Analysis
-
max time kernel
299s -
max time network
294s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-12-2024 00:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D
Resource
win11-20241007-en
General
-
Target
https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 6 drive.google.com 2 drive.google.com 5 drive.google.com -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133776600313632395" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3870231897-2573482396-1083937135-1000\{B47DE81D-A5AA-49D0-BE7D-E2DB568F4937} chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1096 chrome.exe 1096 chrome.exe 3756 chrome.exe 3756 chrome.exe 3756 chrome.exe 3756 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe Token: SeShutdownPrivilege 1096 chrome.exe Token: SeCreatePagefilePrivilege 1096 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe 1096 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1096 wrote to memory of 2932 1096 chrome.exe 78 PID 1096 wrote to memory of 2932 1096 chrome.exe 78 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 888 1096 chrome.exe 79 PID 1096 wrote to memory of 4956 1096 chrome.exe 80 PID 1096 wrote to memory of 4956 1096 chrome.exe 80 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81 PID 1096 wrote to memory of 3592 1096 chrome.exe 81
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff967ccc40,0x7fff967ccc4c,0x7fff967ccc582⤵PID:2932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:22⤵PID:888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:32⤵PID:4956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:82⤵PID:3592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:4040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:1332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4328,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:12⤵PID:656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4560,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:82⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:82⤵
- Modifies registry class
PID:780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5180,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:82⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=740,i,1044659866991569953,13647721893887086286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3756
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2992
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3860
Network
-
Remote address:8.8.8.8:53Requestdrive.google.comIN AResponsedrive.google.comIN A142.250.180.14
-
Remote address:8.8.8.8:53Request74.204.58.216.in-addr.arpaIN PTRResponse74.204.58.216.in-addr.arpaIN PTRlhr48s49-in-f101e100net74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f74�H74.204.58.216.in-addr.arpaIN PTRlhr25s13-in-f10�H
-
Remote address:8.8.8.8:53Request84.206.125.74.in-addr.arpaIN PTRResponse84.206.125.74.in-addr.arpaIN PTRwk-in-f841e100net
-
Remote address:8.8.8.8:53Requestfonts.gstatic.comIN AResponsefonts.gstatic.comIN A172.217.16.227
-
