hxxp://google[.]com

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 17:26 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
2172	msedge.exe
2172	msedge.exe
4000	identity_helper.exe
4000	identity_helper.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1640	2172	msedge.exe	12
PID 2172 wrote to memory of 1640	2172	msedge.exe	12
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 1620	2172	msedge.exe	26
PID 2172 wrote to memory of 884	2172	msedge.exe	16
PID 2172 wrote to memory of 884	2172	msedge.exe	16
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24
PID 2172 wrote to memory of 4552	2172	msedge.exe	24

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67a546f8,0x7ffd67a54708,0x7ffd67a54718
1⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3412064476889805271,12431156924618807802,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

Network

DNS

google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

172.217.169.78
GET

http://google.com/

msedge.exe

Remote address:

172.217.169.78:80

Request

GET / HTTP/1.1
Host: google.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-gHSTQnfrZOtjri_4xQ2K8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Permissions-Policy: unload=()
Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
Date: Tue, 09 Jan 2024 17:32:38 GMT
Expires: Thu, 08 Feb 2024 17:32:38 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
DNS

78.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.169.217.172.in-addr.arpa

IN PTR

Response

78.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f141e100net
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

5.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.181.190.20.in-addr.arpa

IN PTR

Response
DNS

5.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.181.190.20.in-addr.arpa

IN PTR
DNS

5.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.181.190.20.in-addr.arpa

IN PTR
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
GET

http://www.google.com/

msedge.exe

Remote address:

142.250.200.4:80

Request

GET / HTTP/1.1
Host: www.google.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Location: https://www.google.com/?gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-MHG0Vj108UP4Ave7mX8w3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Permissions-Policy: unload=()
Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
Date: Tue, 09 Jan 2024 17:32:41 GMT
Server: gws
Content-Length: 231
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=Ae3NU9MBsm2wjB34lRZNe9pNx6AyPuY6YMcv6zif3uNEW7qxxneJPQT5zA; expires=Sun, 07-Jul-2024 17:32:41 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
DNS

4.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.200.250.142.in-addr.arpa

IN PTR

Response

4.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f41e100net
GET

https://www.google.com/?gws_rd=ssl

msedge.exe

Remote address:

142.250.200.4:443

Request

GET /?gws_rd=ssl HTTP/2.0
host: www.google.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/xjs/_/js/k=xjs.hd.en.A4KoRHOM9VQ.O/am=AAAAAAAAAAAAAAAAAAAAAAAQAAAAIEED4RCADRAAEAAADJAAAgACCAGjEAAOAAQCHsoGAACYAIElMCqAlMAzCQAATUAVQAAAAAAAAAgGRAEEHhAAAIAOACBDIwADEAQUQAAAAADyACA4AAcRBAAAAAAAAAAAACDABMFwQQJQEEAAAAAAAAAAAAAAICVNVBgG/d=1/ed=1/dg=2/rs=ACT90oGy4x0DVWTEO3kGGfAKg_sAMs89Rw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;EnlcNd:WeHg4;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;vfVwPd:lcrkwe;RDNBlf:zPRCJb;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:OZqGte;G6wU6e:hPyGBb;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl

msedge.exe

Remote address:

142.250.200.4:443

Request

GET /xjs/_/js/k=xjs.hd.en.A4KoRHOM9VQ.O/am=AAAAAAAAAAAAAAAAAAAAAAAQAAAAIEED4RCADRAAEAAADJAAAgACCAGjEAAOAAQCHsoGAACYAIElMCqAlMAzCQAATUAVQAAAAAAAAAgGRAEEHhAAAIAOACBDIwADEAQUQAAAAADyACA4AAcRBAAAAAAAAAAAACDABMFwQQJQEEAAAAAAAAAAAAAAICVNVBgG/d=1/ed=1/dg=2/rs=ACT90oGy4x0DVWTEO3kGGfAKg_sAMs89Rw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;EnlcNd:WeHg4;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;vfVwPd:lcrkwe;RDNBlf:zPRCJb;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:OZqGte;G6wU6e:hPyGBb;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=Ae3NU9Or2bQOuspPBFmJEagNf7ZS1Kw2vTlzdxqWv2OA_mt3S2bL6e8Ozig
cookie: __Secure-ENID=17.SE=R2kI7zE8RXZysLqr0nFR3oy1Hfg_-g4yiIuhQkqttmgYLVUB7vsynmkizl44TuFxFD7N1SpJrY45PUzl-495Iq69DeNfS40etfyKUj2fFGfSGBw0P7z8wKmLxT3ETrYCMpjwi9-MKuqVP-lEcl1clcWBvtzwVu9uS5Qx3XHr6WQ
cookie: CONSENT=PENDING+255
POST

https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=OYOdZfWNIqC7hbIPt5mgmAs&rt=wsrt.4151,cbt.44,hst.44&opi=89978449

msedge.exe

Remote address:

142.250.200.4:443

Request

POST /gen_204?s=webhp&t=cap&atyp=csi&ei=OYOdZfWNIqC7hbIPt5mgmAs&rt=wsrt.4151,cbt.44,hst.44&opi=89978449 HTTP/2.0
host: www.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.google.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=Ae3NU9Or2bQOuspPBFmJEagNf7ZS1Kw2vTlzdxqWv2OA_mt3S2bL6e8Ozig
cookie: __Secure-ENID=17.SE=R2kI7zE8RXZysLqr0nFR3oy1Hfg_-g4yiIuhQkqttmgYLVUB7vsynmkizl44TuFxFD7N1SpJrY45PUzl-495Iq69DeNfS40etfyKUj2fFGfSGBw0P7z8wKmLxT3ETrYCMpjwi9-MKuqVP-lEcl1clcWBvtzwVu9uS5Qx3XHr6WQ
cookie: CONSENT=PENDING+255
GET

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

msedge.exe

Remote address:

142.250.200.4:443

Request

GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=Ae3NU9Or2bQOuspPBFmJEagNf7ZS1Kw2vTlzdxqWv2OA_mt3S2bL6e8Ozig
cookie: __Secure-ENID=17.SE=R2kI7zE8RXZysLqr0nFR3oy1Hfg_-g4yiIuhQkqttmgYLVUB7vsynmkizl44TuFxFD7N1SpJrY45PUzl-495Iq69DeNfS40etfyKUj2fFGfSGBw0P7z8wKmLxT3ETrYCMpjwi9-MKuqVP-lEcl1clcWBvtzwVu9uS5Qx3XHr6WQ
cookie: CONSENT=PENDING+255
GET

https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp

msedge.exe

Remote address:

142.250.200.4:443

Request

GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=Ae3NU9Or2bQOuspPBFmJEagNf7ZS1Kw2vTlzdxqWv2OA_mt3S2bL6e8Ozig
cookie: __Secure-ENID=17.SE=R2kI7zE8RXZysLqr0nFR3oy1Hfg_-g4yiIuhQkqttmgYLVUB7vsynmkizl44TuFxFD7N1SpJrY45PUzl-495Iq69DeNfS40etfyKUj2fFGfSGBw0P7z8wKmLxT3ETrYCMpjwi9-MKuqVP-lEcl1clcWBvtzwVu9uS5Qx3XHr6WQ
cookie: CONSENT=PENDING+255
POST

https://www.google.com/gen_204?ei=OYOdZfWNIqC7hbIPt5mgmAs&vet=10ahUKEwi1jtSc69CDAxWgXUEAHbcMCLMQhJAHCBw..s&bl=oZ7B&s=webhp&gl=uk&pc=SEARCH_HOMEPAGE&isMobile=false

msedge.exe

Remote address:

142.250.200.4:443

Request

POST /gen_204?ei=OYOdZfWNIqC7hbIPt5mgmAs&vet=10ahUKEwi1jtSc69CDAxWgXUEAHbcMCLMQhJAHCBw..s&bl=oZ7B&s=webhp&gl=uk&pc=SEARCH_HOMEPAGE&isMobile=false HTTP/2.0
host: www.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.google.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=Ae3NU9Or2bQOuspPBFmJEagNf7ZS1Kw2vTlzdxqWv2OA_mt3S2bL6e8Ozig
cookie: __Secure-ENID=17.SE=R2kI7zE8RXZysLqr0nFR3oy1Hfg_-g4yiIuhQkqttmgYLVUB7vsynmkizl44TuFxFD7N1SpJrY45PUzl-495Iq69DeNfS40etfyKUj2fFGfSGBw0P7z8wKmLxT3ETrYCMpjwi9-MKuqVP-lEcl1clcWBvtzwVu9uS5Qx3XHr6WQ
cookie: CONSENT=PENDING+255
GET

https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=OYOdZfWNIqC7hbIPt5mgmAs&zx=1704821560900&opi=89978449

msedge.exe

Remote address:

142.250.200.4:443

Request

GET /gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=OYOdZfWNIqC7hbIPt5mgmAs&zx=1704821560900&opi=89978449 HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=Ae3NU9Or2bQOuspPBFmJEagNf7ZS1Kw2vTlzdxqWv2OA_mt3S2bL6e8Ozig
cookie: __Secure-ENID=17.SE=R2kI7zE8RXZysLqr0nFR3oy1Hfg_-g4yiIuhQkqttmgYLVUB7vsynmkizl44TuFxFD7N1SpJrY45PUzl-495Iq69DeNfS40etfyKUj2fFGfSGBw0P7z8wKmLxT3ETrYCMpjwi9-MKuqVP-lEcl1clcWBvtzwVu9uS5Qx3XHr6WQ
cookie: CONSENT=PENDING+255
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.179.238
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GsbA68hXs80.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo899t-H8Lxb3OqzMDuPn6TV_i36ag/cb=gapi.loaded_0

msedge.exe

Remote address:

142.250.179.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.GsbA68hXs80.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo899t-H8Lxb3OqzMDuPn6TV_i36ag/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=Ae3NU9Or2bQOuspPBFmJEagNf7ZS1Kw2vTlzdxqWv2OA_mt3S2bL6e8Ozig
cookie: CONSENT=PENDING+255
cookie: __Secure-ENID=17.SE=phabv7nzR3jUE2qke2iibdX4htZxTkopZuJmrNaPNe0Wvhp-QBYPD0HBWwFoaaFL3-pYus52vj0LgS5D7XtV3Fj6vm3fYUGkbwSSNvpIRwvH5g6rajQ5CKBigT78hD7yavL6Sc2kXDBMr3VQBhfuqhewBEG-Xupf_1DlEbg_xPOgHaey4ijdVxNqHhJRzG1v
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR

Response

57.110.18.2.in-addr.arpa

IN PTR

a2-18-110-57deploystaticakamaitechnologiescom
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301097_12A5KDJOE91WSRBSS&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301097_12A5KDJOE91WSRBSS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 263561
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4306B287765E425789B63F8C5BFB205F Ref B: LON04EDGE0909 Ref C: 2024-01-09T17:34:15Z
date: Tue, 09 Jan 2024 17:34:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301085_1YZNFZ5K8SV0HV16D&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301085_1YZNFZ5K8SV0HV16D&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 466306
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E8B639E884174F1785CD214EC3C3386F Ref B: LON04EDGE0909 Ref C: 2024-01-09T17:34:15Z
date: Tue, 09 Jan 2024 17:34:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301518_1R2W2SGAPM8KT8FXA&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301518_1R2W2SGAPM8KT8FXA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 304839
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8DCD39A7389F4259964E22B9CFB7ED7B Ref B: LON04EDGE0909 Ref C: 2024-01-09T17:34:15Z
date: Tue, 09 Jan 2024 17:34:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301530_18PVHZ040UYOWJ1A4&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301530_18PVHZ040UYOWJ1A4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 391164
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C29A4E53FCA4EB8A65FEE7AE4153AF5 Ref B: LON04EDGE0909 Ref C: 2024-01-09T17:34:15Z
date: Tue, 09 Jan 2024 17:34:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 556472
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AEC3CE1BF961415EBD117D2062209310 Ref B: LON04EDGE0909 Ref C: 2024-01-09T17:34:15Z
date: Tue, 09 Jan 2024 17:34:15 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 489903
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CD65BDD070E2475B8C036DD19B059092 Ref B: LON04EDGE0909 Ref C: 2024-01-09T17:34:16Z
date: Tue, 09 Jan 2024 17:34:16 GMT
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR

Response

100.5.17.2.in-addr.arpa

IN PTR

a2-17-5-100deploystaticakamaitechnologiescom
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

