscobinary.openh264.org
                    IN CNAME
                    a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                    a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                    IN CNAME
                    a17.rackcdn.com
                    a17.rackcdn.com
                    IN CNAME
                    a17.rackcdn.com.mdc.edgesuite.net
                    a17.rackcdn.com.mdc.edgesuite.net
                    IN CNAME
                    a19.dscg10.akamai.net
                    a19.dscg10.akamai.net
                    IN A
                    23.55.161.211
                    a19.dscg10.akamai.net
                    IN A
                    23.55.161.185
                  • flag-us
                    DNS
                    14.200.250.142.in-addr.arpa
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    14.200.250.142.in-addr.arpa
                    IN PTR
                    Response
                    14.200.250.142.in-addr.arpa
                    IN PTR
                    lhr48s29-in-f141e100net
                  • flag-us
                    DNS
                    spocs.getpocket.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    spocs.getpocket.com
                    IN A
                    Response
                    spocs.getpocket.com
                    IN CNAME
                    prod.ads.prod.webservices.mozgcp.net
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    34.117.188.166
                  • flag-us
                    DNS
                    contile.services.mozilla.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    contile.services.mozilla.com
                    IN A
                    Response
                    contile.services.mozilla.com
                    IN A
                    34.117.188.166
                  • flag-us
                    DNS
                    prod.ads.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.ads.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    fonts.googleapis.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    fonts.googleapis.com
                    IN AAAA
                    Response
                    fonts.googleapis.com
                    IN AAAA
                    2a00:1450:4009:815::200a
                  • flag-us
                    DNS
                    fonts.gstatic.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    fonts.gstatic.com
                    IN A
                    Response
                    fonts.gstatic.com
                    IN A
                    142.250.200.35
                  • flag-us
                    DNS
                    drivefrontend-pa.clients6.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    drivefrontend-pa.clients6.google.com
                    IN A
                    Response
                    drivefrontend-pa.clients6.google.com
                    IN A
                    142.250.200.42
                  • flag-us
                    DNS
                    35.200.250.142.in-addr.arpa
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    35.200.250.142.in-addr.arpa
                    IN PTR
                    Response
                    35.200.250.142.in-addr.arpa
                    IN PTR
                    lhr48s30-in-f31e100net
                  • flag-us
                    DNS
                    play.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    play.google.com
                    IN AAAA
                    Response
                    play.google.com
                    IN AAAA
                    2a00:1450:4009:821::200e
                  • flag-us
                    DNS
                    takeout-pa-qw.clients6.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    takeout-pa-qw.clients6.google.com
                    IN A
                    Response
                    takeout-pa-qw.clients6.google.com
                    IN A
                    216.58.204.74
                  • flag-us
                    DNS
                    ogs.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ogs.google.com
                    IN A
                    Response
                    ogs.google.com
                    IN CNAME
                    www3.l.google.com
                    www3.l.google.com
                    IN A
                    142.250.178.14
                  • flag-us
                    DNS
                    prod.classify-client.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.classify-client.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN AAAA
                    Response
                    redirector.gvt1.com
                    IN AAAA
                    2a00:1450:4009:822::200e
                  • flag-gb
                    GET
                    https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
                    firefox.exe
                    Remote address:
                    142.250.187.206:443
                    Request
                    GET /drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq HTTP/2.0
                    host: drive.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                  • flag-gb
                    GET
                    https://drive.google.com/_/drive_fe/_/ss/k=drive_fe.main.x75CuOwN5Ic.L.F4.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=0/br=1/rs=AFB8gsxC_gTh8fQyDWYTOWnHBg0r-WWphg
                    firefox.exe
                    Remote address:
                    142.250.187.206:443
                    Request
                    GET /_/drive_fe/_/ss/k=drive_fe.main.x75CuOwN5Ic.L.F4.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=0/br=1/rs=AFB8gsxC_gTh8fQyDWYTOWnHBg0r-WWphg HTTP/2.0
                    host: drive.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: text/css,*/*;q=0.1
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: style
                    sec-fetch-mode: no-cors
                    sec-fetch-site: same-origin
                    te: trailers
                  • flag-gb
                    GET
                    https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=b
                    firefox.exe
                    Remote address:
                    142.250.187.206:443
                    Request
                    GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=b HTTP/2.0
                    host: drive.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: script
                    sec-fetch-mode: no-cors
                    sec-fetch-site: same-origin
                    te: trailers
                  • flag-gb
                    GET
                    https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=RsR2Mc
                    firefox.exe
                    Remote address:
                    142.250.187.206:443
                    Request
                    GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=RsR2Mc HTTP/2.0
                    host: drive.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: script
                    sec-fetch-mode: no-cors
                    sec-fetch-site: same-origin
                    te: trailers
                  • flag-gb
                    GET
                    https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=core
                    firefox.exe
                    Remote address:
                    142.250.187.206:443
                    Request
                    GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=core HTTP/2.0
                    host: drive.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: script
                    sec-fetch-mode: no-cors
                    sec-fetch-site: same-origin
                    te: trailers
                  • flag-us
                    GET
                    https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                    firefox.exe
                    Remote address:
                    34.149.97.1:443
                    Request
                    GET /desktop/v1/recommendations?locale=en-US&region=GB&count=30 HTTP/2.0
                    host: firefox-api-proxy.cdn.mozilla.net
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    consumer_key: 94110-6d5ff7a89d72c869766af0e0
                    if-none-match: W/"485f-fen988fqv/S2EQEpVs+ik8qVtVA"
                    te: trailers
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.149.100.209
                  • flag-us
                    DNS
                    push.services.mozilla.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    push.services.mozilla.com
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    fonts.googleapis.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    fonts.googleapis.com
                    IN A
                    Response
                    fonts.googleapis.com
                    IN A
                    142.250.178.10
                  • flag-us
                    DNS
                    plus.l.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    plus.l.google.com
                    IN AAAA
                    Response
                    plus.l.google.com
                    IN AAAA
                    2a00:1450:4009:826::200e
                  • flag-us
                    DNS
                    www.gstatic.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.gstatic.com
                    IN AAAA
                    Response
                    www.gstatic.com
                    IN AAAA
                    2a00:1450:4009:820::2003
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.180.4
                  • flag-us
                    DNS
                    people-pa.clients6.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    people-pa.clients6.google.com
                    IN A
                    Response
                    people-pa.clients6.google.com
                    IN A
                    216.58.213.10
                  • flag-us
                    DNS
                    youtube.googleapis.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.googleapis.com
                    IN A
                    Response
                    youtube.googleapis.com
                    IN A
                    216.58.212.202
                    youtube.googleapis.com
                    IN A
                    142.250.187.202
                    youtube.googleapis.com
                    IN A
                    142.250.178.10
                    youtube.googleapis.com
                    IN A
                    142.250.187.234
                    youtube.googleapis.com
                    IN A
                    216.58.201.106
                    youtube.googleapis.com
                    IN A
                    142.250.179.234
                    youtube.googleapis.com
                    IN A
                    216.58.204.74
                    youtube.googleapis.com
                    IN A
                    172.217.16.234
                    youtube.googleapis.com
                    IN A
                    216.58.213.10
                    youtube.googleapis.com
                    IN A
                    142.250.200.10
                    youtube.googleapis.com
                    IN A
                    142.250.200.42
                    youtube.googleapis.com
                    IN A
                    142.250.180.10
                    youtube.googleapis.com
                    IN A
                    216.58.212.234
                    youtube.googleapis.com
                    IN A
                    172.217.169.42
                  • flag-us
                    DNS
                    storage.googleapis.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    storage.googleapis.com
                    IN A
                    Response
                    storage.googleapis.com
                    IN A
                    142.250.178.27
                    storage.googleapis.com
                    IN A
                    142.250.187.251
                    storage.googleapis.com
                    IN A
                    172.217.169.59
                    storage.googleapis.com
                    IN A
                    142.250.187.219
                    storage.googleapis.com
                    IN A
                    216.58.212.251
                    storage.googleapis.com
                    IN A
                    142.250.200.27
                    storage.googleapis.com
                    IN A
                    172.217.169.27
                    storage.googleapis.com