Remote address:8.8.8.8:53Requestaccounts.youtube.comIN AResponseaccounts.youtube.comIN CNAMEwww3.l.google.comwww3.l.google.comIN A142.250.200.14
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A172.217.16.228
-
Remote address:8.8.8.8:53Request228.16.217.172.in-addr.arpaIN PTRResponse228.16.217.172.in-addr.arpaIN PTRmad08s04-in-f41e100net228.16.217.172.in-addr.arpaIN PTRlhr48s28-in-f4�H
-
Remote address:8.8.8.8:53Request66.112.168.52.in-addr.arpaIN PTRResponse
-
Remote address:142.250.180.14:443RequestGET /file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D HTTP/2.0
host: drive.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CPKVywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=g9jdGAQsIpxxNrp1Y1WZ9H0P3US4drlfzZ1zxW0MBZyUyeT8PBd-sLOv-qNef1W6AUhopwMpKXvrY5FsL_58R5gQJ-BT0XVt55XiFpRE0IVyz_rCyOP5UfqhXHQ7uRNtqCpUQlK7cnh195tAtzwd6cWbJHaezli24AYAX8opQlJo9ULAo7Z78lkHYOHabz-nhac
-
Remote address:142.250.180.14:443RequestGET /file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/ HTTP/2.0
host: drive.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CPKVywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=g9jdGAQsIpxxNrp1Y1WZ9H0P3US4drlfzZ1zxW0MBZyUyeT8PBd-sLOv-qNef1W6AUhopwMpKXvrY5FsL_58R5gQJ-BT0XVt55XiFpRE0IVyz_rCyOP5UfqhXHQ7uRNtqCpUQlK7cnh195tAtzwd6cWbJHaezli24AYAX8opQlJo9ULAo7Z78lkHYOHabz-nhac
cookie: NID=519=l6NPE7uU5KbBxg_By9viuIczxX0LWR7KPjvZ3dCw_yGX0W2zHu8CAjBpIa9zs0YZ8LogeI7mpOcqVuEglaXZVFmGmUFewdxpAqFwwG_DqUkiNVzRTvum53zIvt_RnMdFj77aQZbHesR5fO8H5gmKvRwZXCQcT1QXGtNMWtvqX4LaqAM
-
GEThttps://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&followup=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/editchrome.exeRemote address:74.125.206.84:443RequestGET /ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&followup=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CPKVywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=g9jdGAQsIpxxNrp1Y1WZ9H0P3US4drlfzZ1zxW0MBZyUyeT8PBd-sLOv-qNef1W6AUhopwMpKXvrY5FsL_58R5gQJ-BT0XVt55XiFpRE0IVyz_rCyOP5UfqhXHQ7uRNtqCpUQlK7cnh195tAtzwd6cWbJHaezli24AYAX8opQlJo9ULAo7Z78lkHYOHabz-nhac
cookie: NID=519=l6NPE7uU5KbBxg_By9viuIczxX0LWR7KPjvZ3dCw_yGX0W2zHu8CAjBpIa9zs0YZ8LogeI7mpOcqVuEglaXZVFmGmUFewdxpAqFwwG_DqUkiNVzRTvum53zIvt_RnMdFj77aQZbHesR5fO8H5gmKvRwZXCQcT1QXGtNMWtvqX4LaqAM
-
GEThttps://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&followup=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&osid=1&passive=1209600&service=wise&ifkv=AcMMx-farTMtnlT0A-s9eWfNuQYFL_7-ycwZ1_vyolTZgvunLZ89yUv2KK1ksLE9f4i1BQHiRNmPnQchrome.exeRemote address:74.125.206.84:443RequestGET /InteractiveLogin?continue=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&followup=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&osid=1&passive=1209600&service=wise&ifkv=AcMMx-farTMtnlT0A-s9eWfNuQYFL_7-ycwZ1_vyolTZgvunLZ89yUv2KK1ksLE9f4i1BQHiRNmPnQ HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CPKVywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=g9jdGAQsIpxxNrp1Y1WZ9H0P3US4drlfzZ1zxW0MBZyUyeT8PBd-sLOv-qNef1W6AUhopwMpKXvrY5FsL_58R5gQJ-BT0XVt55XiFpRE0IVyz_rCyOP5UfqhXHQ7uRNtqCpUQlK7cnh195tAtzwd6cWbJHaezli24AYAX8opQlJo9ULAo7Z78lkHYOHabz-nhac
