hxxps://www[.]youtube[.]com/

Analysis

max time kernel
73s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2023, 09:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248205783215482"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{B2EA513A-4357-4099-AB4D-74EF22D4E310}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: 33	1436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1436	AUDIODG.EXE
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 4644	5032	chrome.exe	83
PID 5032 wrote to memory of 4644	5032	chrome.exe	83
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 1788	5032	chrome.exe	84
PID 5032 wrote to memory of 4416	5032	chrome.exe	85
PID 5032 wrote to memory of 4416	5032	chrome.exe	85
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86
PID 5032 wrote to memory of 3976	5032	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36c49758,0x7ffb36c49768,0x7ffb36c49778
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4992 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1844,i,3824217891887344469,16510984577692975156,131072 /prefetch:8
  2⤵
  PID:3964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1436

Network

DNS

113.208.253.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.208.253.8.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

i.ytimg.com

chrome.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.251.39.118

i.ytimg.com

IN A

142.250.179.150

i.ytimg.com

IN A

142.251.36.54

i.ytimg.com

IN A

142.250.179.182

i.ytimg.com

IN A

142.250.179.214

i.ytimg.com

IN A

142.251.36.22
GET

https://i.ytimg.com/generate_204

chrome.exe

Remote address:

142.251.39.118:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.179.141
GET

https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

chrome.exe

Remote address:

142.250.179.141:443

Request

GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

250.255.255.239.in-addr.arpa

Remote address:

8.8.8.8:53

Request

250.255.255.239.in-addr.arpa

IN PTR

Response
DNS

10.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.214.58.216.in-addr.arpa

IN PTR

Response

10.214.58.216.in-addr.arpa

IN PTR

lhr26s05-in-f101e100net

10.214.58.216.in-addr.arpa

IN PTR

ams17s09-in-f10�H

10.214.58.216.in-addr.arpa

IN PTR

�8
DNS

206.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.168.217.172.in-addr.arpa

IN PTR

Response

206.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f141e100net
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

118.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.39.251.142.in-addr.arpa

IN PTR

Response

118.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f221e100net
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f1061e100net

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f10�J
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

141.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.179.250.142.in-addr.arpa

IN PTR

Response

141.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f131e100net
DNS

googleads.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.251.36.34
GET

https://googleads.g.doubleclick.net/pagead/id

chrome.exe

Remote address:

142.251.36.34:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

172.217.168.234

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

172.217.168.202

content-autofill.googleapis.com

IN A

216.58.208.106

content-autofill.googleapis.com

IN A

216.58.214.10
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAk8yq_jFOmFmxIFDfGjW-M=?alt=proto

chrome.exe

Remote address:

142.250.179.138:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAk8yq_jFOmFmxIFDfGjW-M=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CNnkygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

chrome.exe

Remote address:

142.250.179.138:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

34.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.36.251.142.in-addr.arpa

IN PTR

Response

34.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f21e100net
DNS

138.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.179.250.142.in-addr.arpa

IN PTR

Response

138.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f101e100net
DNS

yt3.ggpht.com

chrome.exe

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.179.193
GET

https://yt3.ggpht.com/ytc/AL5GRJX7mt9tgRop-KWJT1DImzRMtHlbrhFswrz9TzM2=s68-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.250.179.193:443

Request

GET /ytc/AL5GRJX7mt9tgRop-KWJT1DImzRMtHlbrhFswrz9TzM2=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/4B8hZO5fbUHQWZGnkONyEU1RdjxW3e2AGBPqsiFKwTnIWMk0s918_-ZPOFMXlwa7zbqZV92p8g=s68-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.250.179.193:443

Request

GET /4B8hZO5fbUHQWZGnkONyEU1RdjxW3e2AGBPqsiFKwTnIWMk0s918_-ZPOFMXlwa7zbqZV92p8g=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/uUfOrEH3ZGDTadl_LVSJlBSQrjZ96CMbIZMUtUeqJhHvgM7xcykdgysscHTd3XALYPVLHelmKg=s68-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.250.179.193:443

Request

GET /uUfOrEH3ZGDTadl_LVSJlBSQrjZ96CMbIZMUtUeqJhHvgM7xcykdgysscHTd3XALYPVLHelmKg=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/ytc/AL5GRJVYGr9N2OMipadt0RX2JMp0nEJNBMxLIQL3BEje=s68-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.250.179.193:443

Request

GET /ytc/AL5GRJVYGr9N2OMipadt0RX2JMp0nEJNBMxLIQL3BEje=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/urlPpKwSAU5dPhs3Ru5CH4vjCUhbeeZ57WP_00Unxj79HpXQCGaup-L5yLff5fhQecGpzVJjhw=s68-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.250.179.193:443

Request

GET /urlPpKwSAU5dPhs3Ru5CH4vjCUhbeeZ57WP_00Unxj79HpXQCGaup-L5yLff5fhQecGpzVJjhw=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/ewC1nleORkp8FkJpZrDPrqmVry6JHkUV_1eWuYFLlXTJGaoQ0v0qn1YLdZcpffMaRJrMMYIT5_U=s68-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.250.179.193:443

Request

GET /ewC1nleORkp8FkJpZrDPrqmVry6JHkUV_1eWuYFLlXTJGaoQ0v0qn1YLdZcpffMaRJrMMYIT5_U=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

100.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.39.251.142.in-addr.arpa

IN PTR

Response

100.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f41e100net
DNS

193.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.179.250.142.in-addr.arpa

IN PTR

Response

193.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f11e100net
DNS

jnn-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

216.58.214.10

jnn-pa.googleapis.com

IN A

142.250.179.138

jnn-pa.googleapis.com

IN A

142.251.36.42

jnn-pa.googleapis.com

IN A

172.217.168.234

jnn-pa.googleapis.com

IN A

142.250.179.170

jnn-pa.googleapis.com

IN A

142.250.179.202

jnn-pa.googleapis.com

IN A

142.251.36.10

jnn-pa.googleapis.com

IN A

142.251.39.106
DNS

static.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.179.198
DNS

static.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.179.198
GET

https://static.doubleclick.net/instream/ad_status.js

chrome.exe

Remote address:

142.250.179.198:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

suggestqueries-clients6.youtube.com

chrome.exe

Remote address:

8.8.8.8:53

Request

suggestqueries-clients6.youtube.com

IN A

Response

suggestqueries-clients6.youtube.com

IN A

142.251.39.110
OPTIONS

https://suggestqueries-clients6.youtube.com/complete/search?client=youtube&hl=en&gl=us&sugexp=qsatc5%2Cytpo.bo.me%3D0%2Cytposo.bo.me%3D0%2Cytpo.bo.ei%3D45358233%2Cytposo.bo.ei%3D45358233%2Ccfro%3D1%2Cytpo.bo.me%3D1%2Cytposo.bo.me%3D1%2Cytpo.bo.ei%3D45359209%2Cytposo.bo.ei%3D45359209&gs_rn=64&gs_ri=youtube&ds=yt&cp=1&gs_id=6&q=r&xhr=t&xssi=t

chrome.exe

Remote address:

142.251.39.110:443

Request

OPTIONS /complete/search?client=youtube&hl=en&gl=us&sugexp=qsatc5%2Cytpo.bo.me%3D0%2Cytposo.bo.me%3D0%2Cytpo.bo.ei%3D45358233%2Cytposo.bo.ei%3D45358233%2Ccfro%3D1%2Cytpo.bo.me%3D1%2Cytposo.bo.me%3D1%2Cytpo.bo.ei%3D45359209%2Cytposo.bo.ei%3D45359209&gs_rn=64&gs_ri=youtube&ds=yt&cp=1&gs_id=6&q=r&xhr=t&xssi=t HTTP/2.0
host: suggestqueries-clients6.youtube.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-goog-visitor-id
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

198.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.179.250.142.in-addr.arpa

IN PTR

Response

198.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f61e100net
DNS

198.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.179.250.142.in-addr.arpa

IN PTR

Response

198.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f61e100net
DNS

110.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.39.251.142.in-addr.arpa

IN PTR

Response

110.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f141e100net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.251.36.46
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.58.4%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D40%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D40%2526e%253D1

chrome.exe

Remote address:

142.251.36.46:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.58.4%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D40%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D40%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=511=nrD-PklfanTcwpekwlUYcCEqXpgO6wrGowDINkg2pZs-b9AD9ZZmN4tp4lBiL-3v5jlUfb16o565VAjVG0PaD4ohEeJYcnonIjDbXX21hYPQZmHNVJn4dvFB5UHBuMWfCiBboM3i39bK-6w3tj-ZXJ_vSe5Z-xy3e_XKiwGm1YA
GET

https://encrypted-tbn3.gstatic.com/favicon-tbn?q=tbn:ANd9GcSVg_8FJWgm-ajirsJgYru5F526yF-cOdA9deYf4M7SsAHpzocHphv9hstyvJeRi5E-4_ZHtes6xre0EkK0ZZP057nHI1Eh_UPNWFw

chrome.exe

Remote address:

142.251.36.46:443

Request

GET /favicon-tbn?q=tbn:ANd9GcSVg_8FJWgm-ajirsJgYru5F526yF-cOdA9deYf4M7SsAHpzocHphv9hstyvJeRi5E-4_ZHtes6xre0EkK0ZZP057nHI1Eh_UPNWFw HTTP/2.0
host: encrypted-tbn3.gstatic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

youtube.com

chrome.exe

Remote address:

8.8.8.8:53

Request

youtube.com

IN A

Response

youtube.com

IN A

216.58.214.14
DNS

youtube.com

chrome.exe

Remote address:

8.8.8.8:53

Request

youtube.com

IN A

Response

youtube.com

IN A

216.58.214.14
GET

https://youtube.com/

chrome.exe

Remote address:

216.58.214.14:443

Request

GET / HTTP/2.0
host: youtube.com
pragma: no-cache
cache-control: no-cache
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CNnkygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

46.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.36.251.142.in-addr.arpa

IN PTR

Response

46.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f141e100net
DNS

14.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.214.58.216.in-addr.arpa

IN PTR

Response

14.214.58.216.in-addr.arpa

IN PTR

ams17s09-in-f141e100net

14.214.58.216.in-addr.arpa

IN PTR

lhr26s05-in-f14�H

14.214.58.216.in-addr.arpa

IN PTR

�_
DNS

14.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.214.58.216.in-addr.arpa

IN PTR

Response

14.214.58.216.in-addr.arpa

IN PTR

ams17s09-in-f141e100net

14.214.58.216.in-addr.arpa

IN PTR

lhr26s05-in-f14�H

14.214.58.216.in-addr.arpa

IN PTR

�_
DNS

assets.msn.com

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgekey.net

assets.msn.com.edgekey.net

IN CNAME

e28578.d.akamaiedge.net

e28578.d.akamaiedge.net

IN A

95.101.143.162

e28578.d.akamaiedge.net

IN A

95.101.143.242

e28578.d.akamaiedge.net

IN A

95.101.143.155

e28578.d.akamaiedge.net

IN A

95.101.143.240

e28578.d.akamaiedge.net

IN A

95.101.143.169

e28578.d.akamaiedge.net

IN A

95.101.143.227

e28578.d.akamaiedge.net

IN A

95.101.143.243

e28578.d.akamaiedge.net

IN A

95.101.143.163

e28578.d.akamaiedge.net

IN A

95.101.143.160
DNS

assets.msn.com

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgekey.net

assets.msn.com.edgekey.net

IN CNAME

e28578.d.akamaiedge.net

e28578.d.akamaiedge.net

IN A

95.101.143.162

e28578.d.akamaiedge.net

IN A

95.101.143.242

e28578.d.akamaiedge.net

IN A

95.101.143.155

e28578.d.akamaiedge.net

IN A

95.101.143.240

e28578.d.akamaiedge.net

IN A

95.101.143.169

e28578.d.akamaiedge.net

IN A

95.101.143.227

e28578.d.akamaiedge.net

IN A

95.101.143.243

e28578.d.akamaiedge.net

IN A

95.101.143.163

e28578.d.akamaiedge.net

IN A

95.101.143.160
GET

https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=c8039da3-5dcd-4f38-a5e2-e6024b587b78&ocid=windows-windowsShell-feeds&user=m-81279b69b0d24a4e92f189cdcac91583&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

Remote address:

95.101.143.162:443

Request

GET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=c8039da3-5dcd-4f38-a5e2-e6024b587b78&ocid=windows-windowsShell-feeds&user=m-81279b69b0d24a4e92f189cdcac91583&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/2.0
host: assets.msn.com
x-search-account: None
accept-encoding: gzip, deflate
x-device-machineid: {BC929805-684E-4860-BCA8-5ABA63544476}
x-userageclass: Unknown
x-bm-market: US
x-bm-dateformat: M/d/yyyy
x-device-ossku: 48
x-bm-dtz: 0
x-deviceid: 0100B2E609000CC3
x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB
sitename: www.msn.com
x-bm-theme: 000000;0078d7
muid: 81279B69B0D24A4E92F189CDCAC91583
x-agent-deviceid: 0100B2E609000CC3
x-bm-onlinesearchdisabled: true
x-bm-cbt: 1680346963
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
x-device-isoptin: false
accept-language: en-US, en
x-device-touch: false
x-device-clientsession: 7DCDB8442E2944CC83EB8664A6697129
cookie: MUID=81279B69B0D24A4E92F189CDCAC91583

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: *.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: Nowcast_cold:1;TeaserTemp_cold:1;SportsMatch_all:1;WildFire_cold:1;SevereWeather_cold:1;partialResponse:1;TeaserVisibility_cold:1;coldStart:1;coldStartUpsell:1;lowC:0;lowT:0
ddd-feednewsitemcount: 0
x-wpo-activityid: 0FDE95DB-3259-4A33-ABC4-8088AA10F5B2|2023-04-01T09:03:02.7202970Z|fabric:/wpo|WEU|WPO_23
ddd-activityid: 0fde95db-3259-4a33-abc4-8088aa10f5b2
ddd-strategyexecutionlatency: 00:00:00.4980502
ddd-debugid: 0fde95db-3259-4a33-abc4-8088aa10f5b2|2023-04-01T09:03:02.7261207Z|fabric:/winfeed|WEU|WinFeed_270
onewebservicelatency: 500
x-msedge-responseinfo: 500
x-ceto-ref: 6427f346a01e4364b9cda875a885deac|2023-04-01T09:03:02.223Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
expires: Sat, 01 Apr 2023 09:03:02 GMT
date: Sat, 01 Apr 2023 09:03:02 GMT
content-length: 16999
akamai-request-bc: [a=95.101.143.158,b=154021625,c=g,n=GB_EN_LONDON,o=20940],[a=20.23.114.34,c=o]
server-timing: clientrtt; dur=42, clienttt; dur=512, origin; dur=511 , cdntime; dur=1
akamai-cache-status: Miss from child
akamai-server-ip: 95.101.143.158
akamai-request-id: 92e2ef9
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
timing-allow-origin: *
vary: Origin
DNS

