hxxps://drive[.]google[.]com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing

Analysis

max time kernel
85s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2024, 06:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2520	msedge.exe
2520	msedge.exe
4032	msedge.exe
4032	msedge.exe
2852	identity_helper.exe
2852	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 3268	4032	msedge.exe	82
PID 4032 wrote to memory of 3268	4032	msedge.exe	82
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 116	4032	msedge.exe	83
PID 4032 wrote to memory of 2520	4032	msedge.exe	84
PID 4032 wrote to memory of 2520	4032	msedge.exe	84
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85
PID 4032 wrote to memory of 4924	4032	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91b646f8,0x7ffb91b64708,0x7ffb91b64718
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2788 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13671976429393929413,1474194162377309923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

Network

DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

drive.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.250.180.14
GET

https://drive.google.com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing

msedge.exe

Remote address:

142.250.180.14:443

Request

GET /drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://drive.google.com/_/drive_fe/_/ss/k=drive_fe.main.L4klMvBnAKY.L.W.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=0/br=1/rs=AFB8gsytghFglc8D5TatJrBDANLGicA1Og

msedge.exe

Remote address:

142.250.180.14:443

Request

GET /_/drive_fe/_/ss/k=drive_fe.main.L4klMvBnAKY.L.W.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=0/br=1/rs=AFB8gsytghFglc8D5TatJrBDANLGicA1Og HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://drive.google.com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
GET

https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=b

msedge.exe

Remote address:

142.250.180.14:443

Request

GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=b HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
GET

https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/exm=b/ed=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=RsR2Mc

msedge.exe

Remote address:

142.250.180.14:443

Request

GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/exm=b/ed=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=RsR2Mc HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
GET

https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=core

msedge.exe

Remote address:

142.250.180.14:443

Request

GET /_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=core HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

14.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.180.250.142.in-addr.arpa

IN PTR

Response

14.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f141e100net
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
GET

https://apis.google.com/js/api.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /js/api.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

216.58.204.67
GET

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

msedge.exe

Remote address:

216.58.204.67:443

Request

GET /images/branding/product/1x/drive_2020q4_48dp.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

234.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.212.58.216.in-addr.arpa

IN PTR

Response

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2341e100net

234.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f10�J

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f10�J
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

227.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.16.217.172.in-addr.arpa

IN PTR

Response

227.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f31e100net

227.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f3�H
DNS

67.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.204.58.216.in-addr.arpa

IN PTR

Response

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f671e100net

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f3�H

67.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f3�H
DNS

drivefrontend-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN A

Response

drivefrontend-pa.clients6.google.com

IN A

142.250.179.234
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.179.234:443

Request

OPTIONS /v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.179.234:443

Request

OPTIONS /v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.179.234:443

Request

OPTIONS /v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.179.234:443

Request

OPTIONS /v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: drivefrontend-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

msedge.exe

Remote address:

142.250.179.234:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

people-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN A

Response

people-pa.clients6.google.com

IN A

142.250.179.234
POST

https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dm8mgs4mfliyo%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

msedge.exe

Remote address:

142.250.179.234:443

Request

POST /batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dm8mgs4mfliyo%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE HTTP/2.0
host: people-pa.clients6.google.com
content-length: 604
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain; charset=UTF-8
accept: */*
origin: https://drive.google.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
DNS

ogs.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.200.14
GET

https://ogs.google.com/widget/callout?prid=19044538&pgid=19044537&puid=2857107652ad6842&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=49&spid=49&hl=en-GB

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /widget/callout?prid=19044538&pgid=19044537&puid=2857107652ad6842&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=49&spid=49&hl=en-GB HTTP/2.0
host: ogs.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
GET

https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.x7CxCIZpks8.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ%2Fm%3D__features__