cookie: NID=519=l6NPE7uU5KbBxg_By9viuIczxX0LWR7KPjvZ3dCw_yGX0W2zHu8CAjBpIa9zs0YZ8LogeI7mpOcqVuEglaXZVFmGmUFewdxpAqFwwG_DqUkiNVzRTvum53zIvt_RnMdFj77aQZbHesR5fO8H5gmKvRwZXCQcT1QXGtNMWtvqX4LaqAM
cookie: __Host-GAPS=1:NgLpPJPfmIjqKJ7AeX9xaDk-gvBv_Q:dg_uXastdE0HaCy0
-
GEThttps://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D%2Fedit&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D%2Fedit&ifkv=AcMMx-fhAwKAR06mDlclQpf1z8hvC6oK1fLiHBRPgNYyaGqy0_qa3dGLxwsDJcVDNkYJ9025M0T7hg&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S33688829%3A1733186428578898&ddm=1chrome.exeRemote address:74.125.206.84:443RequestGET /v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D%2Fedit&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D%2Fedit&ifkv=AcMMx-fhAwKAR06mDlclQpf1z8hvC6oK1fLiHBRPgNYyaGqy0_qa3dGLxwsDJcVDNkYJ9025M0T7hg&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S33688829%3A1733186428578898&ddm=1 HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CPKVywE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=g9jdGAQsIpxxNrp1Y1WZ9H0P3US4drlfzZ1zxW0MBZyUyeT8PBd-sLOv-qNef1W6AUhopwMpKXvrY5FsL_58R5gQJ-BT0XVt55XiFpRE0IVyz_rCyOP5UfqhXHQ7uRNtqCpUQlK7cnh195tAtzwd6cWbJHaezli24AYAX8opQlJo9ULAo7Z78lkHYOHabz-nhac
cookie: NID=519=l6NPE7uU5KbBxg_By9viuIczxX0LWR7KPjvZ3dCw_yGX0W2zHu8CAjBpIa9zs0YZ8LogeI7mpOcqVuEglaXZVFmGmUFewdxpAqFwwG_DqUkiNVzRTvum53zIvt_RnMdFj77aQZbHesR5fO8H5gmKvRwZXCQcT1QXGtNMWtvqX4LaqAM
cookie: __Host-GAPS=1:NgLpPJPfmIjqKJ7AeX9xaDk-gvBv_Q:dg_uXastdE0HaCy0
-
GEThttps://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=protochrome.exeRemote address:216.58.201.106:443RequestGET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CPKVywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
-
GEThttps://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlxVucfMIxJFxIFDVNaR8UhtOKNO-OttAs=?alt=protochrome.exeRemote address:216.58.201.106:443RequestGET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlxVucfMIxJFxIFDVNaR8UhtOKNO-OttAs=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CPKVywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
-
GEThttps://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-191473461×tamp=1733186428271chrome.exeRemote address:142.250.200.14:443RequestGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-191473461×tamp=1733186428271 HTTP/2.0
host: accounts.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CPKVywE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
-
Remote address:142.250.187.206:443RequestOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
-
Remote address:142.250.187.206:443RequestOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request106.201.58.216.in-addr.arpaIN PTRResponse106.201.58.216.in-addr.arpaIN PTRprg03s02-in-f1061e100net106.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f10�J106.201.58.216.in-addr.arpaIN PTRprg03s02-in-f10�J
-