76.38.195.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.38.195.152.in-addr.arpa

IN PTR

Response
DNS

76.38.195.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.38.195.152.in-addr.arpa

IN PTR

Response
DNS

162.143.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.143.101.95.in-addr.arpa

IN PTR

Response

162.143.101.95.in-addr.arpa

IN PTR

a95-101-143-162deploystaticakamaitechnologiescom
DNS

yt3.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

yt3.googleusercontent.com

IN A

Response

yt3.googleusercontent.com

IN A

142.251.36.33
DNS

yt3.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

yt3.googleusercontent.com

IN A

Response

yt3.googleusercontent.com

IN A

142.251.36.33
DNS

encrypted-tbn3.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

encrypted-tbn3.gstatic.com

IN A

Response

encrypted-tbn3.gstatic.com

IN A

142.251.36.46
DNS

encrypted-tbn3.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

encrypted-tbn3.gstatic.com

IN A

Response

encrypted-tbn3.gstatic.com

IN A

142.251.36.46
DNS

encrypted-tbn2.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

encrypted-tbn2.gstatic.com

IN A

Response

encrypted-tbn2.gstatic.com

IN A

142.251.36.14
DNS

encrypted-tbn2.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

encrypted-tbn2.gstatic.com

IN A

Response

encrypted-tbn2.gstatic.com

IN A

142.251.36.14
GET

https://yt3.googleusercontent.com/sSfFPTPebnH0gkM9FjP6qCMYM1_s6TJd9_LCK_iQrzd7RuYMkk3wFSFbtGeigQr75C8sx7OL=s176-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.251.36.33:443

Request

GET /sSfFPTPebnH0gkM9FjP6qCMYM1_s6TJd9_LCK_iQrzd7RuYMkk3wFSFbtGeigQr75C8sx7OL=s176-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.googleusercontent.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn2.gstatic.com/favicon-tbn?q=tbn:ANd9GcQW6GbBsrHhHb8wdzStQTuJ8dfNkgWmpUQxjY3Z1o0VbUsCWS6vbkF6-X2N_8L7Jcvk6-EIyl6q9hMlk1RteLBwIhFT6ilD3-fORw

chrome.exe

Remote address:

142.251.36.14:443

Request

GET /favicon-tbn?q=tbn:ANd9GcQW6GbBsrHhHb8wdzStQTuJ8dfNkgWmpUQxjY3Z1o0VbUsCWS6vbkF6-X2N_8L7Jcvk6-EIyl6q9hMlk1RteLBwIhFT6ilD3-fORw HTTP/2.0
host: encrypted-tbn2.gstatic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNnkygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

14.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.36.251.142.in-addr.arpa

IN PTR

Response

14.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f141e100net
DNS

33.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.36.251.142.in-addr.arpa

IN PTR

Response

33.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f11e100net
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.206
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.206
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

142.250.179.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

206.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.179.250.142.in-addr.arpa

IN PTR

Response

206.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f141e100net
DNS

206.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.179.250.142.in-addr.arpa

IN PTR

Response

206.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f141e100net
DNS

rr4---sn-5hne6nsr.googlevideo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

rr4---sn-5hne6nsr.googlevideo.com

IN A

Response

rr4---sn-5hne6nsr.googlevideo.com

IN CNAME

rr4.sn-5hne6nsr.googlevideo.com

rr4.sn-5hne6nsr.googlevideo.com

IN A

172.217.132.73
POST

https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=251&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=audio%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=764354&dur=50.281&lmt=1651323090743480&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6318224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJR5ocmYgBoh0PfQmNKF8er1WDLCSzjREEhmMoWvH6kuAiEA5anPM87jOkHBnz1howUTweEzdLEyXVSTSmjyraqPUBg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=TSUQxm5Te5vP-fR7&cver=2.20230331.00.00&range=0-65900&rn=2&rbuf=0

chrome.exe

Remote address:

172.217.132.73:443

Request

POST /videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=251&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=audio%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=764354&dur=50.281&lmt=1651323090743480&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6318224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJR5ocmYgBoh0PfQmNKF8er1WDLCSzjREEhmMoWvH6kuAiEA5anPM87jOkHBnz1howUTweEzdLEyXVSTSmjyraqPUBg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=TSUQxm5Te5vP-fR7&cver=2.20230331.00.00&range=0-65900&rn=2&rbuf=0 HTTP/1.1
Host: rr4---sn-5hne6nsr.googlevideo.com
Connection: keep-alive
Content-Length: 2
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://www.youtube.com
X-Client-Data: CNnkygE=
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.youtube.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Sat, 01 Apr 2023 09:03:31 GMT
Expires: Sat, 01 Apr 2023 09:03:31 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1016
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
POST

https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=video%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=998639&dur=50.266&lmt=1651323090744964&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6319224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAL7i-7DJ7NXZD8wCvcs7XYoBwSLzc865dqSlrC4m-VclAiAMKGq1delv8KPq2JddhvpQYOlYoJ1beLqs9CYU5F-2UQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=TSUQxm5Te5vP-fR7&cver=2.20230331.00.00&range=0-69425&rn=1&rbuf=0

chrome.exe

Remote address:

172.217.132.73:443

Request

POST /videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=video%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=998639&dur=50.266&lmt=1651323090744964&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6319224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAL7i-7DJ7NXZD8wCvcs7XYoBwSLzc865dqSlrC4m-VclAiAMKGq1delv8KPq2JddhvpQYOlYoJ1beLqs9CYU5F-2UQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=TSUQxm5Te5vP-fR7&cver=2.20230331.00.00&range=0-69425&rn=1&rbuf=0 HTTP/1.1
Host: rr4---sn-5hne6nsr.googlevideo.com
Connection: keep-alive
Content-Length: 2
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://www.youtube.com
X-Client-Data: CNnkygE=
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.youtube.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
POST

https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=video%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=998639&dur=50.266&lmt=1651323090744964&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6319224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAL7i-7DJ7NXZD8wCvcs7XYoBwSLzc865dqSlrC4m-VclAiAMKGq1delv8KPq2JddhvpQYOlYoJ1beLqs9CYU5F-2UQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=nXAs9hN5le7SliQF&cver=2.20230331.00.00&range=0-69425&rn=3&rbuf=0

chrome.exe

Remote address:

172.217.132.73:443

Request

POST /videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=video%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=998639&dur=50.266&lmt=1651323090744964&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6319224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAL7i-7DJ7NXZD8wCvcs7XYoBwSLzc865dqSlrC4m-VclAiAMKGq1delv8KPq2JddhvpQYOlYoJ1beLqs9CYU5F-2UQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=nXAs9hN5le7SliQF&cver=2.20230331.00.00&range=0-69425&rn=3&rbuf=0 HTTP/1.1
Host: rr4---sn-5hne6nsr.googlevideo.com
Connection: keep-alive
Content-Length: 2
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://www.youtube.com
X-Client-Data: CNnkygE=
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.youtube.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Sat, 01 Apr 2023 09:03:31 GMT
Expires: Sat, 01 Apr 2023 09:03:31 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1094
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
POST

https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=251&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=audio%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=764354&dur=50.281&lmt=1651323090743480&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6318224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJR5ocmYgBoh0PfQmNKF8er1WDLCSzjREEhmMoWvH6kuAiEA5anPM87jOkHBnz1howUTweEzdLEyXVSTSmjyraqPUBg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=nXAs9hN5le7SliQF&cver=2.20230331.00.00&range=0-65900&rn=4&rbuf=0

chrome.exe

Remote address:

172.217.132.73:443

Request

POST /videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=251&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=audio%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=764354&dur=50.281&lmt=1651323090743480&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6318224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJR5ocmYgBoh0PfQmNKF8er1WDLCSzjREEhmMoWvH6kuAiEA5anPM87jOkHBnz1howUTweEzdLEyXVSTSmjyraqPUBg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=nXAs9hN5le7SliQF&cver=2.20230331.00.00&range=0-65900&rn=4&rbuf=0 HTTP/1.1
Host: rr4---sn-5hne6nsr.googlevideo.com
Connection: keep-alive
Content-Length: 2
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://www.youtube.com
X-Client-Data: CNnkygE=
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.youtube.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Last-Modified: Sat, 30 Apr 2022 12:51:30 GMT
Content-Type: audio/webm
Date: Sat, 01 Apr 2023 09:03:32 GMT
Expires: Sat, 01 Apr 2023 09:03:32 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 65901
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
DNS

73.132.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.132.217.172.in-addr.arpa

IN PTR

Response

73.132.217.172.in-addr.arpa

IN PTR

ams15s38-in-f91e100net
DNS

73.132.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.132.217.172.in-addr.arpa

IN PTR

Response

73.132.217.172.in-addr.arpa

IN PTR

ams15s38-in-f91e100net
DNS

176.122.125.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.122.125.40.in-addr.arpa

IN PTR

Response
DNS

62.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.13.109.52.in-addr.arpa

IN PTR

Response
DNS

62.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.13.109.52.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

142.250.184.227
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.184.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 3089
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

227.184.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.184.250.142.in-addr.arpa

IN PTR

Response

227.184.250.142.in-addr.arpa

IN PTR

fra24s12-in-f31e100net
DNS

227.184.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.184.250.142.in-addr.arpa

IN PTR

Response

227.184.250.142.in-addr.arpa

IN PTR

fra24s12-in-f31e100net

117.18.232.240:80

322 B
7
142.251.39.118:443

https://i.ytimg.com/generate_204

tls, http2

chrome.exe

1.9kB
6.6kB
13
13

HTTP Request

GET https://i.ytimg.com/generate_204
142.250.179.141:443

https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

tls, http2

chrome.exe

2.4kB
7.8kB
17
17

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en
142.251.36.34:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

chrome.exe

2.1kB
6.9kB
15
15

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
142.250.179.138:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

chrome.exe

2.3kB
7.5kB
19
21

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAk8yq_jFOmFmxIFDfGjW-M=?alt=proto

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.179.193:443

https://yt3.ggpht.com/ewC1nleORkp8FkJpZrDPrqmVry6JHkUV_1eWuYFLlXTJGaoQ0v0qn1YLdZcpffMaRJrMMYIT5_U=s68-c-k-c0x00ffffff-no-rj

tls, http2

chrome.exe

3.6kB
28.3kB
32
33

HTTP Request

GET https://yt3.ggpht.com/ytc/AL5GRJX7mt9tgRop-KWJT1DImzRMtHlbrhFswrz9TzM2=s68-c-k-c0x00ffffff-no-rj

HTTP Request

GET https://yt3.ggpht.com/4B8hZO5fbUHQWZGnkONyEU1RdjxW3e2AGBPqsiFKwTnIWMk0s918_-ZPOFMXlwa7zbqZV92p8g=s68-c-k-c0x00ffffff-no-rj

HTTP Request

GET https://yt3.ggpht.com/uUfOrEH3ZGDTadl_LVSJlBSQrjZ96CMbIZMUtUeqJhHvgM7xcykdgysscHTd3XALYPVLHelmKg=s68-c-k-c0x00ffffff-no-rj

HTTP Request

GET https://yt3.ggpht.com/ytc/AL5GRJVYGr9N2OMipadt0RX2JMp0nEJNBMxLIQL3BEje=s68-c-k-c0x00ffffff-no-rj

HTTP Request

GET https://yt3.ggpht.com/urlPpKwSAU5dPhs3Ru5CH4vjCUhbeeZ57WP_00Unxj79HpXQCGaup-L5yLff5fhQecGpzVJjhw=s68-c-k-c0x00ffffff-no-rj

HTTP Request

GET https://yt3.ggpht.com/ewC1nleORkp8FkJpZrDPrqmVry6JHkUV_1eWuYFLlXTJGaoQ0v0qn1YLdZcpffMaRJrMMYIT5_U=s68-c-k-c0x00ffffff-no-rj
142.250.179.193:443

yt3.ggpht.com

tls, http2

chrome.exe

1.0kB
9.8kB
10
11
142.250.179.193:443

yt3.ggpht.com

tls, http2

chrome.exe

1.0kB
9.8kB
10
11
142.250.179.193:443

yt3.ggpht.com

tls, http2

chrome.exe

1.0kB
9.8kB
10
11
142.250.179.193:443

yt3.ggpht.com

tls, http2

chrome.exe

1.0kB
9.8kB
10
11
142.250.179.193:443

yt3.ggpht.com

tls, http2

chrome.exe

1.0kB
9.8kB
10
11
142.250.179.198:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

chrome.exe

2.1kB
6.9kB
16
14

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
142.251.39.110:443

https://suggestqueries-clients6.youtube.com/complete/search?client=youtube&hl=en&gl=us&sugexp=qsatc5%2Cytpo.bo.me%3D0%2Cytposo.bo.me%3D0%2Cytpo.bo.ei%3D45358233%2Cytposo.bo.ei%3D45358233%2Ccfro%3D1%2Cytpo.bo.me%3D1%2Cytposo.bo.me%3D1%2Cytpo.bo.ei%3D45359209%2Cytposo.bo.ei%3D45359209&gs_rn=64&gs_ri=youtube&ds=yt&cp=1&gs_id=6&q=r&xhr=t&xssi=t

tls, http2

chrome.exe

2.1kB
10.0kB
17
18

HTTP Request

OPTIONS https://suggestqueries-clients6.youtube.com/complete/search?client=youtube&hl=en&gl=us&sugexp=qsatc5%2Cytpo.bo.me%3D0%2Cytposo.bo.me%3D0%2Cytpo.bo.ei%3D45358233%2Cytposo.bo.ei%3D45358233%2Ccfro%3D1%2Cytpo.bo.me%3D1%2Cytposo.bo.me%3D1%2Cytpo.bo.ei%3D45359209%2Cytposo.bo.ei%3D45359209&gs_rn=64&gs_ri=youtube&ds=yt&cp=1&gs_id=6&q=r&xhr=t&xssi=t
142.251.36.46:443

https://encrypted-tbn3.gstatic.com/favicon-tbn?q=tbn:ANd9GcSVg_8FJWgm-ajirsJgYru5F526yF-cOdA9deYf4M7SsAHpzocHphv9hstyvJeRi5E-4_ZHtes6xre0EkK0ZZP057nHI1Eh_UPNWFw

tls, http2

chrome.exe

3.0kB
11.4kB
19
25

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.58.4%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D40%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D40%2526e%253D1