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.x7CxCIZpks8.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ%2Fm%3D__features__ HTTP/2.0
host: contacts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OGPC=19044537-1:
cookie: __Secure-ENID=24.SE=rAtnUkD69QRe1ATqVaYOJC1ejx5qhuwYWs6Nca_BWrjmxE1DhGlDYy0-vrvANoz7ojNyyTF3L4Wh7lq21glzXt5S14uU7o7XzxaZ355dbG-jmH7cC-o2_OLvj1yobRhHAw7A4ZXxD5y1UDA5RbxLPUFb000DoKUlN7-q_SZCDDJuoNhtWNHaGQBn6A
cookie: NID=519=FCFsCRwb2AFatnAHf315GDy5I55CS0smBR3If_0JH5Pzdh-98nSgtXmfZ4YTqj3dLV7Opv_se-XOLoiSi_KAcMhjWRw89AtaLOdKNoG--GOlfFvXXlpR-pPTwUcDSLnYfazZrAxVT4ClDSvom_e98IE4b02Y3qYzIf4nuXh4fpsc-5qXUO_ZcK_O
DNS

ogads-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

172.217.169.42

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

172.217.169.10

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

216.58.212.202

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

216.58.204.74
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
GET

https://www.google.com/images/hpp/logo-chrome-color-1x-web-64dp.png

msedge.exe

Remote address:

172.217.16.228:443

Request

GET /images/hpp/logo-chrome-color-1x-web-64dp.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
DNS

3.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

10.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.213.58.216.in-addr.arpa

IN PTR

Response

10.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f101e100net

10.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f10�H
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.206
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://ogs.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://play.google.com/log?format=json&hasfast=true

msedge.exe

Remote address:

142.250.187.206:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 3394
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://drive.google.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=519=Z1S8d-9IaQ55LPrxykH2vHCPLy8Crkl57SFNQ6i6V2v8DAZmirQJfCcrR7FJBvZMVIfKJpPH7SafgYCJxt3CqiLsLrUQVorDXPopknfnJQbuvA-YM7c_DJpjkOHG5uaMmBlKqPXkPcqMspdZvSHeUk5dU73-wsM15Xjalsev9T5torc1
cookie: OGPC=19044537-1:
DNS

228.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.16.217.172.in-addr.arpa

IN PTR

Response

228.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f41e100net

228.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f4�H
DNS

drive-thirdparty.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive-thirdparty.googleusercontent.com

IN A

Response

drive-thirdparty.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.201.97
GET

https://drive-thirdparty.googleusercontent.com/16/type/application/octet-stream

msedge.exe

Remote address:

216.58.201.97:443

Request

GET /16/type/application/octet-stream HTTP/2.0
host: drive-thirdparty.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

97.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.201.58.216.in-addr.arpa

IN PTR

Response

97.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f11e100net

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f97�G

97.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1�G
DNS

youtube.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

172.217.169.10

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

142.250.178.10

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

216.58.212.202

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

172.217.16.234
DNS

clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

clients6.google.com

IN A

Response

clients6.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.178.14
DNS

blobcomments-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

blobcomments-pa.clients6.google.com

IN A

Response

blobcomments-pa.clients6.google.com

IN A

142.250.200.10
GET

https://clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.x7CxCIZpks8.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ%2Fm%3D__features__

msedge.exe

Remote address:

142.250.178.14:443

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.x7CxCIZpks8.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ%2Fm%3D__features__ HTTP/2.0
host: clients6.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OGPC=19044537-1:
cookie: __Secure-ENID=24.SE=rAtnUkD69QRe1ATqVaYOJC1ejx5qhuwYWs6Nca_BWrjmxE1DhGlDYy0-vrvANoz7ojNyyTF3L4Wh7lq21glzXt5S14uU7o7XzxaZ355dbG-jmH7cC-o2_OLvj1yobRhHAw7A4ZXxD5y1UDA5RbxLPUFb000DoKUlN7-q_SZCDDJuoNhtWNHaGQBn6A
cookie: NID=519=FCFsCRwb2AFatnAHf315GDy5I55CS0smBR3If_0JH5Pzdh-98nSgtXmfZ4YTqj3dLV7Opv_se-XOLoiSi_KAcMhjWRw89AtaLOdKNoG--GOlfFvXXlpR-pPTwUcDSLnYfazZrAxVT4ClDSvom_e98IE4b02Y3qYzIf4nuXh4fpsc-5qXUO_ZcK_O
OPTIONS