                    IN A
                    216.58.212.219
                    storage.googleapis.com
                    IN A
                    172.217.16.251
                    storage.googleapis.com
                    IN A
                    172.217.169.91
                    storage.googleapis.com
                    IN A
                    216.58.213.27
                    storage.googleapis.com
                    IN A
                    216.58.204.91
                    storage.googleapis.com
                    IN A
                    216.58.201.123
                    storage.googleapis.com
                    IN A
                    142.250.179.251
                    storage.googleapis.com
                    IN A
                    142.250.200.59
                    storage.googleapis.com
                    IN A
                    142.250.180.27
                  • flag-us
                    DNS
                    location.services.mozilla.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    location.services.mozilla.com
                    IN A
                    Response
                    location.services.mozilla.com
                    IN CNAME
                    prod.classify-client.prod.webservices.mozgcp.net
                    prod.classify-client.prod.webservices.mozgcp.net
                    IN A
                    35.190.72.216
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN A
                    Response
                    redirector.gvt1.com
                    IN A
                    142.250.200.14
                  • flag-us
                    DNS
                    r2.sn-aigl6ned.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r2.sn-aigl6ned.gvt1.com
                    IN AAAA
                    Response
                    r2.sn-aigl6ned.gvt1.com
                    IN AAAA
                    2a00:1450:4009:4e::7
                  • flag-us
                    DNS
                    r2.sn-aigl6ned.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r2.sn-aigl6ned.gvt1.com
                    IN AAAA
                  • flag-us
                    DNS
                    r2.sn-aigl6ned.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r2.sn-aigl6ned.gvt1.com
                    IN AAAA
                  • flag-us
                    GET
                    https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/f2fd2765-a4cc-4e09-b427-a94d7e43fa30.ftl
                    firefox.exe
                    Remote address:
                    34.117.121.53:443
                    Request
                    GET /main-workspace/ms-language-packs/f2fd2765-a4cc-4e09-b427-a94d7e43fa30.ftl HTTP/2.0
                    host: firefox-settings-attachments.cdn.mozilla.net
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    te: trailers
                  • flag-gb
                    GET
                    https://apis.google.com/js/api.js
                    firefox.exe
                    Remote address:
                    216.58.201.110:443
                    Request
                    GET /js/api.js HTTP/2.0
                    host: apis.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: script
                    sec-fetch-mode: no-cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    GET
                    https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png
                    firefox.exe
                    Remote address:
                    172.217.16.227:443
                    Request
                    GET /images/branding/product/1x/drive_2020q4_48dp.png HTTP/2.0
                    host: ssl.gstatic.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: image/avif,image/webp,*/*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/
                    sec-fetch-dest: image
                    sec-fetch-mode: no-cors
                    sec-fetch-site: cross-site
                    te: trailers
                  • flag-gb
                    GET
                    https://drive-thirdparty.googleusercontent.com/32/type/application/x-msdos-program
                    firefox.exe
                    Remote address:
                    216.58.213.1:443
                    Request
                    GET /32/type/application/x-msdos-program HTTP/2.0
                    host: drive-thirdparty.googleusercontent.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: image/avif,image/webp,*/*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/
                    sec-fetch-dest: image
                    sec-fetch-mode: no-cors
                    sec-fetch-site: cross-site
                    te: trailers
                  • flag-gb
                    GET
                    https://drive-thirdparty.googleusercontent.com/32/type/application/octet-stream
                    firefox.exe
                    Remote address:
                    216.58.213.1:443
                    Request
                    GET /32/type/application/octet-stream HTTP/2.0
                    host: drive-thirdparty.googleusercontent.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: image/avif,image/webp,*/*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/
                    sec-fetch-dest: image
                    sec-fetch-mode: no-cors
                    sec-fetch-site: cross-site
                    te: trailers
                  • flag-gb
                    GET
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    GET /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: drivefrontend-pa.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-GB
                    accept-encoding: gzip, deflate, br
                    x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,modified_by_me_date_millis,last_viewed_by_me_date_millis,file_size,owner(id,focus_user_id,is_me,type),shortcut_details(target_id,target_mime_type,target_lookup_status),last_modifying_user(id,focus_user_id,is_me,type),has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,shared,shared_with_me_date_millis,capabilities(can_copy_non_authoritative,can_download_non_authoritative,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_read_team_drive,can_move_team_drive_item),user_role,explicitly_trashed,quota_bytes_used,starred,file_extension,sharing_user(id,focus_user_id,is_me,type),spaces,trashed,restricted,version,viewed,team_drive_id,has_own_permissions,create_date_millis,trashing_user(id,focus_user_id,is_me,type),trashed_date_millis))
                    content-type: application/json+protobuf
                    x-goog-ext-472780938-jspb: W1sxNDk3LG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSxudWxsLG51bGwsWzJdXV0=
                    x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
                    origin: https://drive.google.com
                    referer: https://drive.google.com/
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    GET
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    GET /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: drivefrontend-pa.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-GB
                    accept-encoding: gzip, deflate, br
                    x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,modified_by_me_date_millis,last_viewed_by_me_date_millis,file_size,owner(id,focus_user_id,is_me,type),shortcut_details(target_id,target_mime_type,target_lookup_status),last_modifying_user(id,focus_user_id,is_me,type),has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,shared,shared_with_me_date_millis,capabilities(can_copy_non_authoritative,can_download_non_authoritative,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_read_team_drive,can_move_team_drive_item),user_role,explicitly_trashed,quota_bytes_used,starred,file_extension,sharing_user(id,focus_user_id,is_me,type),spaces,trashed,restricted,version,viewed,team_drive_id,has_own_permissions,create_date_millis,trashing_user(id,focus_user_id,is_me,type),trashed_date_millis))
                    content-type: application/json+protobuf
                    x-goog-ext-472780938-jspb: W1sxNDk3LG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSxudWxsLG51bGwsWzJdXV0=
                    x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
                    origin: https://drive.google.com
                    referer: https://drive.google.com/
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    GET
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    GET /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: drivefrontend-pa.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-GB
                    accept-encoding: gzip, deflate, br
                    x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,modified_by_me_date_millis,last_viewed_by_me_date_millis,file_size,owner(id,focus_user_id,is_me,type),shortcut_details(target_id,target_mime_type,target_lookup_status),last_modifying_user(id,focus_user_id,is_me,type),has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,shared,shared_with_me_date_millis,capabilities(can_copy_non_authoritative,can_download_non_authoritative,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_read_team_drive,can_move_team_drive_item),user_role,explicitly_trashed,quota_bytes_used,starred,file_extension,sharing_user(id,focus_user_id,is_me,type),spaces,trashed,restricted,version,viewed,team_drive_id,has_own_permissions,create_date_millis,trashing_user(id,focus_user_id,is_me,type),trashed_date_millis))
                    content-type: application/json+protobuf
                    x-goog-ext-472780938-jspb: W1szMTAsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxLG51bGwsbnVsbCxbMl1dXQ==
                    x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
                    origin: https://drive.google.com
                    referer: https://drive.google.com/
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    GET
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    GET /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: drivefrontend-pa.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-GB
                    accept-encoding: gzip, deflate, br
                    x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,modified_by_me_date_millis,last_viewed_by_me_date_millis,file_size,owner(id,focus_user_id,is_me,type),shortcut_details(target_id,target_mime_type,target_lookup_status),last_modifying_user(id,focus_user_id,is_me,type),has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,shared,shared_with_me_date_millis,capabilities(can_copy_non_authoritative,can_download_non_authoritative,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_read_team_drive,can_move_team_drive_item),user_role,explicitly_trashed,quota_bytes_used,starred,file_extension,sharing_user(id,focus_user_id,is_me,type),spaces,trashed,restricted,version,viewed,team_drive_id,has_own_permissions,create_date_millis,trashing_user(id,focus_user_id,is_me,type),trashed_date_millis))
                    content-type: application/json+protobuf
                    x-goog-ext-472780938-jspb: W1sxMDAxLDEsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSxudWxsLG51bGwsWzJdXV0=
                    x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
                    origin: https://drive.google.com
                    referer: https://drive.google.com/
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    OPTIONS
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    OPTIONS /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: drivefrontend-pa.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    access-control-request-method: GET
                    access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
                    referer: https://drive.google.com/
                    origin: https://drive.google.com
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    OPTIONS
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    OPTIONS /v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: drivefrontend-pa.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    access-control-request-method: GET
                    access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
                    referer: https://drive.google.com/
                    origin: https://drive.google.com
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    OPTIONS
                    https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
                    host: ogads-pa.googleapis.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    access-control-request-method: POST