HTTP Request

GET https://encrypted-tbn3.gstatic.com/favicon-tbn?q=tbn:ANd9GcSVg_8FJWgm-ajirsJgYru5F526yF-cOdA9deYf4M7SsAHpzocHphv9hstyvJeRi5E-4_ZHtes6xre0EkK0ZZP057nHI1Eh_UPNWFw
216.58.214.14:443

https://youtube.com/

tls, http2

chrome.exe

2.0kB
9.6kB
14
18

HTTP Request

GET https://youtube.com/
95.101.143.162:443

https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=c8039da3-5dcd-4f38-a5e2-e6024b587b78&ocid=windows-windowsShell-feeds&user=m-81279b69b0d24a4e92f189cdcac91583&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

tls, http2

2.5kB
26.8kB
18
31

HTTP Request

GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=c8039da3-5dcd-4f38-a5e2-e6024b587b78&ocid=windows-windowsShell-feeds&user=m-81279b69b0d24a4e92f189cdcac91583&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

HTTP Response

200
52.152.110.14:443

260 B
5
142.251.36.33:443

https://yt3.googleusercontent.com/sSfFPTPebnH0gkM9FjP6qCMYM1_s6TJd9_LCK_iQrzd7RuYMkk3wFSFbtGeigQr75C8sx7OL=s176-c-k-c0x00ffffff-no-rj

tls, http2

chrome.exe

2.9kB
26.6kB
21
28

HTTP Request

GET https://yt3.googleusercontent.com/sSfFPTPebnH0gkM9FjP6qCMYM1_s6TJd9_LCK_iQrzd7RuYMkk3wFSFbtGeigQr75C8sx7OL=s176-c-k-c0x00ffffff-no-rj
142.251.36.14:443

https://encrypted-tbn2.gstatic.com/favicon-tbn?q=tbn:ANd9GcQW6GbBsrHhHb8wdzStQTuJ8dfNkgWmpUQxjY3Z1o0VbUsCWS6vbkF6-X2N_8L7Jcvk6-EIyl6q9hMlk1RteLBwIhFT6ilD3-fORw

tls, http2

chrome.exe

2.7kB
7.0kB
16
15

HTTP Request

GET https://encrypted-tbn2.gstatic.com/favicon-tbn?q=tbn:ANd9GcQW6GbBsrHhHb8wdzStQTuJ8dfNkgWmpUQxjY3Z1o0VbUsCWS6vbkF6-X2N_8L7Jcvk6-EIyl6q9hMlk1RteLBwIhFT6ilD3-fORw
13.69.239.74:443

322 B
7
142.250.179.206:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

chrome.exe

1.7kB
8.4kB
14
15

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
117.18.232.240:80

276 B
6
117.18.232.240:80

276 B
6
172.217.132.73:443

https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=251&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=audio%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=764354&dur=50.281&lmt=1651323090743480&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6318224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJR5ocmYgBoh0PfQmNKF8er1WDLCSzjREEhmMoWvH6kuAiEA5anPM87jOkHBnz1howUTweEzdLEyXVSTSmjyraqPUBg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=TSUQxm5Te5vP-fR7&cver=2.20230331.00.00&range=0-65900&rn=2&rbuf=0

tls, http

chrome.exe

3.0kB
7.7kB
12
9

HTTP Request

POST https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=251&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=audio%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=764354&dur=50.281&lmt=1651323090743480&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6318224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJR5ocmYgBoh0PfQmNKF8er1WDLCSzjREEhmMoWvH6kuAiEA5anPM87jOkHBnz1howUTweEzdLEyXVSTSmjyraqPUBg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=TSUQxm5Te5vP-fR7&cver=2.20230331.00.00&range=0-65900&rn=2&rbuf=0

HTTP Response

200
172.217.132.73:443

https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=video%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=998639&dur=50.266&lmt=1651323090744964&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6319224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAL7i-7DJ7NXZD8wCvcs7XYoBwSLzc865dqSlrC4m-VclAiAMKGq1delv8KPq2JddhvpQYOlYoJ1beLqs9CYU5F-2UQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=TSUQxm5Te5vP-fR7&cver=2.20230331.00.00&range=0-69425&rn=1&rbuf=0

tls, http

chrome.exe

4.9kB
5.6kB
10
9

HTTP Request

POST https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=video%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=998639&dur=50.266&lmt=1651323090744964&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6319224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAL7i-7DJ7NXZD8wCvcs7XYoBwSLzc865dqSlrC4m-VclAiAMKGq1delv8KPq2JddhvpQYOlYoJ1beLqs9CYU5F-2UQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=TSUQxm5Te5vP-fR7&cver=2.20230331.00.00&range=0-69425&rn=1&rbuf=0
172.217.132.73:443

https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=video%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=998639&dur=50.266&lmt=1651323090744964&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6319224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAL7i-7DJ7NXZD8wCvcs7XYoBwSLzc865dqSlrC4m-VclAiAMKGq1delv8KPq2JddhvpQYOlYoJ1beLqs9CYU5F-2UQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=nXAs9hN5le7SliQF&cver=2.20230331.00.00&range=0-69425&rn=3&rbuf=0

tls, http

chrome.exe

3.1kB
7.8kB
12
10

HTTP Request

POST https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=video%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=998639&dur=50.266&lmt=1651323090744964&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6319224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAL7i-7DJ7NXZD8wCvcs7XYoBwSLzc865dqSlrC4m-VclAiAMKGq1delv8KPq2JddhvpQYOlYoJ1beLqs9CYU5F-2UQ%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=nXAs9hN5le7SliQF&cver=2.20230331.00.00&range=0-69425&rn=3&rbuf=0