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU&revisionId&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&populateExperimentConfig=true&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&%24unique=gc797

msedge.exe

Remote address:

142.250.200.10:443

Request

OPTIONS /v1/metadata?docId=1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU&revisionId&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&populateExperimentConfig=true&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&%24unique=gc797 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.206.84
GET

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU%26foreignService%3Dexplorer%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU%26foreignService%3Dexplorer%26authuser%3D0%26origin%3Dhttps://drive.google.com

msedge.exe

Remote address:

74.125.206.84:443

Request

GET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU%26foreignService%3Dexplorer%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU%26foreignService%3Dexplorer%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OGPC=19044537-1:
cookie: __Secure-ENID=24.SE=rAtnUkD69QRe1ATqVaYOJC1ejx5qhuwYWs6Nca_BWrjmxE1DhGlDYy0-vrvANoz7ojNyyTF3L4Wh7lq21glzXt5S14uU7o7XzxaZ355dbG-jmH7cC-o2_OLvj1yobRhHAw7A4ZXxD5y1UDA5RbxLPUFb000DoKUlN7-q_SZCDDJuoNhtWNHaGQBn6A
cookie: NID=519=FCFsCRwb2AFatnAHf315GDy5I55CS0smBR3If_0JH5Pzdh-98nSgtXmfZ4YTqj3dLV7Opv_se-XOLoiSi_KAcMhjWRw89AtaLOdKNoG--GOlfFvXXlpR-pPTwUcDSLnYfazZrAxVT4ClDSvom_e98IE4b02Y3qYzIf4nuXh4fpsc-5qXUO_ZcK_O
DNS

contacts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

contacts.google.com

IN A

Response

contacts.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
DNS

10.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

84.206.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.206.125.74.in-addr.arpa

IN PTR

Response

84.206.125.74.in-addr.arpa

IN PTR

wk-in-f841e100net
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

53.210.109.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.210.109.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

216.58.212.206
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.201.110
DNS

tools.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tools.google.com

IN A

Response

tools.google.com

IN CNAME

tools.l.google.com

tools.l.google.com

IN A

216.58.212.206
DNS

s.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s.ytimg.com

IN A

Response

s.ytimg.com

IN A

172.217.169.14
GET

https://tools.google.com/service/update2/dlpageping?appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB99B4A7-73C4-4E90-C433-9BF8FF7CA133}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=ASVC&installdataindex=empty&stage=index&installsource=download

msedge.exe

Remote address:

216.58.212.206:443

Request

GET /service/update2/dlpageping?appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB99B4A7-73C4-4E90-C433-9BF8FF7CA133}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=ASVC&installdataindex=empty&stage=index&installsource=download HTTP/2.0
host: tools.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OGPC=19044537-1:
cookie: NID=519=FCFsCRwb2AFatnAHf315GDy5I55CS0smBR3If_0JH5Pzdh-98nSgtXmfZ4YTqj3dLV7Opv_se-XOLoiSi_KAcMhjWRw89AtaLOdKNoG--GOlfFvXXlpR-pPTwUcDSLnYfazZrAxVT4ClDSvom_e98IE4b02Y3qYzIf4nuXh4fpsc-5qXUO_ZcK_O
cookie: OGP=-19044537:
cookie: __Secure-ENID=24.SE=gxi7CbLf6renU2N68iGlXr50LaRsASVqEiY2F89NB1tXecPqViX7so1VwR52Nn2kRlu40hetb7rYjquzbtp_DanrRkrzoVwFpCr4ztzmIb4LiD9P_o3stLYQT2jTdajKclre-U_lr_PGLAcgp1LWXpYTPfNkgQSiv7GukTrWbpCULYdAVvPpLv-1NSmGrm7F9A
DNS