Remote address:8.8.8.8:53Requestbeacons.gcp.gvt2.comIN AResponsebeacons.gcp.gvt2.comIN CNAMEbeacons-handoff.gcp.gvt2.combeacons-handoff.gcp.gvt2.comIN A172.217.16.227
-
Remote address:8.8.8.8:53Request14.200.250.142.in-addr.arpaIN PTRResponse14.200.250.142.in-addr.arpaIN PTRlhr48s29-in-f141e100net
-
Remote address:8.8.8.8:53Requestself.events.data.microsoft.comIN AResponseself.events.data.microsoft.comIN CNAMEself-events-data.trafficmanager.netself-events-data.trafficmanager.netIN CNAMEonedscolprdeus01.eastus.cloudapp.azure.comonedscolprdeus01.eastus.cloudapp.azure.comIN A52.168.112.66
-
Remote address:8.8.8.8:53Request227.16.217.172.in-addr.arpaIN PTRResponse227.16.217.172.in-addr.arpaIN PTRmad08s04-in-f31e100net227.16.217.172.in-addr.arpaIN PTRlhr48s28-in-f3�H
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.187.250.142.in-addr.arpaIN PTRResponse206.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f141e100net
-
Remote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A74.125.206.84
-
Remote address:172.217.16.228:443RequestGET /favicon.ico HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CPKVywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=g9jdGAQsIpxxNrp1Y1WZ9H0P3US4drlfzZ1zxW0MBZyUyeT8PBd-sLOv-qNef1W6AUhopwMpKXvrY5FsL_58R5gQJ-BT0XVt55XiFpRE0IVyz_rCyOP5UfqhXHQ7uRNtqCpUQlK7cnh195tAtzwd6cWbJHaezli24AYAX8opQlJo9ULAo7Z78lkHYOHabz-nhac
cookie: NID=519=l6NPE7uU5KbBxg_By9viuIczxX0LWR7KPjvZ3dCw_yGX0W2zHu8CAjBpIa9zs0YZ8LogeI7mpOcqVuEglaXZVFmGmUFewdxpAqFwwG_DqUkiNVzRTvum53zIvt_RnMdFj77aQZbHesR5fO8H5gmKvRwZXCQcT1QXGtNMWtvqX4LaqAM
-
Remote address:172.217.16.228:443RequestGET /recaptcha/api.js?render=explicit&trustedtypes=true HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CPKVywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=519=CcW7c62HtABsgIATLrstiO_0_LoTcPEYK4-Ayh62cHeyF6WBxFHHbkXcWjXVmor9NFsn41N8OzSu5n0gJJn5_biQzsHG3U6lGgThzXYven1pCi80C2_0A3x4AQBL2Nm96Cr3l1PzSL0rcEk7B8fOO8PZHZeEvgQguGcLg5WGaug6Q1rhPluEeBs
cookie: __Secure-ENID=24.SE=ppfbyJY9sW-chssSHmoNO2_ciVhRF_uDthTsc-zcCK9NCHtMubke2RoSR24b7iE4MznE-G8MWFz6KLMCrb4jReb-f_EIy617yp9gvWppAku5AVyWp5L6sJcqhRMmnAa5uGcIKXF7UrAsuBUgO0QnCWMoI7DhzRz3XNxfQBxq3FCFzo38-dJU16uHUkKjApu89jhY94bNLg
-
142.250.180.14:443https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/tls, http2chrome.exe3.1kB 11.0kB 26 30
HTTP Request
GET https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1DHTTP Request
GET https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/ -
1.1kB 8.1kB 9 9
-
74.125.206.84:443https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D%2Fedit&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D%2Fedit&ifkv=AcMMx-fhAwKAR06mDlclQpf1z8hvC6oK1fLiHBRPgNYyaGqy0_qa3dGLxwsDJcVDNkYJ9025M0T7hg&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S33688829%3A1733186428578898&ddm=1tls, http2chrome.exe6.7kB 174.0kB 86 148
HTTP Request
GET https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&followup=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/editHTTP Request