206.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.178.17.96.in-addr.arpa

IN PTR

Response

206.178.17.96.in-addr.arpa

IN PTR

a96-17-178-206deploystaticakamaitechnologiescom
DNS

17.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.134.221.88.in-addr.arpa

IN PTR

Response

17.134.221.88.in-addr.arpa

IN PTR

a88-221-134-17deploystaticakamaitechnologiescom
DNS

209.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.178.17.96.in-addr.arpa

IN PTR

Response

209.178.17.96.in-addr.arpa

IN PTR

a96-17-178-209deploystaticakamaitechnologiescom
DNS

4.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.173.189.20.in-addr.arpa

IN PTR

Response
DNS

211.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.178.17.96.in-addr.arpa

IN PTR

Response

211.178.17.96.in-addr.arpa

IN PTR

a96-17-178-211deploystaticakamaitechnologiescom
DNS

211.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.178.17.96.in-addr.arpa

IN PTR
DNS

59.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.134.221.88.in-addr.arpa

IN PTR

Response

59.134.221.88.in-addr.arpa

IN PTR

a88-221-134-59deploystaticakamaitechnologiescom
DNS

210.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.178.17.96.in-addr.arpa

IN PTR

Response

210.178.17.96.in-addr.arpa

IN PTR

a96-17-178-210deploystaticakamaitechnologiescom
DNS

210.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.178.17.96.in-addr.arpa

IN PTR

Response

210.178.17.96.in-addr.arpa

IN PTR

a96-17-178-210deploystaticakamaitechnologiescom

172.217.169.78:80

http://google.com/

http

msedge.exe

2.6kB
3.5kB
18
12

HTTP Request

GET http://google.com/

HTTP Response

301
172.217.169.78:80

google.com

msedge.exe

524 B
444 B
11
9
142.250.200.4:80

www.google.com

msedge.exe

472 B
236 B
10
5
142.250.200.4:80

http://www.google.com/

http

msedge.exe

1.4kB
2.0kB
12
9

HTTP Request

GET http://www.google.com/

HTTP Response

302
142.250.200.4:443

https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=OYOdZfWNIqC7hbIPt5mgmAs&zx=1704821560900&opi=89978449

tls, http2

msedge.exe

23.5kB
414.6kB
303
313

HTTP Request

GET https://www.google.com/?gws_rd=ssl

HTTP Request

GET https://www.google.com/xjs/_/js/k=xjs.hd.en.A4KoRHOM9VQ.O/am=AAAAAAAAAAAAAAAAAAAAAAAQAAAAIEED4RCADRAAEAAADJAAAgACCAGjEAAOAAQCHsoGAACYAIElMCqAlMAzCQAATUAVQAAAAAAAAAgGRAEEHhAAAIAOACBDIwADEAQUQAAAAADyACA4AAcRBAAAAAAAAAAAACDABMFwQQJQEEAAAAAAAAAAAAAAICVNVBgG/d=1/ed=1/dg=2/rs=ACT90oGy4x0DVWTEO3kGGfAKg_sAMs89Rw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;EnlcNd:WeHg4;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;vfVwPd:lcrkwe;RDNBlf:zPRCJb;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:OZqGte;G6wU6e:hPyGBb;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl

HTTP Request

POST https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=OYOdZfWNIqC7hbIPt5mgmAs&rt=wsrt.4151,cbt.44,hst.44&opi=89978449

HTTP Request

GET https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

HTTP Request

GET https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp

HTTP Request

POST https://www.google.com/gen_204?ei=OYOdZfWNIqC7hbIPt5mgmAs&vet=10ahUKEwi1jtSc69CDAxWgXUEAHbcMCLMQhJAHCBw..s&bl=oZ7B&s=webhp&gl=uk&pc=SEARCH_HOMEPAGE&isMobile=false

HTTP Request

GET https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=OYOdZfWNIqC7hbIPt5mgmAs&zx=1704821560900&opi=89978449
142.250.179.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GsbA68hXs80.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo899t-H8Lxb3OqzMDuPn6TV_i36ag/cb=gapi.loaded_0

tls, http2

msedge.exe

4.4kB
51.1kB
45
46

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GsbA68hXs80.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo899t-H8Lxb3OqzMDuPn6TV_i36ag/cb=gapi.loaded_0
4.231.128.59:443

tls, https

230 B
621 B
5
4
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.3kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.3kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.3kB
18
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&w=1080&h=1920&c=4

tls, http2

90.1kB
2.6MB
1876
1865

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301097_12A5KDJOE91WSRBSS&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301085_1YZNFZ5K8SV0HV16D&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301518_1R2W2SGAPM8KT8FXA&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301530_18PVHZ040UYOWJ1A4&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.3kB
18
14
96.17.178.211:80
96.17.178.211:80
96.17.178.211:80
96.17.178.211:80
96.17.178.211:80
52.142.223.178:80