78.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.204.58.216.in-addr.arpa

IN PTR

Response

78.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f141e100net

78.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f14�H

78.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f78�H
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

40.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.169.217.172.in-addr.arpa

IN PTR

Response

40.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f81e100net
DNS

206.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.212.58.216.in-addr.arpa

IN PTR

Response

206.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f141e100net

206.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f14�I

206.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f206�I
DNS

14.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.169.217.172.in-addr.arpa

IN PTR

Response

14.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f141e100net
DNS

14.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.169.217.172.in-addr.arpa

IN PTR

Response

14.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f141e100net
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228

142.250.180.14:443

https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=core

tls, http2

msedge.exe

31.1kB
1.1MB
556
833

HTTP Request

GET https://drive.google.com/drive/folders/11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc?usp=sharing

HTTP Request

GET https://drive.google.com/_/drive_fe/_/ss/k=drive_fe.main.L4klMvBnAKY.L.W.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=0/br=1/rs=AFB8gsytghFglc8D5TatJrBDANLGicA1Og

HTTP Request

GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=b

HTTP Request

GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/exm=b/ed=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=RsR2Mc

HTTP Request

GET https://drive.google.com/_/drive_fe/_/js/k=drive_fe.main.en_GB.AVrewiSEh7I.2021.O/am=OFABGiCAEQMcjCWEAAgAAJmAAAI/d=1/exm=RsR2Mc,b/ed=1/br=1/rs=AFB8gswAVr9AifzQhyLmg3wCHIsE1EYtgw/m=core
142.250.200.14:443

https://apis.google.com/js/api.js

tls, http2

msedge.exe

2.1kB
12.8kB
19
20

HTTP Request

GET https://apis.google.com/js/api.js
216.58.204.67:443

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

tls, http2

msedge.exe

1.9kB
7.6kB
16
14

HTTP Request

GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png
142.250.179.234:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

msedge.exe

3.1kB
13.3kB
27
35

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=11PFId9Lga8U8oYjmEN_PDTZ5T-oh1iMc&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.179.234:443

drivefrontend-pa.clients6.google.com

tls, http2

msedge.exe

1.1kB
11.3kB
11
12
142.250.179.234:443

https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dm8mgs4mfliyo%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE

tls, http2

msedge.exe

2.9kB
13.0kB
20
21

HTTP Request

POST https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dm8mgs4mfliyo%3D%3D%3D%3D%3D%22&key=AIzaSyC1qbk75NzWBvSaDh6KnsjjA9pIrP4lYIE
142.250.200.14:443

https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.x7CxCIZpks8.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ%2Fm%3D__features__

tls, http2

msedge.exe

3.6kB
33.5kB
33
38

HTTP Request

GET https://ogs.google.com/widget/callout?prid=19044538&pgid=19044537&puid=2857107652ad6842&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=49&spid=49&hl=en-GB

HTTP Request

GET https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.x7CxCIZpks8.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ%2Fm%3D__features__
172.217.16.228:443

https://www.google.com/images/hpp/logo-chrome-color-1x-web-64dp.png

tls, http2

msedge.exe

2.2kB
9.6kB
19
20

HTTP Request

GET https://www.google.com/images/hpp/logo-chrome-color-1x-web-64dp.png
142.250.187.206:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.8kB
8.2kB
15
15

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.187.206:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

msedge.exe

5.6kB
9.0kB
20
20

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
216.58.201.97:443

https://drive-thirdparty.googleusercontent.com/16/type/application/octet-stream

tls, http2

msedge.exe

1.9kB
11.9kB
16
18

HTTP Request

GET https://drive-thirdparty.googleusercontent.com/16/type/application/octet-stream
142.250.178.14:443

https://clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.x7CxCIZpks8.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ%2Fm%3D__features__

tls, http2

msedge.exe

2.4kB
9.7kB
17
18

HTTP Request

GET https://clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.x7CxCIZpks8.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ%2Fm%3D__features__
142.250.200.10:443