GET https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&followup=https://drive.google.com/file/d/1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D/edit&osid=1&passive=1209600&service=wise&ifkv=AcMMx-farTMtnlT0A-s9eWfNuQYFL_7-ycwZ1_vyolTZgvunLZ89yUv2KK1ksLE9f4i1BQHiRNmPnQHTTP Request
GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D%2Fedit&followup=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F1mK8llt5rQZ7Y0SxguOsWqW3YSC4iO_1D%2Fedit&ifkv=AcMMx-fhAwKAR06mDlclQpf1z8hvC6oK1fLiHBRPgNYyaGqy0_qa3dGLxwsDJcVDNkYJ9025M0T7hg&osid=1&passive=1209600&service=wise&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S33688829%3A1733186428578898&ddm=1 -
216.58.201.106:443https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlxVucfMIxJFxIFDVNaR8UhtOKNO-OttAs=?alt=prototls, http2chrome.exe2.6kB 7.6kB 26 28
HTTP Request
GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=protoHTTP Request
GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlxVucfMIxJFxIFDVNaR8UhtOKNO-OttAs=?alt=proto -
142.250.200.14:443https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-191473461×tamp=1733186428271tls, http2chrome.exe2.9kB 24.5kB 29 31
HTTP Request
GET https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-191473461×tamp=1733186428271 -
1.0kB 7.6kB 9 9
-
142.250.187.206:443https://play.google.com/log?format=json&hasfast=true&authuser=0tls, http2chrome.exe2.2kB 8.8kB 22 24
HTTP Request
OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0HTTP Request
OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0 -
172.217.16.228:443https://www.google.com/recaptcha/api.js?render=explicit&trustedtypes=truetls, http2chrome.exe3.4kB 10.3kB 26 27
HTTP Request
GET https://www.google.com/favicon.icoHTTP Request
GET https://www.google.com/recaptcha/api.js?render=explicit&trustedtypes=true -
1.2kB 5.8kB 12 12
-
540 B 905 B 8 8
DNS Request
drive.google.com
DNS Response
142.250.180.14
DNS Request
74.204.58.216.in-addr.arpa
DNS Request
84.206.125.74.in-addr.arpa
DNS Request
fonts.gstatic.com
DNS Response
172.217.16.227
DNS Request
accounts.youtube.com
DNS Response
142.250.200.14
DNS Request
www.google.com
DNS Response
172.217.16.228
DNS Request
228.16.217.172.in-addr.arpa
DNS Request
66.112.168.52.in-addr.arpa
-
4.2kB 8.5kB 10 13
-
18.9kB 14.4kB 47 48
-
139 B 285 B 2 2
DNS Request
106.201.58.216.in-addr.arpa
DNS Request
beacons.gcp.gvt2.com
DNS Response
172.217.16.227
-
149 B 306 B 2 2
DNS Request
14.200.250.142.in-addr.arpa
DNS Request
self.events.data.microsoft.com
DNS Response
52.168.112.66
-
145 B 298 B 2 2
DNS Request
227.16.217.172.in-addr.arpa
DNS Request
19.229.111.52.in-addr.arpa
-
139 B 194 B 2 2
DNS Request
206.187.250.142.in-addr.arpa
DNS Request
accounts.google.com
DNS Response
74.125.206.84
-
13.3kB 11.8kB 35 36
-
204 B 3
-
90.8kB 644.5kB 215 583
-
2.9kB 6.5kB 5 8
-
3.3kB 3.9kB 9 10
-
2.8kB 7.8kB 7 11
-
4.2kB 3.2kB 12 12
-
3.4kB 2.9kB 9 9
-
2.4kB 3.3kB 8 9
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\69bffdeb-3130-4b9e-a4aa-a6a46ed5443c.tmp
Filesize9KB
MD527d834ee0b050c5087c0a6643b07183c
