hxxps://drive[.]google[.]com/file/d/1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56/view?usp=drive_link

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/01/2025, 03:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
736	msedge.exe
736	msedge.exe
2312	identity_helper.exe
2312	identity_helper.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 2700	736	msedge.exe	82
PID 736 wrote to memory of 2700	736	msedge.exe	82
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 4056	736	msedge.exe	83
PID 736 wrote to memory of 2368	736	msedge.exe	84
PID 736 wrote to memory of 2368	736	msedge.exe	84
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85
PID 736 wrote to memory of 3004	736	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91b646f8,0x7ffb91b64708,0x7ffb91b64718
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13862086609899432386,4350344624291966274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

Network

DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

drive.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.250.179.238
GET

https://drive.google.com/file/d/1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56/view?usp=drive_link

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /file/d/1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56/view?usp=drive_link HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://drive.google.com/drive-viewer/AKGpihb2FmZhEHw3vn14D2-EBLws4cR8BzfXeV-mrkA0I5WIH3Rt8SjjI_EAfM4tnpKoDwFmn_hmqqzxFbMOhezVQ2vFQvWxXTWZV8M=s1600-rw-v1

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /drive-viewer/AKGpihb2FmZhEHw3vn14D2-EBLws4cR8BzfXeV-mrkA0I5WIH3Rt8SjjI_EAfM4tnpKoDwFmn_hmqqzxFbMOhezVQ2vFQvWxXTWZV8M=s1600-rw-v1 HTTP/2.0
host: drive.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=520=Z2Z-wb_wFutUK380hDca3tgrmDpbwsBUZDgFXjG__1tcfnnQ8GxZmmMm5WygWAZf6E9iXk6LA3vKaMQRlLOs3ZiG4fuSt2yQNvYpzVJ8o2CN-oRvkNG6s4mVL5lv2sNUiurw-nth2-yfSDWSgGbHuAWm3S3cUF29jhDk45pC92uBDums0dMxIF3-uA
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

167.173.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.173.78.104.in-addr.arpa

IN PTR

Response

167.173.78.104.in-addr.arpa

IN PTR

a104-78-173-167deploystaticakamaitechnologiescom
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f741e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f10�H
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR

Response
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

ogs.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.14
DNS

ogads-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

172.217.169.10

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

216.58.212.202
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.14
GET

https://ogs.google.com/widget/callout?prid=19044538&pgid=19044537&puid=2857107652ad6842&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=

msedge.exe

Remote address:

142.250.178.14:443

Request

GET /widget/callout?prid=19044538&pgid=19044537&puid=2857107652ad6842&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm= HTTP/2.0
host: ogs.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=520=Z2Z-wb_wFutUK380hDca3tgrmDpbwsBUZDgFXjG__1tcfnnQ8GxZmmMm5WygWAZf6E9iXk6LA3vKaMQRlLOs3ZiG4fuSt2yQNvYpzVJ8o2CN-oRvkNG6s4mVL5lv2sNUiurw-nth2-yfSDWSgGbHuAWm3S3cUF29jhDk45pC92uBDums0dMxIF3-uA
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

msedge.exe

Remote address:

216.58.213.10:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0

msedge.exe

Remote address:

142.250.178.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=520=Z2Z-wb_wFutUK380hDca3tgrmDpbwsBUZDgFXjG__1tcfnnQ8GxZmmMm5WygWAZf6E9iXk6LA3vKaMQRlLOs3ZiG4fuSt2yQNvYpzVJ8o2CN-oRvkNG6s4mVL5lv2sNUiurw-nth2-yfSDWSgGbHuAWm3S3cUF29jhDk45pC92uBDums0dMxIF3-uA
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_1

msedge.exe

Remote address:

142.250.178.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=520=Z2Z-wb_wFutUK380hDca3tgrmDpbwsBUZDgFXjG__1tcfnnQ8GxZmmMm5WygWAZf6E9iXk6LA3vKaMQRlLOs3ZiG4fuSt2yQNvYpzVJ8o2CN-oRvkNG6s4mVL5lv2sNUiurw-nth2-yfSDWSgGbHuAWm3S3cUF29jhDk45pC92uBDums0dMxIF3-uA
DNS

youtube.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

youtube.googleapis.com

IN A

Response

youtube.googleapis.com

IN A

172.217.169.42

youtube.googleapis.com

IN A

216.58.201.106

youtube.googleapis.com

IN A

142.250.187.202

youtube.googleapis.com

IN A

142.250.200.42

youtube.googleapis.com

IN A

142.250.200.10

youtube.googleapis.com

IN A

172.217.16.234

youtube.googleapis.com

IN A

172.217.169.10

youtube.googleapis.com

IN A

216.58.213.10

youtube.googleapis.com

IN A

216.58.212.234

youtube.googleapis.com

IN A

216.58.204.74

youtube.googleapis.com

IN A

142.250.187.234

youtube.googleapis.com

IN A

142.250.179.234

youtube.googleapis.com

IN A

142.250.180.10

youtube.googleapis.com

IN A

142.250.178.10
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
OPTIONS

https://play.google.com/log?format=json&hasfast=true

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-encoding,content-type
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=65svwb5ex5i

msedge.exe

Remote address:

142.250.200.3:443

Request

GET /docs/common/cleardot.gif?zx=65svwb5ex5i HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite62.svg

msedge.exe

Remote address:

142.250.200.3:443

Request

GET /docs/common/viewer/v3/v-sprite62.svg HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.gstatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/images/hpp/logo-chrome-color-1x-web-64dp.png

msedge.exe

Remote address:

142.250.187.196:443

Request

GET /images/hpp/logo-chrome-color-1x-web-64dp.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ogs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=520=Z2Z-wb_wFutUK380hDca3tgrmDpbwsBUZDgFXjG__1tcfnnQ8GxZmmMm5WygWAZf6E9iXk6LA3vKaMQRlLOs3ZiG4fuSt2yQNvYpzVJ8o2CN-oRvkNG6s4mVL5lv2sNUiurw-nth2-yfSDWSgGbHuAWm3S3cUF29jhDk45pC92uBDums0dMxIF3-uA
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

173.194.69.84
GET

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com

msedge.exe

Remote address:

173.194.69.84:443

Request

GET /ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=520=Z2Z-wb_wFutUK380hDca3tgrmDpbwsBUZDgFXjG__1tcfnnQ8GxZmmMm5WygWAZf6E9iXk6LA3vKaMQRlLOs3ZiG4fuSt2yQNvYpzVJ8o2CN-oRvkNG6s4mVL5lv2sNUiurw-nth2-yfSDWSgGbHuAWm3S3cUF29jhDk45pC92uBDums0dMxIF3-uA
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

195.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.187.250.142.in-addr.arpa

IN PTR

Response

195.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f31e100net
DNS

84.69.194.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.69.194.173.in-addr.arpa

IN PTR

Response

84.69.194.173.in-addr.arpa

IN PTR

ef-in-f841e100net
DNS

196.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

content.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

content.googleapis.com

IN A

Response

content.googleapis.com

IN A

142.250.200.10

content.googleapis.com

IN A

142.250.187.202

content.googleapis.com

IN A

172.217.169.10

content.googleapis.com

IN A

216.58.201.106

content.googleapis.com

IN A

142.250.187.234

content.googleapis.com

IN A

216.58.204.74

content.googleapis.com

IN A

142.250.179.234

content.googleapis.com

IN A

216.58.213.10

content.googleapis.com

IN A

172.217.169.42

content.googleapis.com

IN A

172.217.16.234

content.googleapis.com

IN A

142.250.200.42

content.googleapis.com

IN A

142.250.178.10

content.googleapis.com

IN A

142.250.180.10
DNS

blobcomments-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

blobcomments-pa.clients6.google.com

IN A

Response

blobcomments-pa.clients6.google.com

IN A

216.58.204.74
DNS

42.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.169.217.172.in-addr.arpa