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU&revisionId&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&populateExperimentConfig=true&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&%24unique=gc797

tls, http2

msedge.exe

2.2kB
12.2kB
18
21

HTTP Request

OPTIONS https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU&revisionId&userLocale=en-GB&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&populateExperimentConfig=true&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&%24unique=gc797
74.125.206.84:443

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU%26foreignService%3Dexplorer%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU%26foreignService%3Dexplorer%26authuser%3D0%26origin%3Dhttps://drive.google.com

tls, http2

msedge.exe

2.5kB
7.7kB
15
17

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU%26foreignService%3Dexplorer%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1Zys6GnqYqnIjJDYJOWQE6kSEr1Oz1JbU%26foreignService%3Dexplorer%26authuser%3D0%26origin%3Dhttps://drive.google.com
216.58.212.206:443

https://tools.google.com/service/update2/dlpageping?appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB99B4A7-73C4-4E90-C433-9BF8FF7CA133}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=ASVC&installdataindex=empty&stage=index&installsource=download

tls, http2

msedge.exe

2.5kB
8.8kB
17
17

HTTP Request

GET https://tools.google.com/service/update2/dlpageping?appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB99B4A7-73C4-4E90-C433-9BF8FF7CA133}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=ASVC&installdataindex=empty&stage=index&installsource=download
142.250.178.14:443

www.youtube.com

tls, http2

msedge.exe

1.1kB
8.1kB
11
10
172.217.169.14:443

s.ytimg.com

tls, http2

msedge.exe

1.1kB
8.1kB
11
10

8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

drive.google.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

142.250.180.14
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

14.180.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.180.250.142.in-addr.arpa
142.250.180.14:443

drive.google.com

https

msedge.exe

33.5kB
1.5MB
252
1130
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
142.250.200.14:443

apis.google.com

https

msedge.exe

13.8kB
541.8kB
103
413
8.8.8.8:53

ssl.gstatic.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

216.58.204.67
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

234.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

234.212.58.216.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

227.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

227.16.217.172.in-addr.arpa
8.8.8.8:53

67.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

67.204.58.216.in-addr.arpa
216.58.204.67:443

ssl.gstatic.com

https

msedge.exe

8.8kB
218.0kB
79
194
8.8.8.8:53

drivefrontend-pa.clients6.google.com

dns

msedge.exe

82 B
98 B
1
1

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

142.250.179.234
8.8.8.8:53

people-pa.clients6.google.com

dns

msedge.exe

75 B
91 B
1
1

DNS Request

people-pa.clients6.google.com

DNS Response

142.250.179.234
142.250.179.234:443

people-pa.clients6.google.com

https

msedge.exe

7.8kB
22.1kB
31
37
8.8.8.8:53

ogs.google.com

dns

msedge.exe

60 B
97 B
1
1

DNS Request

ogs.google.com

DNS Response

142.250.200.14
8.8.8.8:53

ogads-pa.googleapis.com

dns

msedge.exe

69 B
309 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

216.58.213.10

172.217.169.42

172.217.16.234

142.250.178.10

142.250.187.202

142.250.200.10

142.250.187.234

142.250.200.42

216.58.212.234

172.217.169.10

216.58.201.106

142.250.180.10

216.58.212.202

142.250.179.234

216.58.204.74
216.58.213.10:443

ogads-pa.googleapis.com

https

msedge.exe

3.9kB
7.2kB
10
10
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
8.8.8.8:53

3.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.178.250.142.in-addr.arpa
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.179.250.142.in-addr.arpa
8.8.8.8:53