                    access-control-request-headers: content-type,x-goog-api-key,x-user-agent
                    referer: https://drive.google.com/
                    origin: https://drive.google.com
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: cross-site
                    te: trailers
                  • flag-gb
                    POST
                    https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
                    host: ogads-pa.googleapis.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
                    content-type: application/json+protobuf
                    x-user-agent: grpc-web-javascript/0.1
                    content-length: 70
                    origin: https://drive.google.com
                    referer: https://drive.google.com/
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: cross-site
                    te: trailers
                  • flag-gb
                    OPTIONS
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    142.250.200.42:443
                    Request
                    OPTIONS /v1/items:get?ids=1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: drivefrontend-pa.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    access-control-request-method: GET
                    access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
                    referer: https://drive.google.com/
                    origin: https://drive.google.com
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    GET
                    https://www.google.com/images/cleardot.gif
                    firefox.exe
                    Remote address:
                    142.250.180.4:443
                    Request
                    GET /images/cleardot.gif HTTP/2.0
                    host: www.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: image/avif,image/webp,*/*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: image
                    sec-fetch-mode: no-cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    POST
                    https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3D7nf2jspv2sl8%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    216.58.213.10:443
                    Request
                    POST /batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3D7nf2jspv2sl8%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: people-pa.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    content-type: text/plain; charset=UTF-8
                    content-length: 604
                    origin: https://drive.google.com
                    referer: https://drive.google.com/
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    POST
                    https://play.google.com/log?format=json&hasfast=true
                    firefox.exe
                    Remote address:
                    172.217.16.238:443
                    Request
                    POST /log?format=json&hasfast=true HTTP/2.0
                    host: play.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    content-type: application/x-www-form-urlencoded;charset=utf-8
                    content-length: 1316
                    origin: https://drive.google.com
                    referer: https://drive.google.com/
                    cookie: NID=519=ImzneWgOxFcOMbZBX4dbedYARCR-0EWBfee1E-SSiIZWIEajH1Giq6KhBr6HLxbFx4t2ghF1frXelTxZapUwovAuHuemzT1PWP6pVBnUMTvZ8lToZ35tcQRTztiHJ0Y9Jn1C7UA6ZFfbwALvvz57mP56Yf8Y9bpS8-QMyEObd6-kx_29
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    POST
                    https://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    216.58.204.74:443
                    Request
                    POST /v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: takeout-pa-qw.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    content-type: application/json
                    x-goog-drive-client-version: drive.web-frontend_20241105.13_p0
                    content-length: 82
                    origin: https://drive.google.com
                    referer: https://drive.google.com/
                    cookie: NID=519=KtLLugWDVsdiapimOggu55IovG_3j7siqpGH9SypUAWnort7nSu9FcNH_uG7v_Q_nPuvXtBqaikBOsDClXyW317pLGPEH_vPHyjd3mZubfmjbcjg-IX04QQkJ1Mc3PQ17vQuQeY7AvzLyXl5aeH4fFTyhKrs0-b2FZMeSnb2KZX_4shhaLLdKFWJ
                    cookie: __Secure-ENID=23.SE=VB2QoNi5r1qMWdRw7hSO8-V2U7Kq7BcJy5MV9l3OIVEXImETFYld1kyuf2AiZURlLWnUwp5bsRX4bSAsV4euii2-KGqVbM9Tg9xupJvUNbsifumy5OhufopXrrq6GDYiK2AZPOwE5SB0Bp5uOXH1kwl6oCUelEuJokLzw8hsOeClhISYa1oRSg709Iw
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    OPTIONS
                    https://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    216.58.204.74:443
                    Request
                    OPTIONS /v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: takeout-pa-qw.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    access-control-request-method: POST
                    access-control-request-headers: content-type,x-goog-drive-client-version
                    referer: https://drive.google.com/
                    origin: https://drive.google.com
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    OPTIONS
                    https://takeout-pa-qw.clients6.google.com/v1/exports/d39cf74c-394c-4116-b079-5610607b5ca3?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    firefox.exe
                    Remote address:
                    216.58.204.74:443
                    Request
                    OPTIONS /v1/exports/d39cf74c-394c-4116-b079-5610607b5ca3?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
                    host: takeout-pa-qw.clients6.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    access-control-request-method: GET
                    access-control-request-headers: x-goog-drive-client-version
                    referer: https://drive.google.com/
                    origin: https://drive.google.com
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-gb
                    GET
                    https://storage.googleapis.com/drive-bulk-export-anonymous/20241111T202938.092Z/4133399871716478688/d39cf74c-394c-4116-b079-5610607b5ca3/1/8b740fe4-17e8-4239-85e4-8f4c6ef22372?authuser
                    firefox.exe
                    Remote address:
                    142.250.178.27:443
                    Request
                    GET /drive-bulk-export-anonymous/20241111T202938.092Z/4133399871716478688/d39cf74c-394c-4116-b079-5610607b5ca3/1/8b740fe4-17e8-4239-85e4-8f4c6ef22372?authuser HTTP/2.0
                    host: storage.googleapis.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: iframe
                    sec-fetch-mode: navigate
                    sec-fetch-site: cross-site
                    te: trailers
                  • flag-gb
                    GET
                    https://ogs.google.com/widget/app/so?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en-GB
                    firefox.exe
                    Remote address:
                    142.250.178.14:443
                    Request
                    GET /widget/app/so?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en-GB HTTP/2.0
                    host: ogs.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://drive.google.com/
                    cookie: NID=519=KtLLugWDVsdiapimOggu55IovG_3j7siqpGH9SypUAWnort7nSu9FcNH_uG7v_Q_nPuvXtBqaikBOsDClXyW317pLGPEH_vPHyjd3mZubfmjbcjg-IX04QQkJ1Mc3PQ17vQuQeY7AvzLyXl5aeH4fFTyhKrs0-b2FZMeSnb2KZX_4shhaLLdKFWJ
                    cookie: __Secure-ENID=23.SE=VB2QoNi5r1qMWdRw7hSO8-V2U7Kq7BcJy5MV9l3OIVEXImETFYld1kyuf2AiZURlLWnUwp5bsRX4bSAsV4euii2-KGqVbM9Tg9xupJvUNbsifumy5OhufopXrrq6GDYiK2AZPOwE5SB0Bp5uOXH1kwl6oCUelEuJokLzw8hsOeClhISYa1oRSg709Iw
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: iframe
                    sec-fetch-mode: navigate
                    sec-fetch-site: same-site
                    te: trailers
                  • flag-us
                    GET
                    https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                    firefox.exe
                    Remote address:
                    35.190.72.216:443
                    Request
                    GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/2.0
                    host: location.services.mozilla.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    content-type: application/json
                    te: trailers
                  • flag-gb
                    GET
                    https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                    firefox.exe
                    Remote address:
                    142.250.200.14:443
                    Request
                    GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
                    host: redirector.gvt1.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    te: trailers
                  • flag-de
                    GET
                    http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                    firefox.exe
                    Remote address:
                    23.55.161.211:80
                    Request
                    GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
                    Host: ciscobinary.openh264.org
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    Accept: */*
                    Accept-Language: en-US,en;q=0.5
                    Accept-Encoding: gzip, deflate
                    Connection: keep-alive
                    Response
                    HTTP/1.1 200 OK
                    Last-Modified: Fri, 08 Nov 2024 02:37:54 GMT
                    ETag: 09372174e83dbbf696ee732fd2e875bb
                    Content-Length: 491284
                    Accept-Ranges: bytes
                    X-Timestamp: 1731033473.13891
                    Content-Type: application/zip
                    X-Trans-Id: txa94bf5004bf64d468a932-00672e043edfw1
                    Cache-Control: public, max-age=135852
                    Expires: Wed, 13 Nov 2024 10:14:13 GMT
                    Date: Mon, 11 Nov 2024 20:30:01 GMT
                    Connection: keep-alive
                  • flag-gb
                    GET
                    https://r2---sn-aigl6ned.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1731357001,&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigl6ned&ms=nvh&mt=1731356660&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ned.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com
                    firefox.exe
                    Remote address:
                    173.194.183.71:443
                    Request
                    GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1731357001,&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigl6ned&ms=nvh&mt=1731356660&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ned.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com HTTP/1.1
                    Host: r2---sn-aigl6ned.gvt1.com
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    Accept: */*
                    Accept-Language: en-US,en;q=0.5
                    Accept-Encoding: gzip, deflate, br
                    Connection: keep-alive
                    Response
                    HTTP/1.1 200 OK
                    Accept-Ranges: bytes
                    Cache-Control: public,max-age=86400
                    Content-Disposition: attachment
                    Content-Length: 14485862
                    Content-Security-Policy: default-src 'none'
                    Content-Type: application/zip
                    Etag: "1d3918c"
                    Server: downloads
                    X-Content-Type-Options: nosniff
                    X-Frame-Options: SAMEORIGIN
                    X-Xss-Protection: 0
                    Date: Mon, 11 Nov 2024 09:28:58 GMT
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
                    Connection: keep-alive
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
                    Vary: Origin
                  • 127.0.0.1:49732
                    firefox.exe
                  • 142.250.187.206:443
                    drive.google.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    7.6kB
                    10
                    10
                  • 142.250.187.206:443
                    https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=core
                    tls, http2
                    firefox.exe
                    10.6kB
                    1.1MB
                    181
                    833