IN PTR

Response

42.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f101e100net
DNS

peoplestackwebexperiments-pa.clients6.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

peoplestackwebexperiments-pa.clients6.google.com

IN A

Response

peoplestackwebexperiments-pa.clients6.google.com

IN A

172.217.169.74
OPTIONS

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

msedge.exe

Remote address:

172.217.169.74:443

Request

OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

msedge.exe

Remote address:

172.217.169.74:443

Request

OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/2.0
host: peoplestackwebexperiments-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://drive.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://drive.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

166.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.190.18.2.in-addr.arpa

IN PTR

Response

166.190.18.2.in-addr.arpa

IN PTR

a2-18-190-166deploystaticakamaitechnologiescom
DNS

25.125.209.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.125.209.23.in-addr.arpa

IN PTR

Response

25.125.209.23.in-addr.arpa

IN PTR

a23-209-125-25deploystaticakamaitechnologiescom
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.200.3
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

5.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.173.189.20.in-addr.arpa

IN PTR

Response

142.250.179.238:443

https://drive.google.com/drive-viewer/AKGpihb2FmZhEHw3vn14D2-EBLws4cR8BzfXeV-mrkA0I5WIH3Rt8SjjI_EAfM4tnpKoDwFmn_hmqqzxFbMOhezVQ2vFQvWxXTWZV8M=s1600-rw-v1

tls, http2

msedge.exe

3.4kB
64.1kB
38
60

HTTP Request

GET https://drive.google.com/file/d/1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56/view?usp=drive_link

HTTP Request

GET https://drive.google.com/drive-viewer/AKGpihb2FmZhEHw3vn14D2-EBLws4cR8BzfXeV-mrkA0I5WIH3Rt8SjjI_EAfM4tnpKoDwFmn_hmqqzxFbMOhezVQ2vFQvWxXTWZV8M=s1600-rw-v1
142.250.178.14:443

https://ogs.google.com/widget/callout?prid=19044538&pgid=19044537&puid=2857107652ad6842&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=

tls, http2

msedge.exe

2.6kB
23.0kB
25
27

HTTP Request

GET https://ogs.google.com/widget/callout?prid=19044538&pgid=19044537&puid=2857107652ad6842&cce=1&dc=1&origin=https%3A%2F%2Fdrive.google.com&cn=callout&pid=25&spid=25&hl=en-GB&dm=
216.58.213.10:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

msedge.exe

1.9kB
6.9kB
16
17

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.178.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_1

tls, http2

msedge.exe

5.2kB
122.8kB
61
98

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_1
142.250.178.14:443

apis.google.com

tls

msedge.exe

931 B
4.6kB
9
7
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

msedge.exe

1.8kB
8.4kB
15
18

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true
142.250.200.3:443

https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite62.svg

tls, http2

msedge.exe

2.5kB
18.9kB
27
27

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=65svwb5ex5i

HTTP Request

GET https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite62.svg
142.250.187.196:443

https://www.google.com/images/hpp/logo-chrome-color-1x-web-64dp.png

tls, http2

msedge.exe

2.1kB
9.5kB
18
19

HTTP Request

GET https://www.google.com/images/hpp/logo-chrome-color-1x-web-64dp.png
142.250.200.3:443

ssl.gstatic.com

msedge.exe

98 B
52 B
2
1
173.194.69.84:443

https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com

tls, http2

msedge.exe

2.4kB
7.7kB
17
17

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://drive.google.com/drivesharing/clientmodel?id%3D1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com&followup=https://drive.google.com/drivesharing/clientmodel?id%3D1oRq3bJjxh6oA7Jvs5iqq11Xdy0Swtm56%26foreignService%3Dtexmex%26authuser%3D0%26origin%3Dhttps://drive.google.com
172.217.169.74:443