SHA1bde68bd42f0279fbe865e2b85db19729373a036b
SHA2566459beb61305f6b66120eb90774470128f348ea7af713f0b3372f071bcc44d83
SHA5125b034e70382e7549b9d2a5982f964f3ec84a6a971ecaf31505ef8098780c1620966821a99b0925c079161812e240536779a89a531baa836d906ca9af1078c8fc
-
Filesize
649B
MD52eeecb2e4d8d3225034a545caf14bba3
SHA1d58ea5f5855b9c47fae789bcce350303550c1430
SHA256009132b1e4c29e7430dbf0b64777ea1e3bca5aae804670aee18fdca7e1cfb072
SHA512ea42cb8f932456ebaac6ad9260fba101ff8aa5ab058f1680609104b88bf80dc91466b30638c9fb2afb838454aa9f9f599c7d05e81acff3c8c56b055039533e2e
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
552B
MD5ee24acc22ca7d0b8aab9e0f85d93876e
SHA1236610dea70c485d195920bab74beeb28b203e6c
SHA256c484d439d1357bd5e5700b5c511a47f17798c177daa1f9ad35206fd077afeba9
SHA512fef94fefe612b66022fa8c8d5686b371fb5acf78820087e55b33fac96b65c40ab73ef8dde23a9d35bb41de5df4efdeb3acef4b172c1cebdcacb8a08f9d98fab7
-
Filesize
552B
MD51b451c0422bc460ac3843ceaff2ed09b
SHA17adb5b1e908582bd47bd188ec2e4728aa71bb2c9
SHA256ffafce79cd69bb9f7f1f50c97d139cd5a58fe9101bb04f44a654e028d7e446f0
SHA5123b1b0422a22bedd3ccff6aed8360aa986d0911ece28e61c3fce55b55be5e6a624c4261494a332d01f04b0e7cfe274dda4b5abe7eb3be943285910e72a31cb3d4
-
Filesize
552B
MD5a6553b5118aecd31abaffc2f6cc9be79
SHA12142deb81939a658af16c6696c9a2443ad2ca72e
SHA256f5d0c8a29e43b9050a6c0f3d71116953b9633e92ce34147d60f3ac8bd1c08b3f
SHA51247d8d6d231c78bca89c7383862cf0138bcfff4e0f690edc7ecff9db74c4ff9755c6035ff0f57a8ecf4291ee070288650537f20fae9e456f39ff6be953a1fc749
-
Filesize
3KB
MD5bdbfe9d16b910a25f73a74247707f1ff
SHA1fa7c003d369588c41e39cf71cd24ebb383d1f832
SHA25659b1f0b1574eafd21195c531c5ef080956c5acee47b13ec907e88c49b3a18c2d
SHA5126c972e946fb5acb1b82513387e67369216915abb898fddc0ceb4cc7f00e138586210e26613d8baebba166e34d4a9108f612b72f94b79234f43de27df4b239e41
-
Filesize
3KB
MD5f579f497092d60478e033d57f6415d07
SHA1e72df40cbf396cf9e51f1e595462c656e3d1799a
SHA256103b8a9d3d2197826d045039b3e7015f110efe138c5d839d3504889a077bcd20
SHA5125f2567614398e34f8e61143865da2b1811fd8ac50967bce02ec48a88df0229ff1abe169e52dd6d4b2f497bcb065ac4f485d9a45653fb402b8d732c721951637e
-
Filesize
3KB
MD55cb84ad8a0c0cd35ffb3d7e2d1a81ad0
SHA182e76c9562877f87ce8b77f95c338184a4ae04ac
SHA2562acdde5b8dd99b41e1aa4617fc90e9dec79f95fa8d7f4f3f7179c2f7be5afb49
SHA512f21d8fbeea80e6fa3563f398d5aeca4ae99fcc377c95104c15a4d2b33d2bb40630a5fbc80b2c6e65bb89ee0b4ff08eafdd54040fd73d5939f42461d907aebf1e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD57bba8627c535a6d395e694cea3e9b20e
SHA1c37c6b79bad9e8b40be67c7ced10ee83792c6b2f
SHA256d727968b6ecbe1771f5c1fb22c5e0eb33634ef1fba16b261d7833d884ee044af
SHA5122d41544fdcbad79a68bcaa59c3b84e8085cef7ac952252ef1204d68d15627e49a48d90d7a36a1025f985c0db04d09bb16cda89b06d73ff7a1a05efcdb627e8c1
-
Filesize
356B
MD5a7e9e6eb7b5d81801a1acc62e067637e
SHA144c3caf31338cc21fd866526ee7f3e2bc7a149b8
SHA256fe040aad19499520e171e16e541c61c0b4d68ecdb16050f4491634f3f8372e62
SHA512c6259abd0a57286428672846bb6afa419fc7b185cf4e7170e2557b5da3f98fb04ef9cbf863d512667ae0d72f7b5111dfbcc2051fef93094205ca8014500466f2