HTTP Response

200
172.217.132.73:443

https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=251&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=audio%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=764354&dur=50.281&lmt=1651323090743480&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6318224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJR5ocmYgBoh0PfQmNKF8er1WDLCSzjREEhmMoWvH6kuAiEA5anPM87jOkHBnz1howUTweEzdLEyXVSTSmjyraqPUBg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=nXAs9hN5le7SliQF&cver=2.20230331.00.00&range=0-65900&rn=4&rbuf=0

tls, http

chrome.exe

4.1kB
74.6kB
36
59

HTTP Request

POST https://rr4---sn-5hne6nsr.googlevideo.com/videoplayback?expire=1680361411&ei=Y_MnZIStDP2Px_AP_Z-m6AE&ip=154.61.71.13&id=o-AA4-PTIQBcHR2axvAxc2bBHIRpiPcW703OhTyxOAUBkc&itag=251&source=youtube&requiressl=yes&mh=3Z&mm=31%2C29&mn=sn-5hne6nsr%2Csn-5hnekn76&ms=au%2Crdu&mv=u&mvi=4&pl=24&ctier=SH&spc=99c5Cb4q_y9r1O5uagugew8Rs4CCDSY&vprv=1&mime=audio%2Fwebm&ns=IPHbveZAL-Fq6PSIm7ALvNcM&gir=yes&clen=764354&dur=50.281&lmt=1651323090743480&mt=1680338845&fvip=5&keepalive=yes&fexp=24007246&c=WEB&txp=6318224&n=1n8ql-pkWHPeRA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cctier%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJR5ocmYgBoh0PfQmNKF8er1WDLCSzjREEhmMoWvH6kuAiEA5anPM87jOkHBnz1howUTweEzdLEyXVSTSmjyraqPUBg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgX40eqFI-asByBwNoT1Ic9EvvqcE6Obgpvb2Ciu7Oo54CIG0KGW7h1sFm7zuqk4G9MxEszpPjyhxZmfJQfFCeG_f_&alr=yes&cpn=nXAs9hN5le7SliQF&cver=2.20230331.00.00&range=0-65900&rn=4&rbuf=0

HTTP Response

200
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
131.253.33.203:80

322 B
7
142.250.184.227:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

8.1kB
7.2kB
19
17

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
142.250.179.141:443

accounts.google.com

tls, http2

chrome.exe

953 B
5.8kB
8
8

8.8.8.8:53

113.208.253.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

113.208.253.8.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

i.ytimg.com

dns

chrome.exe

57 B
153 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.251.39.118

142.250.179.150

142.251.36.54

142.250.179.182

142.250.179.214

142.251.36.22
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.179.141
8.8.8.8:53

250.255.255.239.in-addr.arpa

dns

74 B
131 B
1
1

DNS Request

250.255.255.239.in-addr.arpa
8.8.8.8:53

10.214.58.216.in-addr.arpa

dns

72 B
155 B
1
1

DNS Request

10.214.58.216.in-addr.arpa
8.8.8.8:53

206.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.168.217.172.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

118.39.251.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

118.39.251.142.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
142.250.179.141:443

accounts.google.com

https

chrome.exe

3.5kB
10.7kB
15
18
8.8.8.8:53

141.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

141.179.250.142.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

chrome.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.251.36.34
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
237 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.179.138

142.251.36.42

172.217.168.234

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106

172.217.168.202

216.58.208.106

216.58.214.10
142.251.36.34:443

googleads.g.doubleclick.net

https

chrome.exe

3.7kB
7.4kB
8
11
8.8.8.8:53

34.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

34.36.251.142.in-addr.arpa
8.8.8.8:53

138.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

138.179.250.142.in-addr.arpa
8.8.8.8:53

yt3.ggpht.com

dns

chrome.exe

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.179.193
142.251.39.118:443

i.ytimg.com

https

chrome.exe

13.0kB
442.0kB
119
397
8.8.8.8:53

100.39.251.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

100.39.251.142.in-addr.arpa
8.8.8.8:53

193.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

193.179.250.142.in-addr.arpa
8.8.8.8:53

jnn-pa.googleapis.com

dns

chrome.exe

67 B
195 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

216.58.214.10

142.250.179.138

142.251.36.42

172.217.168.234

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106
8.8.8.8:53

static.doubleclick.net

dns

chrome.exe

136 B
168 B
2
2

DNS Request

static.doubleclick.net

DNS Response

142.250.179.198

DNS Request

static.doubleclick.net

DNS Response

142.250.179.198
8.8.8.8:53

suggestqueries-clients6.youtube.com

dns

chrome.exe

81 B
97 B
1
1

DNS Request

suggestqueries-clients6.youtube.com

DNS Response

142.251.39.110
142.251.39.110:443

suggestqueries-clients6.youtube.com

https

chrome.exe

6.8kB
13.8kB
36
41
142.251.39.110:443

suggestqueries-clients6.youtube.com

https

chrome.exe

8.0kB
13.4kB
50
59
8.8.8.8:53

198.179.250.142.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

198.179.250.142.in-addr.arpa

DNS Request

198.179.250.142.in-addr.arpa
8.8.8.8:53

110.39.251.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

110.39.251.142.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.251.36.46
8.8.8.8:53