peoplestackwebexperiments-pa.clients6.google.com

tls, http2

msedge.exe

1.1kB
11.3kB
11
12
172.217.169.74:443

https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

tls, http2

msedge.exe

2.2kB
12.4kB
20
23

HTTP Request

OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

HTTP Request

OPTIONS https://peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

drive.google.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

142.250.179.238
142.250.179.238:443

drive.google.com

https

msedge.exe

33.7kB
864.5kB
158
701
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

167.173.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

167.173.78.104.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

76.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

76.32.126.40.in-addr.arpa
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

ogs.google.com

dns

msedge.exe

60 B
97 B
1
1

DNS Request

ogs.google.com

DNS Response

142.250.178.14
8.8.8.8:53

ogads-pa.googleapis.com

dns

msedge.exe

69 B
309 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

216.58.213.10

142.250.179.234

216.58.204.74

172.217.16.234

142.250.180.10

142.250.200.42

142.250.187.202

142.250.187.234

172.217.169.10

142.250.200.10

172.217.169.74

142.250.178.10

216.58.201.106

216.58.212.234

216.58.212.202
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.178.14
8.8.8.8:53

youtube.googleapis.com

dns

msedge.exe

68 B
292 B
1
1

DNS Request

youtube.googleapis.com

DNS Response

172.217.169.42

216.58.201.106

142.250.187.202

142.250.200.42

142.250.200.10

172.217.16.234

172.217.169.10

216.58.213.10

216.58.212.234

216.58.204.74

142.250.187.234

142.250.179.234

142.250.180.10

142.250.178.10
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
8.8.8.8:53

ssl.gstatic.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.3
216.58.213.10:443

youtube.googleapis.com

https

msedge.exe

3.8kB
7.2kB
8
10
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

173.194.69.84
142.250.200.3:443

ssl.gstatic.com

https

msedge.exe

4.0kB
8.7kB
12
14
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

195.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.187.250.142.in-addr.arpa
8.8.8.8:53

84.69.194.173.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.69.194.173.in-addr.arpa
8.8.8.8:53

196.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.187.250.142.in-addr.arpa
173.194.69.84:443

accounts.google.com

https

msedge.exe

3.8kB
12.5kB
14
17
172.217.169.42:443

youtube.googleapis.com

https

msedge.exe

5.6kB
18.2kB
18
20
8.8.8.8:53

content.googleapis.com

dns

msedge.exe

68 B
276 B
1
1

DNS Request

content.googleapis.com

DNS Response

142.250.200.10

142.250.187.202

172.217.169.10

216.58.201.106

142.250.187.234

216.58.204.74

142.250.179.234

216.58.213.10

172.217.169.42

172.217.16.234

142.250.200.42

142.250.178.10

142.250.180.10
8.8.8.8:53

blobcomments-pa.clients6.google.com

dns

msedge.exe

81 B
97 B
1
1

DNS Request

blobcomments-pa.clients6.google.com

DNS Response

216.58.204.74
142.250.178.14:443

apis.google.com

https

msedge.exe

4.8kB
40.9kB
23
35
142.250.187.196:443

www.google.com

https

msedge.exe

4.0kB
11.0kB
11
13
8.8.8.8:53

42.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.169.217.172.in-addr.arpa
8.8.8.8:53