                    HTTP Request

                    GET https://drive.google.com/drive/folders/1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq

                    HTTP Request

                    GET https://drive.google.com/_/drive_fe/_/ss/k=drive_fe.main.x75CuOwN5Ic.L.F4.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=0/br=1/rs=AFB8gsxC_gTh8fQyDWYTOWnHBg0r-WWphg

                    HTTP Request

                    GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=b

                    HTTP Request

                    GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=RsR2Mc

                    HTTP Request

                    GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.-nHvHcGkfqs.2021.O/am=OIgADBDANIDBPEIIgAAAZAICCA/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gsx_Zr9YF6clhSPU-SF9PEU8T8g2tQ/m=core
                  • 34.149.97.1:443
                    https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                    tls, http2
                    firefox.exe
                    2.0kB
                    13.3kB
                    16
                    18

                    HTTP Request

                    GET https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                  • 34.117.121.53:443
                    https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/f2fd2765-a4cc-4e09-b427-a94d7e43fa30.ftl
                    tls, http2
                    firefox.exe
                    1.4kB
                    9.1kB
                    13
                    16

                    HTTP Request

                    GET https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/f2fd2765-a4cc-4e09-b427-a94d7e43fa30.ftl
                  • 216.58.201.110:443
                    https://apis.google.com/js/api.js
                    tls, http2
                    firefox.exe
                    2.1kB
                    12.1kB
                    16
                    19

                    HTTP Request

                    GET https://apis.google.com/js/api.js
                  • 172.217.16.227:443
                    https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png
                    tls, http2
                    firefox.exe
                    2.0kB
                    7.1kB
                    15
                    15