-
Filesize
356B
MD52a539d46e8741e1593bbe22338e2d1cc
SHA1b3f58cb90f71dcf44b8812357941f2bf8b6f5184
SHA256e367d2fd887c55586a585dab36c8abd443dfd664f36b5bd883e922327f03b550
SHA512f36346ab42b7d4686058419dd6ac717185dc793e80fa68704f89f87130cf4c3b995a892f6c5320fea89e4f8aecb51f44acfd8e8f69462ccda312715f11a03d56
-
Filesize
9KB
MD5147788c1fc81f9a34e83e4c3af227b8c
SHA1a59f71bfd9295fda9a2de3b20587b71e2fae4c12
SHA256edeeeee4f34ab93a8122fa6879bda382638716314cf6ecca830e50aff0e5bddf
SHA51284ded8cef59ebecbc46df5235d379ab2089dfa4c156fffc6595bc48a65d4b26ba69bafb9913ba18d35e882111338110751a5a993fb6fd0625e67daa8f18a7c67
-
Filesize
9KB
MD56d5ec28e07c9c4c1864e107896fff1a8
SHA16c73ce74295c8b78973de24971cb87d4bfba59c0
SHA25698c914888108715f1d753f16f7c9c938f4a8e31db41a17f0df0ae654054e0fde
SHA512d00a790570698ee9426f0904d0b928b9fd78a3f4184991b734d3e20b5af613bad069cfcbf7967bcf11b714dbec2dd9212f233dffbc63442b1de4e7fd371ab1a0
-
Filesize
9KB
MD5d6133200d5f3ccd4387d44da6d19fb02
SHA10bdf120ef90a5d4f0d054a1d2d03e1dedb06b298
SHA256cd84a4794a161ee9be7840de62a889d531ff45738d6a05346d2c555627716058
SHA51206c15a14fe67e5d8ec69d80cabb015ee5986f2e1df3a5fc54c016658a7346f3a4310f262966521b6b2b3fcd9d11493ea03c3c0b2948c80c6112ab7b7d175f440
-
Filesize
9KB
MD55cb8b5945994458eeb5727a08cb45c97
SHA1c8e4f7aeaf0e3fec618d7f6546e37fd7be2ffdf5
SHA2564bae1a7cca3bc066a0c712a74706015814057bd00cac802e28c011fef9012dbd
SHA512fc9e39249670adccab864d117ebc56ac68fc8cc03eea50656de1f29d64c9c425db683e7685ff6635be22a9a99d133688a91ac852d4067b4cab0889472a4a742d
-
Filesize
9KB
MD558646439c6657da47ed66a457863bd19
SHA1cbfcc509c4beced2ce0a42f9853b2204c7ec6c4d
SHA256462438ea9df249409baf82510f98f62c222e1c6d24921d7f4c214aedfd4bc63e
SHA512ece775416949661f6166ca4369e84fbf8ad49571e65d83436d677dcf65884c79aa0aa07e73bbf394556615adaefd0ccdc18df03eeb82b0ac44264907281533da
-
Filesize
9KB
MD534c3fb0f4bf5859ca765e76e0b1a1607
SHA19c55af8a39fc49fad704154200cc3e36c53dcbb4
SHA256c5e78816bc7f6e8c65bc57a767baa8e56e49cc90228c0b469ae1a80b22617e19
SHA512e6b412477712166d83418794138cdc1c25cbe1e3b31d78107644e9661a8d5e9f2efa8b51999ac104ed5d822de7858b983190011abee8ef7de3ae4ab9062fb23a
-
Filesize
9KB
MD5c1ff50a7e4b683cffe320e1b81808772
SHA181aa1649b9254e31ea6d41937db02822a748e300
SHA2563b17c528c8ba5cb457251d0a83c63332585e29d45a70c4226e471fdd11f9b11a
SHA5126fdea61f6970136d478153740da2215a1fda59b92a9f077ce0908c9860fadbc5c2789551f8e0bea3e4c1684390da5bf0b73a0f110f6fdd905ff4c923ea5f5567
-
Filesize
9KB
MD5678ad8a4d3e794254824d46ab482122e
SHA14127d7aab2eb74a411b47f4da577cca4f9908576
SHA2564695fba5b4319596156343a6e9504cadc133a53f33e3e438dca0bb7b318f15c7
SHA512ee331a4c2ad37cf93ad7bb6731cc439eb7675bd13a5c5803545c71ab7c16da26dc9438865d5280b92524cbe6113d692a3e9bb5467fe8404619f253d1dff56fb9
-
Filesize
9KB
MD5e1fba9588504b6570dc1629947c7ce27
SHA136d4dede6e9bbc049eda07cfd765dfcb07bd238e
SHA256aa204aac4bff55d56cdcb8c247f37be7859f5b559c9989afaa36873b81dffa20
SHA512e005c17f42cc75883aed69692dc1824649dfea6520f85c60023b44528871fe05dedd29e5d520baba2ee31e1e1bb2027dee087d280c8f032b00c9505315257ba1