youtube.com

dns

chrome.exe

114 B
146 B
2
2

DNS Request

youtube.com

DNS Response

216.58.214.14

DNS Request

youtube.com

DNS Response

216.58.214.14
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

146 B
318 B
2
2

DNS Request

228.249.119.40.in-addr.arpa

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

46.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

46.36.251.142.in-addr.arpa
8.8.8.8:53

14.214.58.216.in-addr.arpa

dns

144 B
310 B
2
2

DNS Request

14.214.58.216.in-addr.arpa

DNS Request

14.214.58.216.in-addr.arpa
142.250.179.193:443

yt3.ggpht.com

https

chrome.exe

4.5kB
27.8kB
18
28
8.8.8.8:53

assets.msn.com

dns

120 B
556 B
2
2

DNS Request

assets.msn.com

DNS Response

95.101.143.162

95.101.143.242

95.101.143.155

95.101.143.240

95.101.143.169

95.101.143.227

95.101.143.243

95.101.143.163

95.101.143.160

DNS Request

assets.msn.com

DNS Response

95.101.143.162

95.101.143.242

95.101.143.155

95.101.143.240

95.101.143.169

95.101.143.227

95.101.143.243

95.101.143.163

95.101.143.160
8.8.8.8:53

76.38.195.152.in-addr.arpa

dns

144 B
286 B
2
2

DNS Request

76.38.195.152.in-addr.arpa

DNS Request

76.38.195.152.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

162.143.101.95.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

162.143.101.95.in-addr.arpa
8.8.8.8:53

yt3.googleusercontent.com

dns

chrome.exe

142 B
174 B
2
2

DNS Request

yt3.googleusercontent.com

DNS Response

142.251.36.33

DNS Request

yt3.googleusercontent.com

DNS Response

142.251.36.33
8.8.8.8:53

encrypted-tbn3.gstatic.com

dns

chrome.exe

144 B
176 B
2
2

DNS Request

encrypted-tbn3.gstatic.com

DNS Response

142.251.36.46

DNS Request

encrypted-tbn3.gstatic.com

DNS Response

142.251.36.46
8.8.8.8:53

encrypted-tbn2.gstatic.com

dns

chrome.exe

144 B
176 B
2
2

DNS Request

encrypted-tbn2.gstatic.com

DNS Request

encrypted-tbn2.gstatic.com

DNS Response

142.251.36.14

DNS Response

142.251.36.14
8.8.8.8:53

14.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

14.36.251.142.in-addr.arpa
8.8.8.8:53

33.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

33.36.251.142.in-addr.arpa
8.8.8.8:53

play.google.com

dns

chrome.exe

122 B
154 B
2
2

DNS Request

play.google.com

DNS Request

play.google.com

DNS Response

142.250.179.206

DNS Response

142.250.179.206
142.250.179.206:443

play.google.com

https

chrome.exe

5.0kB
7.2kB
9
11
8.8.8.8:53

206.179.250.142.in-addr.arpa

dns

148 B
226 B
2
2

DNS Request

206.179.250.142.in-addr.arpa

DNS Request

206.179.250.142.in-addr.arpa
8.8.8.8:53

rr4---sn-5hne6nsr.googlevideo.com

dns

chrome.exe

79 B
125 B
1
1

DNS Request

rr4---sn-5hne6nsr.googlevideo.com

DNS Response

172.217.132.73
142.250.179.193:443

yt3.ggpht.com

https

chrome.exe

4.0kB
5.3kB
12
11
172.217.132.73:443

rr4---sn-5hne6nsr.googlevideo.com

https

chrome.exe

24.2kB
1.8MB
219
1424
8.8.8.8:53

73.132.217.172.in-addr.arpa

dns

146 B
222 B
2
2

DNS Request

73.132.217.172.in-addr.arpa

DNS Request

73.132.217.172.in-addr.arpa
8.8.8.8:53

176.122.125.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

176.122.125.40.in-addr.arpa
8.8.8.8:53

62.13.109.52.in-addr.arpa

dns

142 B
290 B
2
2

DNS Request

62.13.109.52.in-addr.arpa

DNS Request

62.13.109.52.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

142.250.184.227
8.8.8.8:53

227.184.250.142.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

227.184.250.142.in-addr.arpa

DNS Request

227.184.250.142.in-addr.arpa
142.250.179.141:443

accounts.google.com

https

chrome.exe

4.6kB
8.2kB
10
11

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d1f8f21cdd3467d4bae8bc8d57fb3182

SHA1
8e642b424cdd04c69486dffa51c934cc85e3fd41

SHA256
e5ca22dfea1a11933a2699d0cddbaf40560d35822c980d49394a7d080483331d

SHA512
208d46cfa207bf19dd9bce57d2171a81be74a1bdde83ff712fa258ff48382e052fc53e09ceb250703bffdf4b0bd1864f2b27c910948d77d4e4d84085e0a04040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
3a4b31fad73797a6886b5b81bf576954

SHA1
7c391ae61ef91222c3a322b7ffdc28377c570916

SHA256
96aae7c989a8d176216880be4a2f4214d42fbca4ed2addfddb82a755892848ac

SHA512
5ccd014decc9f94ace1eae752bf2b195668b3a4df03c944c2cc37c3821c24bf2c9a612686653fcfcd47766b3b4a5edf3d1548c3de6a493c34871e9bd347df87f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0f26fda3577ac6ed91dfd4dfdae50961

SHA1
2351bfad7a119757cbaf2420314b55b1c6c42e84

SHA256
d7974cd2753cf844da6da8079dc0b695dd15a6306644cb43797dee67538e456c

SHA512
005fa57397c01a2a422aa8906950f8f1a7e2f81175b38eaa12fb4a053f40da9220e574e7ae374f1872480c503b77de18bb97d31e89ca2e6c2f9f5496a94716ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
cc3ce6a3c9c35c43fc4699bd02dcda65

SHA1
d244dae0b1b297c965d6994d88e487e47fc05355

SHA256
2cfeca21c854e65b06fa3b1a57463cc247916441d6034ff37f7b8f06fbb00c06

SHA512
ff6dbc68c1f0c02a01f9e98ddecb4411ff43ad0b60f253fa2d4c4950f877d12db4ec4b0f274b3f65909ba9ceac8b7b37a60e865545b79131fd82dd21d7acb09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
362135e0be278959e6c1f03763d9a1e1

SHA1
3b7e07791a8742758eded3d0746b6c1bb4386751

SHA256
ea85623f323b93d57719ef195107dbb52a9ab98f40563b6eb5aa42358f20ea0f

SHA512
99cbdb6e02437ce46b7cbc20aed84595b1d628726ec51156a0ee62416a84ea91fa6a55abd9f1b2d17ead1bd88bc1a70769c50ad6041e67b97990a87eaf5140f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9a8f517f24749dca5eff142173247f68

SHA1
92f8cb2c751c795fdb3f60bdeed228405425c999

SHA256
f7fb702c96304f5ad3cf8c5054e35c3b8ee12edefd9e482562ca2c9c2db970b9

SHA512
a12e13f3492ba1ddea51e3190ab19700020f14c9a09ed479c75c1cc9eb7dfcade62bf98cfeac60ec0b78d971703c8160ed315b9aa12c1040f5200b4915540430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1cbc840947419d5e5e72277ec9b2346

SHA1
97b451fe932d138331edb7bb89e85056cf9c7314

SHA256
f14bd8b29986547336b097ddfeb5a15412e867c2ab579319c4ceb6d6a9688b1d

SHA512
bf65b84293faced6cdd574d60bad7c669ba7fa2ddbf051f01e55d68b794bf80335006e70794aa70fefeb42decb95a4e2ca4db4b768a86a799df532c2e83363b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
92487cba274be865c28e49f21696ad39

SHA1
d62b43e4243b4a1359be51870feda322a0c6dcbb

SHA256
80dd9a24753cf4db29489deb8c91680c315721e9b2c76b54f95a61aeb5fa1343

SHA512
536d3b2160712013605abae68646b8cfa5d21ed67a5f3ebd95febd576c6582a7df4b855d1ebcd764aace5104b563687d489f856784340e1c168a3a3447861794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
163313bb8fc3f0679005f0a0926da75f

SHA1
4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80

SHA256
e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4

SHA512
192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
817a0acec8ae31e7660d112b05a1f9ca

SHA1
2fe9d2946b574ea98b675ab692f54347c280363c

SHA256
636d021b2c8095160f8e596df83ad4a4c1475c452749a3c35aea3ea449651d6c

SHA512
b9b1aa37bf14f391784a815427439ff60994a11843c61e3a54c698c37c7d209e6c6c0e3dea0e72e1ba86414d2aea7fa120d7f6209502c8b467e9e1b38ae7fa47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59f45cf0-4c38-4b75-84ce-b8dbdc5e3020\d5723baa59c92c1b_0

Filesize
2KB

MD5
72b4f8185efbebb2bbdb2aa9bbfc622a

SHA1
e4cc696df154711644e165ac93cc22c8c8a39a38

SHA256
7aeba1431c1dc54547fbdd2f46cfa665f48f813924cbd96c39af2d6d3ef379f7

SHA512
a75679a11eb05c51771a647763134581b9d68b2e9103e367ea2f7b7184e1fec2a40a6db21c0bef9c267a3fad6838a7bd41b958554f7497ba1b8bbd5807aa4fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59f45cf0-4c38-4b75-84ce-b8dbdc5e3020\index-dir\the-real-index

Filesize
624B

MD5
9f938372c7b3d99137da7df58539d7a9

SHA1
e5b321e269f06fddf0c42feb9719e470562cee44

SHA256
8dc7f31a41b40982c9cd71202b39165f866f3517aa8e9020c3a7e8174aad3d81

SHA512
214fd00e39fe3985f08dd56262b79cda5f56a1dd82b8f7ebe9e69e5a5ae4599158b0f8e829916fa8627da3d7c002e0409b8414d6d5a6c2592983e1f789b4c602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59f45cf0-4c38-4b75-84ce-b8dbdc5e3020\index-dir\the-real-index~RFe56e40c.TMP