                    HTTP Request

                    GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png
                  • 216.58.213.1:443
                    drive-thirdparty.googleusercontent.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    10.3kB
                    10
                    12
                  • 216.58.213.1:443
                    https://drive-thirdparty.googleusercontent.com/32/type/application/octet-stream
                    tls, http2
                    firefox.exe
                    2.1kB
                    13.1kB
                    16
                    17

                    HTTP Request

                    GET https://drive-thirdparty.googleusercontent.com/32/type/application/x-msdos-program

                    HTTP Request

                    GET https://drive-thirdparty.googleusercontent.com/32/type/application/octet-stream
                  • 142.250.200.42:443
                    drivefrontend-pa.clients6.google.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    10.9kB
                    10
                    15
                  • 142.250.200.42:443
                    drivefrontend-pa.clients6.google.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    10.9kB
                    11
                    15
                  • 142.250.200.42:443
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    tls, http2
                    firefox.exe
                    3.9kB
                    13.9kB
                    21
                    28

                    HTTP Request

                    GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

                    HTTP Request

                    GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

                    HTTP Request

                    GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

                    HTTP Request

                    GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                  • 142.250.200.42:443
                    https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    tls, http2
                    firefox.exe
                    3.5kB
                    13.1kB
                    26
                    35

                    HTTP Request

                    OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

                    HTTP Request

                    OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1BHwUZC81xqwtAMcCYKDVmHIFQJF5_vPq&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

                    HTTP Request

                    OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

                    HTTP Request

                    POST https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

                    HTTP Request

                    OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                  • 216.58.213.10:443
                    ogads-pa.googleapis.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    5.5kB
                    10
                    9
                  • 216.58.213.10:443
                    ogads-pa.googleapis.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    5.6kB
                    10
                    11
                  • 142.250.180.4:443
                    https://www.google.com/images/cleardot.gif
                    tls, http2
                    firefox.exe
                    2.1kB
                    5.9kB
                    15
                    14

                    HTTP Request

                    GET https://www.google.com/images/cleardot.gif
                  • 216.58.213.10:443
                    https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3D7nf2jspv2sl8%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    tls, http2
                    firefox.exe
                    3.0kB
                    12.2kB
                    18
                    19

                    HTTP Request

                    POST https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3D7nf2jspv2sl8%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                  • 172.217.16.238:443
                    https://play.google.com/log?format=json&hasfast=true
                    tls, http2
                    firefox.exe
                    3.5kB
                    8.9kB
                    16
                    17

                    HTTP Request

                    POST https://play.google.com/log?format=json&hasfast=true
                  • 127.0.0.1:49739
                    firefox.exe
                  • 172.217.16.227:443
                    ssl.gstatic.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    5.3kB
                    10
                    11
                  • 216.58.213.1:443
                    drive-thirdparty.googleusercontent.com
                    tls, http2
                    firefox.exe
                    1.5kB
                    10.5kB
                    12
                    14
                  • 172.217.169.10:443
                    youtube.googleapis.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    5.5kB
                    10
                    9
                  • 216.58.204.74:443
                    https://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    tls, http2
                    firefox.exe
                    2.6kB
                    12.0kB
                    17
                    19

                    HTTP Request

                    POST https://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                  • 216.58.204.74:443
                    https://takeout-pa-qw.clients6.google.com/v1/exports/d39cf74c-394c-4116-b079-5610607b5ca3?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                    tls, http2
                    firefox.exe
                    2.5kB
                    11.8kB
                    19
                    23

                    HTTP Request

                    OPTIONS https://takeout-pa-qw.clients6.google.com/v1/exports?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

                    HTTP Request

                    OPTIONS https://takeout-pa-qw.clients6.google.com/v1/exports/d39cf74c-394c-4116-b079-5610607b5ca3?key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
                  • 216.58.201.110:443
                    contacts.google.com
                    tls, http2
                    firefox.exe
                    1.4kB
                    7.6kB
                    11
                    10
                  • 142.250.178.27:443
                    https://storage.googleapis.com/drive-bulk-export-anonymous/20241111T202938.092Z/4133399871716478688/d39cf74c-394c-4116-b079-5610607b5ca3/1/8b740fe4-17e8-4239-85e4-8f4c6ef22372?authuser
                    tls, http2
                    firefox.exe
                    1.4MB
                    134.6MB
                    28202
                    96340

                    HTTP Request

                    GET https://storage.googleapis.com/drive-bulk-export-anonymous/20241111T202938.092Z/4133399871716478688/d39cf74c-394c-4116-b079-5610607b5ca3/1/8b740fe4-17e8-4239-85e4-8f4c6ef22372?authuser
                  • 142.250.178.14:443
                    https://ogs.google.com/widget/app/so?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en-GB
                    tls, http2
                    firefox.exe
                    2.6kB
                    23.7kB
                    20
                    27

                    HTTP Request

                    GET https://ogs.google.com/widget/app/so?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en-GB
                  • 35.190.72.216:443
                    https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                    tls, http2
                    firefox.exe
                    1.6kB
                    4.4kB
                    10
                    11

                    HTTP Request

                    GET https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                  • 142.250.200.14:443
                    https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                    tls, http2
                    firefox.exe
                    1.5kB
                    8.7kB
                    15
                    17

                    HTTP Request

                    GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                  • 23.55.161.211:80
                    http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                    http
                    firefox.exe
                    15.5kB
                    506.7kB
                    240
                    372

                    HTTP Request

                    GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

                    HTTP Response

                    200
                  • 173.194.183.71:443
                    https://r2---sn-aigl6ned.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1731357001,&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigl6ned&ms=nvh&mt=1731356660&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ned.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com
                    tls, http
                    firefox.exe
                    344.3kB
                    15.0MB
                    5557
                    10746

                    HTTP Request

                    GET https://r2---sn-aigl6ned.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1731357001,&mh=R8&mip=138.199.29.44&mm=28&mn=sn-aigl6ned&ms=nvh&mt=1731356660&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ned.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com

                    HTTP Response

                    200
                  • 8.8.8.8:53
                    drive.google.com
                    dns
                    firefox.exe
                    998 B
                    1.8kB
                    14
                    14

                    DNS Request

                    drive.google.com

                    DNS Response

                    142.250.187.206

                    DNS Request

                    firefox.settings.services.mozilla.com

                    DNS Response

                    34.149.100.209

                    DNS Request

                    prod.content-signature-chains.prod.webservices.mozgcp.net

                    DNS Response

                    2600:1901:0:92a9::