10.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

10.213.58.216.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.187.206
172.217.16.228:443

www.google.com

https

msedge.exe

46.4kB
6.3MB
615
4678
142.250.187.206:443

play.google.com

https

msedge.exe

70.7kB
20.5kB
104
91
8.8.8.8:53

228.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

228.16.217.172.in-addr.arpa
142.250.179.234:443

ogads-pa.googleapis.com

https

msedge.exe

3.8kB
7.6kB
10
12
8.8.8.8:53

drive-thirdparty.googleusercontent.com

dns

msedge.exe

84 B
129 B
1
1

DNS Request

drive-thirdparty.googleusercontent.com

DNS Response

216.58.201.97
142.250.187.206:443

play.google.com

https

msedge.exe

3.7kB
7.2kB
10
12
8.8.8.8:53

97.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

97.201.58.216.in-addr.arpa
8.8.8.8:53

youtube.googleapis.com

dns

msedge.exe

68 B
324 B
1
1

DNS Request

youtube.googleapis.com

DNS Response

216.58.213.10

172.217.169.74

142.250.180.10

172.217.169.10

142.250.187.202

142.250.178.10

216.58.204.74

142.250.200.10

216.58.201.106

142.250.200.42

216.58.212.202

172.217.169.42

216.58.212.234

142.250.187.234

142.250.179.234

172.217.16.234
8.8.8.8:53

clients6.google.com

dns

msedge.exe

65 B
105 B
1
1

DNS Request

clients6.google.com

DNS Response

142.250.178.14
8.8.8.8:53

blobcomments-pa.clients6.google.com

dns

msedge.exe

81 B
97 B
1
1

DNS Request

blobcomments-pa.clients6.google.com

DNS Response

142.250.200.10
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.206.84
142.250.200.10:443

blobcomments-pa.clients6.google.com

https

msedge.exe

4.3kB
9.6kB
9
12
8.8.8.8:53

contacts.google.com

dns

msedge.exe

65 B
102 B
1
1

DNS Request

contacts.google.com

DNS Response

142.250.200.14
74.125.206.84:443

accounts.google.com

https

msedge.exe

5.3kB
12.1kB
15
18
142.250.178.14:443

clients6.google.com

https

msedge.exe

5.3kB
7.9kB
10
12
8.8.8.8:53

10.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.200.250.142.in-addr.arpa
8.8.8.8:53

84.206.125.74.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.206.125.74.in-addr.arpa
224.0.0.251:5353

msedge.exe

582 B
9
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

53.210.109.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

53.210.109.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

www.youtube.com

dns

msedge.exe

122 B
670 B
2
2

DNS Request

www.youtube.com

DNS Response

142.250.178.14

142.250.200.46

142.250.200.14

142.250.180.14

142.250.187.238

172.217.169.14

216.58.213.14

142.250.179.238

172.217.169.78

142.250.187.206

216.58.204.78

172.217.16.238

216.58.201.110

172.217.169.46

216.58.212.206

DNS Request

www.youtube.com

DNS Response

142.250.187.238

142.250.180.14

142.250.179.238

142.250.187.206

172.217.169.78

216.58.212.206

142.250.200.46

172.217.169.46

172.217.16.238

142.250.178.14

216.58.213.14

172.217.169.14

142.250.200.14

216.58.204.78

216.58.201.110
8.8.8.8:53

tools.google.com

dns

msedge.exe

62 B
100 B
1
1

DNS Request

tools.google.com

DNS Response

216.58.212.206
8.8.8.8:53

s.ytimg.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

s.ytimg.com

DNS Response

172.217.169.14
8.8.8.8:53

78.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

78.204.58.216.in-addr.arpa
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

40.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

40.169.217.172.in-addr.arpa
8.8.8.8:53

206.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.212.58.216.in-addr.arpa
8.8.8.8:53

14.169.217.172.in-addr.arpa

dns

146 B
224 B
2
2

DNS Request

14.169.217.172.in-addr.arpa

DNS Request

14.169.217.172.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
172.217.16.228:443

www.google.com

https

msedge.exe

3.8kB
8.6kB
8
11
142.250.180.14:443

www.youtube.com

https

msedge.exe

117.0kB
11.9kB
100
62
142.250.200.14:443

www.youtube.com

https

msedge.exe

4.5kB
22.9kB
14
21
74.125.206.84:443

accounts.google.com

https

msedge.exe

9.1kB
170.5kB
78
156
142.250.187.206:443

www.youtube.com

https

msedge.exe

2.3kB
2.7kB
9
7
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
172.217.16.228:443