Filesize
48B

MD5
811bc1ed17b725b1b725bdefd45c1527

SHA1
74806f063658fd3affa3767c5b3b1225a85cd43d

SHA256
7079cc5cc93dbfe2edcec212a33bad85dd9ecf961902650c03a7f419b8e5ca77

SHA512
66929c7583faae37fae0232b25c00172e4c4b96e10f94e43835204b2339c44d396218eee858fcd1052cb1d9bd38ff7e3e70544294767fd7c9d40a942bdf14546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
8f1de186e00a9ac39f29de7f65333e2e

SHA1
35a5e84a3951bbb71bb4bfa5c0677460449b7a9c

SHA256
a727a925104b00a7c982d9d7fb10e313be876bad82383638246bf2d3587ebbd5

SHA512
041fff00753b3015320ef7b5eb409795cec0acf25d61f7d66c455898dea455c67a81ac88c4597c3c10302d2a980ed7cc7bf8c01211cbf8fe26c984bd8bb33533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
01eb2aa9bb537b335242811e197bc2fa

SHA1
227e6c8a9c9b290778bf84069db1b4f3fe5d2693

SHA256
3454cf122e0faba64e104e7d12e0331ee7f0ec5e06d109fbde36f9bccc6eb4eb

SHA512
7bfaab0e7cdddaf3578a04d6875129c21874c19941bf6c1cbe6b12fe5936e85c64406ac171fea958765cc1f6b7212fec4230d7c0b1a7d6b20ccf07099a1a3901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56809e.TMP

Filesize
120B

MD5
44f9b25aa3289426921309715ccbba87

SHA1
965d38fa2ef7edc85ba338c8f6fca2a8f34c158f

SHA256
252d01afb5ccd7e428f8abecc974d67fc94beaa8cc534501592bebb029dcbd53

SHA512
4721ca86fdcb9ded7c6545886d583d09ab9f1f9006dec582b7a81db3503da5a0ba490ff51e4516daa875a9bdf43c43d0256ac1506bb9f0fb9da8ae40738e2e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fb84009e9416b3635ddc04eaf3812d1e

SHA1
24cab83adc7b2d4787322093544437e0216db917

SHA256
0858077da4aa4fa2d65f3aed1fc43e84ac1ef17a00c2e648fec76d003e14e907

SHA512
c6724dc7c5d41ae402ed5811c46f04e7f2a0a36c9f28a69ce57b62f65f1affec0c92e776533692d633acd4f40f9de309c80a41600d31b47bc31c1ccd01076887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56d15e.TMP

Filesize
48B

MD5
a0b815c4dbd520c3e2982a8c04e808a8

SHA1
1d86c9e9c7cad087a3be90023be36021d153bc90

SHA256
cc16fedd806b749b665fa0c82d6435edc71c9a4aeb03d5738754b138e780e89a

SHA512
437195134768141117fe73bd406cc0e0297e528541d22ed855f8ebb57bed279bcf2dfa5481a350d81ad73c76cfac90b47f108b3daa67260f90eef760398e4661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5032_1427837907\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5032_1427837907\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5032_1721349232\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
a344bd92780341f540e5f63cde046d5d

SHA1
99cd2536d956fa8381b0d0f302e49237e15e72cd

SHA256
19d2e1b7bc1f41076710cff096d07f6367bc373e36e037129418bf976d77d6de

SHA512
4e262060bb4c6f3830659e0100f152fd30f2f6fbbf4cd9f7f2b553f74f875f10e4aded0dd8f7f20ba07acc1210f410c70193b02c0e93b5a50979b85a552b8efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
10c838ba8d60f704e8ba02135f3d2952

SHA1
df8b99a5344b973e5a102490f974bc8703fa2cf4

SHA256
00f3d07ff2612894753b9d2e759b9e083a1afe3049821a9719a9d342f6a48574

SHA512
8599e23ae0f20845bf05ed11f63a5c79019a38090fea7773ed7874fce9b9e2aab5e97e9382d7e334ab318315aaa007f7ba973802f358017673776005ab501828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
e7af849001dc6ae2093e20c875ebde20

SHA1
f0082ea2c88dc041fe79abdcd86c31e0fdac6e5e

SHA256
097429688f700d19d750cd8d5c15f3227dd3851eea07cffa3a5e868cb6fb6b23

SHA512
a02822f5f1a2215ef4fcec8144e7b1088643b39cca99e6775af4f48dd3d3af7e169cd7e4e83508a8717dcacdf04bf7cb27ff1aabc73eda576b9c605b9caff212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
114353fc6d46e6fe6d80410278b65242

SHA1
6d93a039dca4aa92017da96f6a73d216aba1d796

SHA256
d9e58ec152c253d8d5bce172395d8e61179ce9ad98482101b4d9f1172f1c3434

SHA512
2e31f48330b48851ce114b9d50c7d8cb645d5795d73a09ae38c2af3f2d2070f9458332a58347fa7a5e806450bc879293cfb625c7884fb96386ea1026e258fc98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
78a2eca886cd98eedade400a693c72b8

SHA1
e0237cad5f7d1b2dcc04d8fbf44a3b6f318457b3

SHA256
cea2b938c63508d6b420c272305a4e7c77ee51bb3669feab214e80cbd8c23928

SHA512
12b1e68cc7dfe70f12fc11952e7834888e647bbde583d65f29cda93ef6a6ba1d6bbfd4c685cebcc9091918841f72b069636e343f247e125169c77163c289d205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
64bdaad8bc47115a1eb4e12dae3bd2a2

SHA1
487862cd141479ec75d36f6d2bdaae2bb95dd00f

SHA256
40985882439df6d4991dba184e2cb9b79b1aa3f4204cf48c920ba92035cbbc98

SHA512
cbcf2a53566676f556338ab3034ec7180eb8cc610194ebc0f8ece684b6b3df645c9c6def3c932c5d6298c6e743662f19b9952ebad9a5c7a093125886699b1030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
80ca318780eb3f66eb13b5add7889fbd

SHA1
dcc8037c355eb1e49c2c5b1e15b03b9fde799e36

SHA256
80729b48f40c190a04c2cc248a2786c2f683b1901c5e6925f3f2ac60cd0ec8f8

SHA512
1e8ed31906f5b4d09f4f0fb22ac2242881732a5365f705d12e21ab5abbad1ff73c5878cee8989fb9c106fece31063296ddbe9aaaf4105a457d25dd0a9005d732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
609946ece6079cb5a859f508c3ffbda6

SHA1
eaa863d0feb2c1b71cfe452579e9ee798a07045d

SHA256
37a7f6a827f34e9936f7ca282e7bfcab092ea45271bcb9d9e9baca2f6cecc5c0

SHA512
eae18571794466f430a32aa27db5297c1357b9f85dc1f29e8ef9f2774ccbb7b65077ce4a2facac2d3924614972f7fcb16b6701d2b0271559fb6a6e504e26398b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57542b.TMP

Filesize
96KB

MD5
66f0858a89a00fcfd9c9d6a25a66b4f0

SHA1
e6e9441e6ce54ded321f3a9e59ffd5264c0155ff

SHA256
b4a10e59c2949fe1947f160d5951cea43ac758be100e773d3ca06020473f98f2

SHA512
0351d0c698f86df44aed60117fd32275f62ed81badf047fc3fb9258acc9c456599943b92c9ad91de89a8fcc93e43ea46719c09a210ec8647093bc8841f194da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request