                    DNS Request

                    8.8.8.8.in-addr.arpa

                    DNS Request

                    ssl.gstatic.com

                    DNS Response

                    172.217.16.227

                    DNS Request

                    googlehosted.l.googleusercontent.com

                    DNS Response

                    216.58.213.1

                    DNS Request

                    110.201.58.216.in-addr.arpa

                    DNS Request

                    ogads-pa.googleapis.com

                    DNS Response

                    142.250.200.10
                    142.250.179.234
                    172.217.169.74
                    142.250.180.10
                    142.250.200.42
                    216.58.212.202
                    172.217.16.234
                    216.58.213.10
                    142.250.187.234
                    216.58.212.234
                    142.250.187.202
                    216.58.204.74
                    172.217.169.42
                    216.58.201.106
                    142.250.178.10

                    DNS Request

                    www.google.com

                    DNS Response

                    2a00:1450:4009:81e::2004

                    DNS Request

                    play.google.com

                    DNS Response

                    172.217.16.238

                    DNS Request

                    74.204.58.216.in-addr.arpa

                    DNS Request

                    www3.l.google.com

                    DNS Response

                    2a00:1450:4009:815::200e

                    DNS Request

                    216.72.190.35.in-addr.arpa

                    DNS Request

                    r2---sn-aigl6ned.gvt1.com

                    DNS Response

                    173.194.183.71

                  • 8.8.8.8:53
                    firefox-api-proxy.cdn.mozilla.net
                    dns
                    firefox.exe
                    915 B
                    2.1kB
                    13
                    13

                    DNS Request

                    firefox-api-proxy.cdn.mozilla.net

                    DNS Response

                    34.149.97.1

                    DNS Request

                    shavar.prod.mozaws.net

                    DNS Request

                    contile.services.mozilla.com

                    DNS Request

                    apis.google.com

                    DNS Response

                    216.58.201.110

                    DNS Request

                    drive-thirdparty.googleusercontent.com

                    DNS Response

                    216.58.213.1

                    DNS Request

                    10.178.250.142.in-addr.arpa

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.180.4

                    DNS Request

                    people-pa.clients6.google.com

                    DNS Response

                    2a00:1450:4009:81f::200a

                    DNS Request

                    youtube.googleapis.com

                    DNS Response

                    2a00:1450:4009:81e::200a
                    2a00:1450:4009:81f::200a
                    2a00:1450:4009:819::200a
                    2a00:1450:4009:81d::200a

                    DNS Request

                    storage.googleapis.com

                    DNS Response

                    172.217.169.91
                    172.217.169.59
                    216.58.212.219
                    142.250.187.251
                    142.250.200.59
                    216.58.212.251
                    172.217.169.27
                    172.217.16.251
                    216.58.201.123
                    142.250.200.27
                    142.250.187.219
                    216.58.213.27
                    142.250.178.27
                    142.250.180.27
                    216.58.204.91
                    142.250.179.251

                    DNS Request

                    aus5.mozilla.org

                    DNS Response

                    35.244.181.201

                    DNS Request

                    ciscobinary.openh264.org

                    DNS Response

                    23.55.161.211
                    23.55.161.185

                    DNS Request

                    14.200.250.142.in-addr.arpa

                  • 8.8.8.8:53
                    spocs.getpocket.com
                    dns
                    firefox.exe
                    970 B
                    1.5kB
                    13
                    13

                    DNS Request

                    spocs.getpocket.com

                    DNS Response

                    34.117.188.166

                    DNS Request

                    contile.services.mozilla.com

                    DNS Response

                    34.117.188.166

                    DNS Request

                    prod.ads.prod.webservices.mozgcp.net

                    DNS Request

                    attachments.prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Request

                    fonts.googleapis.com

                    DNS Response

                    2a00:1450:4009:815::200a

                    DNS Request

                    fonts.gstatic.com

                    DNS Response

                    142.250.200.35

                    DNS Request

                    drivefrontend-pa.clients6.google.com

                    DNS Response

                    142.250.200.42

                    DNS Request

                    35.200.250.142.in-addr.arpa

                    DNS Request

                    play.google.com

                    DNS Response

                    2a00:1450:4009:821::200e

                    DNS Request

                    takeout-pa-qw.clients6.google.com

                    DNS Response

                    216.58.204.74

                    DNS Request

                    ogs.google.com

                    DNS Response

                    142.250.178.14

                    DNS Request

                    prod.classify-client.prod.webservices.mozgcp.net

                    DNS Request

                    redirector.gvt1.com

                    DNS Response

                    2a00:1450:4009:822::200e

                  • 8.8.8.8:53
                    prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    973 B
                    1.6kB
                    14
                    12

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Response

                    34.149.100.209

                    DNS Request

                    push.services.mozilla.com

                    DNS Request

                    fonts.googleapis.com

                    DNS Response

                    142.250.178.10

                    DNS Request

                    plus.l.google.com

                    DNS Response

                    2a00:1450:4009:826::200e

                    DNS Request

                    www.gstatic.com

                    DNS Response

                    2a00:1450:4009:820::2003

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.180.4

                    DNS Request

                    people-pa.clients6.google.com

                    DNS Response

                    216.58.213.10

                    DNS Request

                    youtube.googleapis.com

                    DNS Response

                    216.58.212.202
                    142.250.187.202
                    142.250.178.10
                    142.250.187.234
                    216.58.201.106
                    142.250.179.234
                    216.58.204.74
                    172.217.16.234
                    216.58.213.10
                    142.250.200.10
                    142.250.200.42
                    142.250.180.10
                    216.58.212.234
                    172.217.169.42

                    DNS Request

                    storage.googleapis.com

                    DNS Response

                    142.250.178.27
                    142.250.187.251
                    172.217.169.59
                    142.250.187.219
                    216.58.212.251
                    142.250.200.27
                    172.217.169.27
                    216.58.212.219
                    172.217.16.251
                    172.217.169.91
                    216.58.213.27
                    216.58.204.91
                    216.58.201.123
                    142.250.179.251
                    142.250.200.59
                    142.250.180.27