-
Filesize
9KB
MD56717311161f1a6c76337e46db092b684
SHA1310bdf7ec1d9aa1954269d30942a961132218e8d
SHA256768e72266fdc595f964415a1d6c90cc89505530d080f4c4dba94551135395be9
SHA512d224dd573590c2139356f9204fc5c08222a85b07bf44eec712176b02e970fcd0b84c6e8a0c7e15812faf90d7e07eef8df1d1493d58fb86b8cb3acdf512cfb993
-
Filesize
9KB
MD51fd6a5ccb1eec42f59f8996878e4fb04
SHA1e53c9ea09c8955a67ae7e0bf76e5a1eb84a0ac2f
SHA25658b18ab349eeaf1a0072ab652562cfe4f389992fe35ec750889e0843ba622fb6
SHA51230df03af7c70ec83376ca971f7a115a834e0bbe80581b0ba5ae9f9a3c679b7edfe0721cd96d0dec7aaf192cf6ad5e154a749e56118b46aa64c52f4a4d7896ec3
-
Filesize
9KB
MD55c97799dc8a6ce4d939b3a7d387506ad
SHA1e6ce1d5e2d7e5160ff24f52cdbe884e538970b0f
SHA2560d9d6287de37fe1e5a27683a7f690b892884acf995e4c0a0a9cc57653c28aed3
SHA512a5cb89978be829c6fc1257cd91525dbdf37c5946118712c384270db115f40e26054a702766dd1f63af77c9c593d16974b69ed7f7d78d5ed7276cb4c3d238c0bf
-
Filesize
9KB
MD54cc00121d9b96478467d9536762fdf41
SHA18d124e9e6c13c3cd73e39cd2ef30d15c78e997fa
SHA256d8e62ed47c50a24ff8d62f4d40aa3786efedc5a35807b01025ea71db8d86a5c0
SHA512fb4bbc29013a04c8ac73f3cb0d1cc8acb939be5cc454a8cf2e276d0c5cadf396b2f0504de0811355997493a76d64469faa19529b26ae7bedd505a9a39b23a28a
-
Filesize
9KB
MD5ce3c36ca0aa72c4414559028047821c0
SHA1f1583064bd69e1d337adf22952d9f83e95dff9c9
SHA256fae28f4c5535d9acbb737ef6c557910e2175cfd8db613d93a5885cee3572115f
SHA512a302fb0c00ef7f126b683342306610b1ab2c645e7c5ee00308d8d7966b53bcf6d1ba23b0b2df65afe43c656f63a5d37e413b29b6aa2893328c954851878e38be
-
Filesize
9KB
MD51848397f9776bb8240cf5ec3c3bb3680
SHA12a20a9795dc21838d62871753e0b4601eedcd985
SHA256fa4cd3f2f670b23e1cc6bcd09357e5817c7bd7dcba4f33560be7a4693f47a2ed
SHA512b411a7240b8e3ff96a6ff8c22b7729214d7fb0b52b33b91f535e694c65a6f024ad49c05a9153cbb6ded7c3b7f39484decb1d7f6693b777a9b1e5fdcdfc0fe945
-
Filesize
9KB
MD5629105a3193f00bf4cd01e23c8c46fc2
SHA1c466690983aca31a2c22a34a4517469f50c1f6ad
SHA256f3e54a0c786d4ae5306b46789dcf850a53fb69d5ac9e44da5d1d41ed64a62c12
SHA512631f3e4878e62103a91e7986d6b6f01cf2eea4a85c94865eea3f19d1cc7867d88290e2ee0212b522f4f5eef8efc96928d22cccbfec728c30b39671ea9a061084
-
Filesize
9KB
MD52fefbedd8a72951da9f4882b72efad99
SHA1dfb2ed2b30ffd0f62935490c663ec3fb05971ba5
SHA25696b9896acb3b450a057e966a4056e19e5c31865159e0c8004f5a29698e345816
SHA5126a8642d0ac41b8805fa0cb541907079f4dd9a4aa62085fb627c213639ec9ee7b6f4a654176520c765e6a567c8b01d8a97c03f61744e891fe9951d2a0be4c34c2
-
Filesize
116KB
MD55932a491649b8377ad489c82d0c9683d
SHA13baedbc8f5075da382bafc6f681d35f14505f7cc
SHA256f3bf0d0c786bc8e0712470764ecf3bb6c354e0cb7ede7ee5fe308f453c3afbb3
SHA51295d15a2a2dc15cfa4f8548bef373cbcc4de32b0c4c6dcf9cc5a172a351f9b3a4562e5eb211838e40839a2eba9ac97f42e1b0266c05babb92c3cc8148c5835a46
-
Filesize
116KB
MD5d27d81cc2e55c99e88bcddf70bba03d7
SHA17489f900f058988b00ddc331516e8edf926b4793
SHA256594b4ab05a307cea13be7a1320cd180dc7125ccaf6b376123317bf7821ca10b3
SHA512fd7f163a0a17ee536eabc4b7f523c7857a5b2262295d368b0be7d6136cf4fe5e7f7eedaebbecf519f18b087f1b610073f8b81fc1318a063151d6b658f101fe0b