www.google.com

https

msedge.exe

2.8kB
4.8kB
8
8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
32KB

MD5
1f76396a01f9b997d149642fa19395bd

SHA1
f26dd69ff0c45d7fcd9553f0cc5caeaf5410cffe

SHA256
c519c5d085e60c32c52df7706f00daddd219415a5aa2c45d2d7d9dad1e5ac849

SHA512
0153e322815e320bbb18042488bffc0bd7a7c6c063c9919284086496c58865e4da89b3606c0f58e1b7c0a07380dddb2e2a59f967966868c21c26670c215064c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3e7f9357a0068d08db567fa09e60a79b

SHA1
787d906d6b21e731e3f1f8f6e75c256a84026b50

SHA256
83bd230729354f14588fd1797ac39e6f5f876ca17039c09ae5203aa42179261a

SHA512
071197e9a48bf652510e2c22762c65a5509b3210a6727a72fab270fc411a9f5ef87dd4b7dd6fc838e9e7b36d511bc24b50a5ad1c724ecf2e52ee57dbc615f25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
df859d9b4c163af50bea9dbb04620d3f

SHA1
bf2a99267a4c28947f80d6175e89a4943e13077d

SHA256
4b243ed3351a2a3560651b22a70bacbd3b9193468f0fbd9943ee8ddf9310d828

SHA512
b1f3425687352311e3005d20cddd2fcb9e12f9f42fb8ef1bb38e51fa0b2ef01294fe4dc416ff64acb9bf03ef2f8d37c1092c79237eaf3cd73811c9939545df75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ec773a84559dd2bbfa3f7a2bb813c731

SHA1
8d302011d6e70f05e64bf10b156d488ba6bcfc0a

SHA256
5a055e9d0d3b332cc10903eec40ad0aa5e515db07071c1f5dc241ccd7a193db4

SHA512
f63bd1d5e2dca86484ba41d6fe5b928c303e50a19c6bf09fa6af24cf6eb975e66943778308c88f6a4787e2addc7fa784bbe6d80d06eee62a31c45d89660f8bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0e0d388c3fdfe97b836e6a79e00803e4

SHA1
6bde9784aa6a5038f3953261999f59af2c5b88ca

SHA256
3b208bc223b6c10793c24ee94d1de18581d2f97f0f77cae6910da012d0c2c766

SHA512
be3170a3281111d302434d361841a7c27d587d20bbfa7908d3c17b7769b51c53abf6f8f6e991daa0a6cf0a7ac71f9d9615918ac25af8c7a251303c9978154cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
04cd3f327c9ef8e0695dfbdd5f8c43d2

SHA1
534db73686801ec2f492d0840c1ec2b9aca29224

SHA256
9c11f3a941c009b8f05997af912c5bd8bd0f22803207d514dd0498bcb236f7b6

SHA512
9ebd7c92fe4cd732894e94c569dfedcfefa680d64dae454fc5c40991f0b154329fe1cd9b603203f3a75b2a35afa8c5c6b74cf590c9e37fe9b256332bc4cf6cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbf698d4f09fd0d1c9340b8e31788a27

SHA1
6473b588866a90912959f7f225f86b943d547ff3

SHA256
4e1f26e6cd3f0b773fd3725429731f8399b459b2b1cb385215e922c5580bcb4e

SHA512
1f79b9494865e47c9ed1d1d906d89c6161c6470d6a973a20a6864b9f31cc951854a128ae27aad273eb984e1bb039d8ad305bb0372e373a6ef436e39989d62852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd0c499b0d315448d3098a357578c294

SHA1
ce04c754bfd1b2a53626dcaeb9b253db45168a2c

SHA256
698e14368ac2c88d8350470f8593e4f3e6aa57bfcdc7539c270ad8ed6558ca1c

SHA512
8d4b68b596e15445f1c4e225ff30b588cfcbef65988f584853e1230c415d54b52af458b1e46edf933f1df6884e646f5ed5c3af15201cd510b13a9de90d9208a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
233863f9596df86757cec4bc1a745711