                    DNS Request

                    location.services.mozilla.com

                    DNS Response

                    35.190.72.216

                    DNS Request

                    redirector.gvt1.com

                    DNS Response

                    142.250.200.14

                    DNS Request

                    r2.sn-aigl6ned.gvt1.com

                    DNS Request

                    r2.sn-aigl6ned.gvt1.com

                    DNS Request

                    r2.sn-aigl6ned.gvt1.com

                    DNS Response

                    2a00:1450:4009:4e::7

                  • 34.149.97.1:443
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    https
                    firefox.exe
                    1.7kB
                    4.4kB
                    5
                    6
                  • 142.250.187.206:443
                    drive.google.com
                    https
                    firefox.exe
                    36.6kB
                    1.2MB
                    193
                    921
                  • 172.217.16.227:443
                    ssl.gstatic.com
                    https
                    firefox.exe
                    9.6kB
                    219.2kB
                    91
                    192
                  • 216.58.201.110:443
                    contacts.google.com
                    https
                    firefox.exe
                    17.4kB
                    519.1kB
                    131
                    393
                  • 216.58.213.1:443
                    drive-thirdparty.googleusercontent.com
                    https
                    firefox.exe
                    2.9kB
                    13.7kB
                    15
                    16
                  • 142.250.200.42:443
                    youtube.googleapis.com
                    https
                    firefox.exe
                    3.5kB
                    13.4kB
                    12
                    16
                  • 216.58.213.10:443
                    youtube.googleapis.com
                    https
                    firefox.exe
                    2.2kB
                    7.2kB
                    10
                    9
                  • 216.58.213.10:443
                    youtube.googleapis.com
                    https
                    firefox.exe
                    2.0kB
                    12.5kB
                    8
                    13
                  • 142.250.200.42:443
                    youtube.googleapis.com
                    https
                    firefox.exe
                    1.9kB
                    12.5kB
                    7
                    12
                  • 172.217.16.238:443
                    play.google.com
                    https
                    firefox.exe
                    24.8kB
                    13.6kB
                    37
                    33
                  • 142.250.180.4:443
                    www.google.com
                    https
                    firefox.exe
                    2.0kB
                    9.3kB
                    8
                    10
                  • 172.217.16.238:443
                    play.google.com
                    https
                    firefox.exe
                    2.5kB
                    9.7kB
                    10
                    13
                  • 172.217.169.10:443
                    ogads-pa.googleapis.com
                    https
                    firefox.exe
                    2.3kB
                    7.2kB
                    11
                    9
                  • 216.58.201.110:443
                    contacts.google.com
                    https
                    firefox.exe
                    2.3kB
                    9.4kB
                    11
                    11
                  • 216.58.204.74:443
                    youtube.googleapis.com
                    https
                    firefox.exe
                    4.6kB
                    15.2kB
                    23
                    24
                  • 216.58.204.74:443
                    youtube.googleapis.com
                    https
                    firefox.exe
                    2.1kB
                    12.5kB
                    10
                    12
                  • 142.250.178.27:443
                    storage.googleapis.com
                    https
                    firefox.exe
                    1.9kB
                    6.7kB
                    7
                    8
                  • 142.250.178.14:443
                    www3.l.google.com
                    https
                    firefox.exe
                    2.0kB
                    9.4kB
                    7
                    11
                  • 35.190.72.216:443
                    location.services.mozilla.com
                    https
                    firefox.exe
                    1.8kB
                    4.3kB
                    5
                    6
                  • 142.250.200.14:443
                    redirector.gvt1.com
                    https
                    firefox.exe
                    2.0kB
                    9.4kB
                    8
                    11
                  • 173.194.183.71:443
                    r2.sn-aigl6ned.gvt1.com
                    https
                    firefox.exe
                    1.8kB
                    5.9kB
                    5
                    8
                  • 142.250.187.206:443
                    drive.google.com
                    https
                    firefox.exe
                    47.7kB
                    6.1kB
                    42
                    28

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json

                    Filesize

                    19KB

                    MD5

                    3ff4bf4e060a1d7f156626492c7b54ba

                    SHA1

                    4452f10c2532d4efbdd66bb1819a91ba1ff1c6f9

                    SHA256

                    d38522de8f87aa69bedfc5e6bea89daa28fd66eba4bbb83de32e07721228dfa1

                    SHA512

                    23de51f40e7f742fec54d4348446f91e3f4bbbcf9651157f49a4e24eb186670e73a37fad72a2a3205d3cd4c31999883788215cd9667590bd7b5fab93f0ca8500

                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                    Filesize

                    10KB

                    MD5

                    069c37bf9e39b121efb7a28ece933aee

                    SHA1

                    eaef2e55b66e543a14a6780c23bb83fe60f2f04d

                    SHA256

                    485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

                    SHA512

                    f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                    Filesize

                    10KB

                    MD5

                    eed640164203d0d0a2a1e7919a6fdbdf

                    SHA1

                    9af74121e090cf2970beee82d22ef4ebb886c0ae

                    SHA256

                    4ca7fe712b4322fdb497733e015f4ae4496d3998772a6c37305da3cbba3eb7ae

                    SHA512

                    1bf6de193ae00189525ea9a685bbe3dc7722eceb6ccfb83c70adc766b6301b4978abf73b2f8f41b865f1521925308e4f96285dca569e9c2b2c61e79db1100e3d

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                    Filesize

                    13.8MB

                    MD5

                    0a8747a2ac9ac08ae9508f36c6d75692

                    SHA1

                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                    SHA256

                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                    SHA512

                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

                    Filesize

                    6KB

                    MD5

                    a9bedf21998ed835094eb3dd0932b61a

                    SHA1

                    e14fca1b2bd7c2ecc1416497e7211e1969a1d3bf

                    SHA256

                    dbf95627ee2b19c75acf15bf237fdc7cf1a6626ab34ff5fd76d8ee3bb191324e

                    SHA512

                    12d18f633bae673038645f5ae5e0d62c04787f1d97e6fc552bfc258046a6caf4e0b4039785f01bc407bb59c4d1bbf8486b3f9607e4244ddfeae2cef6421eb41a

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

                    Filesize

                    7KB

                    MD5

                    c70c73fdad79f3ca07f14a0eb0b96479

                    SHA1

                    385c4b631487caccbb98d67033aec7ef48a75a3a

                    SHA256

                    9edc689917584603e5a9f70976065cc53d34b9c54c192827a70fa8f0e143c827

                    SHA512

                    3a57349aef90eda366e1ef8b1f706a6dcdd7b9f13566436ed1e1e7f0e30d8f31b453d0ef5445ef7595eb36649f8305a9934d751fd1fe8a082f96af49a1326075

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

                    Filesize

                    11KB

                    MD5

                    b49af5fb8f03305d717d91f1b8aa6af0

                    SHA1

                    4772e3fcee04a7048e9b71d67ff5cd83632eb8b6

                    SHA256

                    65f77b4b4b72599698fc6e6f4505ffc1945e56dfc040cac8b30539be8031da45

                    SHA512

                    8bf6987e380439ee40f9f441627f74983930495e4aab7747108ec980211b890ecedd164a89ca89423e3f89f19711b42a48ce666820d18d2434e37b451715a021

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

                    Filesize

                    30KB

                    MD5

                    09325ad577859f2535617583c30bd5ad

                    SHA1

                    cd02b4cbec8eb0dcdbabf7f962713570a6dba00a

                    SHA256

                    7e1faca93313c06cb0df1a4ebdebe00c243e4f0f544e729ef4a1d576047f3577

                    SHA512

                    ca9b411d5608398e2c4d329d169fbf9c7700035af37641212ac111b25fb69167a468b50a4de99e412bcd3519d6d6aca11c1228bf830f8a0a5759de12cb2eb779

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

                    Filesize

                    5KB

                    MD5

                    ed749074b1e0edab9f3f8e669485fd7f

                    SHA1

                    4ba245603977e334ac5bf38dfbe29517e1e10b86

                    SHA256

                    0cf53bd4a46da401948e66eac7af8362cbb1ecda55729aa4302a1a4e97a5310e

                    SHA512

                    9925e7afd24ae595304599d7d7f61f4d1acbdfface5507c2e4171699294fe2648bd7632ca5b7db4087a3ccfd5c92fc442e3e0bbb01ea6e37f909a366f20c5076