156 B
3
96.17.178.211:80
96.17.178.211:80

8.8.8.8:53

google.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

172.217.169.78
8.8.8.8:53

78.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.169.217.172.in-addr.arpa
8.8.8.8:53

www.google.com

dns

msedge.exe

120 B
76 B
2
1

DNS Request

www.google.com

DNS Request

www.google.com

DNS Response

142.250.200.4
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

5.181.190.20.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

5.181.190.20.in-addr.arpa

DNS Request

5.181.190.20.in-addr.arpa

DNS Request

5.181.190.20.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

4.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.200.250.142.in-addr.arpa
142.250.200.4:443

www.google.com

https

msedge.exe

24.1kB
220.2kB
141
209
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

msedge.exe

122 B
98 B
2
1

DNS Request

apis.google.com

DNS Request

apis.google.com

DNS Response

142.250.179.238
224.0.0.251:5353

msedge.exe

524 B
8
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

88.156.103.20.in-addr.arpa

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

350 B
5

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53

57.110.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

57.110.18.2.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

167.109.18.2.in-addr.arpa

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

31.243.111.52.in-addr.arpa

DNS Request

31.243.111.52.in-addr.arpa

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

186 B
173 B
3
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

100.5.17.2.in-addr.arpa

dns

138 B
131 B
2
1

DNS Request

100.5.17.2.in-addr.arpa

DNS Request

100.5.17.2.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

206.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

206.178.17.96.in-addr.arpa
8.8.8.8:53

17.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

17.134.221.88.in-addr.arpa
8.8.8.8:53

209.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.178.17.96.in-addr.arpa
8.8.8.8:53

4.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.173.189.20.in-addr.arpa
8.8.8.8:53

211.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

211.178.17.96.in-addr.arpa

DNS Request

211.178.17.96.in-addr.arpa
8.8.8.8:53

59.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

59.134.221.88.in-addr.arpa
8.8.8.8:53
8.8.8.8:53

210.178.17.96.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

210.178.17.96.in-addr.arpa

DNS Request

210.178.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
caf04894b88e4c0cb24d6b8a6960c352

SHA1
0d66f6aba3860042114fbb335ae2ac1ab22be586

SHA256
2a96395fb51435679d520584cee16ce8c48722dcb8b1298c01706bd542d01e90

SHA512
229f283262fe44d0d26c1fe9900308c994d8bcd2f6f046b60e4b9ab1b82a0183c8551df213bd8062e000615f9c5177bfb7ae4c767f03e11f4f3edbb4c284b686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
977B

MD5
3a1efb9b41f10d5a3cbde2fdd8285c6e

SHA1
fff90529f4b6d9180107f17c141ead0a3001465a

SHA256
ba7fb1adc42a45d5c831ba82a1bf65c42be86e8969aaef197555ee7d8ce633d4

SHA512
5d8223961d70f5cb29731c6a663e9cb059b790b5ab509f42d353e6f30043ac9ece9253420449af61cc5425f3584b8bbbc4a91dd117dfec98875b2385b0fa7fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4026320d09ba9ad269fcabe69ea9a93

SHA1
6c05b8019178a06c772e0e68e8208a48da7e1c2f

SHA256
d3f1575213c2b1da64f0eb76aa28a960e878ef5d457e39208b229f4303d8bcaf

SHA512
4da3aebfd4e3cc6c469ad63101379c038decea84561b54b18639dd927477e59ee40a911b65a7ad670c40a8a6a549c131255cb6bbe37917ea10e18f21c4f29696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9226b7183a1630013f6cbfcbae92f477

SHA1
fbd811fa2363cd7f57a291ff09f26279363c4b12

SHA256
f6c2862edc568905f8fde00ccef0fe70b365528a3d2884c893f4cff52e1fad7d

SHA512
75751ec62c5e0201b3a64dc6d7183747406140712f96411791e29d1019d95af63372419c3970680fd9b9a2ccfc0bc0e179c81071e50b12b021f7544bc415a506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6d02721085d47eee2ffd6717197e38a

SHA1
ba13762e162d346e56dffa6a02a7edb03491e4c9

SHA256
e9e187beaaa6ffd7283552b6b9b632e1f91c44d925fd79299a6b921ab1649ef3

SHA512
a36731bfb0188634447d00f4f00a5afba7523b5d33b25af99b0d8e05d37dc9217f8b476d20b609bd78cf1fde7b1aaf4d02016590094c3d6240ecc6f011673d90

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request