SHA1
bb59ef7357492c48eddd8b4f0d636e9f4d82afc6

SHA256
2ef4deb0276c0e15e53685347f7f8225260d1887fd799c1906a7e0fe0073873d

SHA512
2ea8348f7f922801abbeffec4b019fa5db9f59fe5e890b9f9dff2c97a2ef5298c9ef7f058e6c53494939271aab5a736bc2658c3a4c4b8831b981ac51878023b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
403f505534457e3c25e037895150a0e2

SHA1
cebb483110900dcf292117d379b6ec3df5d97f18

SHA256
be5b3dd46c4eefa20e099a397f3c7954817a20bea181e627f3d61c76e636988f

SHA512
63a0b2b1fe8d3c64ae4cdf1faf0343975dc4d378bdc3b3d5fdd2423fc83eaff4b3f8369986a157ef871e1f68a25396acb86899d7e8ddc7bf63abc3948b03fa8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
401a163f24e95ccb42d2b83f3e72897e

SHA1
5b3cd319599e56f2cb4b2637617d2f0ca2c26680

SHA256
e3429bf8a18b84376017e7220334938c4151ba1795ce8e5f7f7dd2944b4e3649

SHA512
e9701cb2002aa6c04d75191b4344c2b38bba61f4937eec50c985123eff7ee5c041119fd6d0ed1d965c0c209d599120c93aa1724a9fe6c20f13a9b0637c81846a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fbc156ef4eab8ef02ac082f0529fde5f

SHA1
0b80fe6465db4c6a2ebd9afe729c896b2616bdae

SHA256
6563b11c65976d406bee6d25f99a3dbbfe8c3adb26805ed88e6c961a158ca8f9

SHA512
b98b4238d361ef9fd1252b31c9b5d8413ab8153f8c1586ef00e1a688bd414fc0faeaf3741dd109fe9e95dec595fce13bc366b437d73c330eea01ee4df856e7de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815a6.TMP

Filesize
1KB

MD5
cb1070a6ad1f6ee311deefedaa7a5f44

SHA1
78d9f878a731ee15c552da98b91f47659dfde993

SHA256
ba2100c947abec40c3193208b6b331cc0e1d52bd44e80819ecc57ae914270a52

SHA512
6869f9301861a6693ce7d2f8399d4cee5b992c5a07f38c6548da45fdc25565361d7e85d1811bf6f625b20f4a43828ad26daeb8301b2701380ae73dde0319f512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c86d604d-bdaa-4f1b-a2b7-3464ccca94d0.tmp

Filesize
5KB

MD5
de7e4a82fc1a567bd4571740a0d009fe

SHA1
9343acbe01b49f65e56902ca56bbf26494f2ccf1

SHA256
8f1818cf73343545976c52187fbf2b8c65ab67d6542370fab48ad813becd26e0

SHA512
76bdf11d463fa471026ec16c4428018af33539d805b312c42da61e3018ca16e851db89b91e9df71590d71775a486569dc6e3e49a306544377a67083c6b01791d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8fef58b7e1e3a8bcabc18352314e41ad

SHA1
307b481dae7ba9dbbf280a0f5c759c156d4f8bf7

SHA256
61361770cf6495d3e152e843984aee09f8724bcf53d38a12785b04da15869369

SHA512
1ea4335d33190a291a5c9ed413ba11ac9d2a88ff39262e77bcd058afd4e69f827e30ce89f937cd88aef1517f4e6aecfb21139d1e03b488eda655dbf478cc0b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
58e1a3ea28cd3f7e1ae7fe58df8e2c6e

SHA1
efc43a5f50f6286cd3b37c0f2032ae029709b69d

SHA256
e796180db9b0050b7aa991b1a479f50a31071fe49f0682cc9099c9e5f04b8170

SHA512
5f1296f0f992f00b5950d2e4ae1b8c03f81dbfa3f6814932bed3e515e984dd7633a265859bd809978138974099043a185d3232bee10282bd46d1ed992e080371

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request