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

                    Filesize

                    5KB

                    MD5

                    857a79769543803a03114361343226ae

                    SHA1

                    88d6e3e88e90a5e67570926062690713430a0eac

                    SHA256

                    6075b97d46c0a13fa5cbfd7c7e520bbd8d2b040936f63cc7b16948cc0dd38168

                    SHA512

                    0c813a80f01d6e38e0368f3bd0d18b6b731b500b2a2d2e454cc0737ddf150ecd55a7d9c5605491d601814e89c3dc6f592b6819425bac80d62f7c8ffc9909fcd5

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

                    Filesize

                    6KB

                    MD5

                    054dc44e6651399e16f8e4f8dd9f7e22

                    SHA1

                    84a562b15b776633faf14622f8a42e682890f46a

                    SHA256

                    522d43d8243ec64e6e1adab265a6fcbb4a863c455b71a79cfe3135ceea11f211

                    SHA512

                    7c396021b59549058b00baf99f61c3943558bf04fc18096a3ab467ec3d28ced30dadca731369ae74b89a790e43f0af113c9ea1724eb53bc72f7e08b824bca596

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\278cefa0-04af-48a8-8f10-06cea9674fb2

                    Filesize

                    982B

                    MD5

                    6bf218f2a3acada822785e0c13a3b95b

                    SHA1

                    30c2ad1dde07b95b6e8579ae1e7a33c96b4485ad

                    SHA256

                    8e4c9ff0fba5f4a105da660edd1971ad5234b5b224e3137cfde6609e99fc4b0e

                    SHA512

                    2cd02373766777d47042bbfc26207c93a4b7078752e2fdaf13f39af4d8b22f3108c20ff3922d15374cad986e2a64c75c4c34add44593b7764011e8d28a1d1989

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\466bc1d4-e388-4bab-815a-faa56e88a6d0

                    Filesize

                    671B

                    MD5

                    c2e1769dd114058f746d58de9e89acdf

                    SHA1

                    b277012719c2a18184e1653c0f237d791d8ddb0a

                    SHA256

                    eef9a14fed7333cf54b1082578c347bc03ff97b2e9c7c16e85e7a3f958915259

                    SHA512

                    6c1d9bd3eccabc57f69eda0280d44cc3d4d8974854884ed33d248ec70782ddbe52b072666fc01307e3aa57e9c9b8cc3761d144356c002206f9cbb1a5da82fa48

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\f5596ce7-db0e-4e4e-bfa2-cc1db00010cc

                    Filesize

                    25KB

                    MD5

                    8a475aceac666ea8f7544416cdd55504

                    SHA1

                    5d13d7c34a5967bdb41b700d607deded651d541f

                    SHA256

                    710d6d48eae8889c6169431c5f8192e19503dacf792ec4a2b10bd10707ed9ff5

                    SHA512

                    b49a027103210905c31ade6646bc378a214363f73a09cc42d342d166f31b2b2dadf78efb56831400e34b5fef226c37e8977c199fd1c017a0f3414f5e22a0aed8

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                    Filesize

                    372B

                    MD5

                    bf957ad58b55f64219ab3f793e374316

                    SHA1

                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                    SHA256

                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                    SHA512

                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                    Filesize

                    17.8MB

                    MD5

                    daf7ef3acccab478aaa7d6dc1c60f865

                    SHA1

                    f8246162b97ce4a945feced27b6ea114366ff2ad

                    SHA256

                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                    SHA512

                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

                    Filesize

                    11KB

                    MD5

                    070cea63ba552bb8c63cb9a0c49337e4

                    SHA1

                    9604c3a3c8284d6115b4560cd321695985ad6925

                    SHA256

                    088308fd307fc13589f86a94a16be64be64f9390b507a968da70c0e5827a5eaf

                    SHA512

                    5f69ef820258ed8215fc4b75309eeb6b3476fe30715f4a67ac3e2b4d4e77e4820d6ab05e491be8493985045215493f4d448258d3914a97e33b5459d23fb6c504

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

                    Filesize

                    10KB

                    MD5

                    3882cffa4b2ce9ef7202225b1d7564f3

                    SHA1

                    323e9634dea5d90ef0818a333cdb4a8877012331

                    SHA256

                    863f9e1a21b214b0cb855f556c7c5ce39650f5de79b623fa9226ce113093905f

                    SHA512

                    dbe0d436f4b043f60c23f5693e571f1e3121ef207a64979dd3025a46edf4767929babfaa480ec2effee74d67787969a7097a9751828a1ec1e4a2dfea11cb1ce8

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

                    Filesize

                    11KB

                    MD5

                    994b9875e9479de67848c6199da3198b

                    SHA1

                    b63dd308b71091d9b97ded2833c67a656c0e398c

                    SHA256

                    807e865572cfbe007454abffd3b73c5e2e241db6e608dc63d3de3459ee3a22f5

                    SHA512

                    f790def6d01259aafb258fd31ef83f58a8c14ee165f6815007826277f4c1c40d35654475ca509b76fdee44de7194603db931da2578b2216ca91e6016497914b1

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

                    Filesize

                    3KB

                    MD5

                    5d6578a5a71f4160fd717e00c133c5be

                    SHA1

                    eb5454e88925f650eedc4d021a635374ba6b366f

                    SHA256

                    1778880eaf79fa80110c2e5f3ec1ff4b97c62a9043047e9d46b32e43795b9966

                    SHA512

                    4a3f700e6f81956f3004846b34c4dad7ca062ff9a6dc1abef5742834712c18a454484c5fc2025fa749d008a1fa03189c8c0584d1e3a7b7657f73261d7447bedc

                  • C:\Users\Admin\Videos\Captures\desktop.ini

                    Filesize

                    190B

                    MD5

                    b0d27eaec71f1cd73b015f5ceeb15f9d

                    SHA1

                    62264f8b5c2f5034a1e4143df6e8c787165fbc2f

                    SHA256

                    86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

                    SHA512

                    7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

                  • memory/1052-652-0x0000000077544000-0x0000000077545000-memory.dmp

                    Filesize

                    4KB

                  • memory/1052-653-0x0000000077544000-0x0000000077545000-memory.dmp

                    Filesize

                    4KB

                  • memory/1052-655-0x0000000077544000-0x0000000077545000-memory.dmp

                    Filesize

                    4KB

                  • memory/1052-654-0x00000000774B0000-0x00000000774C0000-memory.dmp

                    Filesize

                    64KB

                  • memory/1052-679-0x0000000074430000-0x00000000744BD000-memory.dmp

                    Filesize

                    564KB

                  • memory/1052-651-0x0000000077544000-0x0000000077545000-memory.dmp

                    Filesize

                    4KB

                  • memory/1052-648-0x0000000074430000-0x00000000744BD000-memory.dmp

                    Filesize

                    564KB

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.