peoplestackwebexperiments-pa.clients6.google.com

dns

msedge.exe

94 B
110 B
1
1

DNS Request

peoplestackwebexperiments-pa.clients6.google.com

DNS Response

172.217.169.74
172.217.169.74:443

peoplestackwebexperiments-pa.clients6.google.com

https

msedge.exe

4.0kB
8.7kB
10
13
224.0.0.251:5353

523 B
8
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
142.250.179.238:443

play.google.com

https

msedge.exe

3.6kB
7.2kB
8
11
8.8.8.8:53

166.190.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

166.190.18.2.in-addr.arpa
142.250.200.3:443

ssl.gstatic.com

https

msedge.exe

2.4kB
3.3kB
9
9
8.8.8.8:53

25.125.209.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

25.125.209.23.in-addr.arpa
8.8.8.8:53

ssl.gstatic.com

dns

msedge.exe

122 B
154 B
2
2

DNS Request

ssl.gstatic.com

DNS Request

ssl.gstatic.com

DNS Response

142.250.200.3

DNS Response

142.250.200.3
142.250.200.3:443

ssl.gstatic.com

https

msedge.exe

2.4kB
3.3kB
9
9
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.236.111.52.in-addr.arpa
142.250.200.3:443

ssl.gstatic.com

https

msedge.exe

3.6kB
3.3kB
8
9
8.8.8.8:53

5.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

5.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
1f6fe07772c928f4bbe8baceac9a230b

SHA1
2c9ed18f2bc16b9e7bef69b1ec4f083d5814f1e0

SHA256
38cc4a707eb189cb9e2550d6b9174172353642de497b21e97823f246b6dd5217

SHA512
981855c0c6734b46ebe52f459240bb109384138c5d60f5c2d9a8f9dc1bd0631758a426f57bfa0814c085f626690f0a02f22a775d6796c3897b689ea4dda824eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c37ed854cd0f5c8d0c35304a448900f2

SHA1
a54f01504ef8347d4b277f56b2ad0648611ddd4e

SHA256
d6cfecff9ebc83ceb695716e4c106d592480266afcf97846877d34a2b4ae639e

SHA512
44b98a3838c22191b302bc1173183b7dd9024d08e92a1a21138e41e328c379f5ae2f64e71e7eb2fe7c2fa48bfe461241d067666474a41d42159f2961a4e43664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88c309d0fc5283f6cb4769a1eab68068

SHA1
1fe8e3b9092b0a04ce86925ad6bb5aca20e03b25

SHA256
7eddc19891dfe35d489a6ad02f5438a6464a42f2674f19fa51ae616848ea3ea5

SHA512
d4f82dc0c25f2162b0c3ca2a4ccff289cd1813bf657e6b74efcc353546bba40a059a269e2313edbf373e386b4f71f295179726b0eb64008e2352a53eeaff18ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4d2df9a44ad07a66accb845eb9baf8f

SHA1
af96a50ce8b1217bc57cfeedd1ef4eafe4eacc16

SHA256
8e7e41a9d218bac30a808044bcb0ea21f7be6627b675029f9a86b344c13cb413

SHA512
97ea9b66cfaf1ff0698ccea4bf3fe5ba68bb55711a57889031a7968f6f30e75b8dca56b032e1ccbb6bc9c327cfbb04f1933fdf38c5bc5212e5adf2dd48b6b17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48453110f7d57dc8fb3c1e3ac4f225c0

SHA1
f06d1ab29b7a2fdddbc13ad79fdb93ec4e2c241b

SHA256
f347c2a9cdd825b4a083d63ceb12b003f25746d0c22892ba2b505441e4e54ff2

SHA512
42cfd6109900d571d6a8563ed0ebe1518ccf820f77e85163029803e064ac9b6c732a2a51d137df2c7fbc1c83367f30e8eb9ffd9f255f7bf82adf748fcbd69a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
05d61dbbb93d03ec5b7e3ad85417ea6a

SHA1
70d806c2cbd8975e8894889bc8fec6c573f020d1

SHA256
869404b2f729817e2afe2535b13d878b127feba2ddfe13b9dab125147643abd3

SHA512
02e161f2710e5246fdbc7571318cfbe50c8f2df3e63e93bd732ea384f476bcafe3191d3466a296f696d8a7f7b400d2e44f8ecf314e962911b9cc82862d0ce454

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.