Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/04/2024, 09:41 UTC

240417-ln55nacg6w 8

17/04/2024, 09:41 UTC

240417-lnwk8abb69 1

17/04/2024, 07:37 UTC

240417-jf22xsae8v 6

16/04/2024, 14:11 UTC

240416-rhgsrsde91 1

16/04/2024, 14:07 UTC

240416-rey8msbh56 1

17/04/2024, 07:43 UTC

240417-jkq58aaf8w

Analysis

  • max time kernel
    79s
  • max time network
    83s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/04/2024, 10:12 UTC

General

  • Target

    http://google.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe8d3d3cb8,0x7ffe8d3d3cc8,0x7ffe8d3d3cd8
      2⤵
        PID:1980
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
        2⤵
          PID:2556
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2492
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
          2⤵
            PID:4728
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:1584
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:3564
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
                2⤵
                  PID:4176
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3636
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2604
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
                  2⤵
                    PID:2036
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                    2⤵
                      PID:2832
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                      2⤵
                        PID:1496
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
                        2⤵
                          PID:3544
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                          2⤵
                            PID:4752
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1532
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2456
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3336

                              Network

                              • flag-us
                                DNS
                                google.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                google.com
                                IN A
                                Response
                                google.com
                                IN A
                                142.250.200.14
                              • flag-us
                                DNS
                                ctldl.windowsupdate.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ctldl.windowsupdate.com
                                IN A
                                Response
                                ctldl.windowsupdate.com
                                IN CNAME
                                wu-bg-shim.trafficmanager.net
                                wu-bg-shim.trafficmanager.net
                                IN CNAME
                                download.windowsupdate.com.edgesuite.net
                                download.windowsupdate.com.edgesuite.net
                                IN CNAME
                                a767.dspw65.akamai.net
                                a767.dspw65.akamai.net
                                IN A
                                2.17.197.249
                                a767.dspw65.akamai.net
                                IN A
                                2.17.197.240
                              • flag-us
                                DNS
                                47.242.123.52.in-addr.arpa
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                47.242.123.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                apis.google.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                apis.google.com
                                IN A
                                Response
                                apis.google.com
                                IN CNAME
                                plus.l.google.com
                                plus.l.google.com
                                IN A
                                216.58.201.110
                              • flag-us
                                DNS
                                110.201.58.216.in-addr.arpa
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                110.201.58.216.in-addr.arpa
                                IN PTR
                                Response
                                110.201.58.216.in-addr.arpa
                                IN PTR
                                lhr48s48-in-f141e100net
                                110.201.58.216.in-addr.arpa
                                IN PTR
                                prg03s02-in-f110�I
                                110.201.58.216.in-addr.arpa
                                IN PTR
                                prg03s02-in-f14�I
                              • flag-us
                                DNS
                                encrypted-tbn0.gstatic.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                encrypted-tbn0.gstatic.com
                                IN A
                                Response
                                encrypted-tbn0.gstatic.com
                                IN A
                                142.250.200.14
                              • flag-us
                                DNS
                                www.youtube.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.youtube.com
                                IN A
                                Response
                                www.youtube.com
                                IN CNAME
                                youtube-ui.l.google.com
                                youtube-ui.l.google.com
                                IN A
                                172.217.169.78
                                youtube-ui.l.google.com
                                IN A
                                172.217.169.46
                                youtube-ui.l.google.com
                                IN A
                                142.250.179.238
                                youtube-ui.l.google.com
                                IN A
                                142.250.180.14
                                youtube-ui.l.google.com
                                IN A
                                142.250.187.206
                                youtube-ui.l.google.com
                                IN A
                                142.250.187.238
                                youtube-ui.l.google.com
                                IN A
                                142.250.178.14
                                youtube-ui.l.google.com
                                IN A
                                172.217.16.238
                                youtube-ui.l.google.com
                                IN A
                                142.250.200.14
                                youtube-ui.l.google.com
                                IN A
                                142.250.200.46
                                youtube-ui.l.google.com
                                IN A
                                216.58.201.110
                                youtube-ui.l.google.com
                                IN A
                                216.58.204.78
                                youtube-ui.l.google.com
                                IN A
                                216.58.213.14
                                youtube-ui.l.google.com
                                IN A
                                172.217.169.14
                                youtube-ui.l.google.com
                                IN A
                                216.58.212.206
                              • flag-us
                                DNS
                                226.16.217.172.in-addr.arpa
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                226.16.217.172.in-addr.arpa
                                IN PTR
                                Response
                                226.16.217.172.in-addr.arpa
                                IN PTR
                                mad08s04-in-f21e100net
                                226.16.217.172.in-addr.arpa
                                IN PTR
                                lhr48s28-in-f2�H
                              • flag-us
                                DNS
                                encrypted-tbn2.gstatic.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                encrypted-tbn2.gstatic.com
                                IN A
                                Response
                                encrypted-tbn2.gstatic.com
                                IN A
                                142.250.187.238
                              • flag-gb
                                GET
                                http://google.com/
                                msedge.exe
                                Remote address:
                                142.250.200.14:80
                                Request
                                GET / HTTP/1.1
                                Host: google.com
                                Connection: keep-alive
                                DNT: 1
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 301 Moved Permanently
                                Location: http://www.google.com/
                                Content-Type: text/html; charset=UTF-8
                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-kfCV1oDpZOt9wigYZHw6jw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
                                Permissions-Policy: unload=()
                                Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                Date: Tue, 16 Apr 2024 10:13:16 GMT
                                Expires: Thu, 16 May 2024 10:13:16 GMT
                                Cache-Control: public, max-age=2592000
                                Server: gws
                                Content-Length: 219
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                              • flag-gb
                                GET
                                http://www.google.com/
                                msedge.exe
                                Remote address:
                                142.250.178.4:80
                                Request
                                GET / HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                DNT: 1
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 302 Found
                                Location: https://www.google.com/?gws_rd=ssl
                                Cache-Control: private
                                Content-Type: text/html; charset=UTF-8
                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-qo9gZ4nbISxzOhhz9V8_gQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
                                Permissions-Policy: unload=()
                                Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                Date: Tue, 16 Apr 2024 10:13:17 GMT
                                Server: gws
                                Content-Length: 231
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                Set-Cookie: 1P_JAR=2024-04-16-10; expires=Thu, 16-May-2024 10:13:17 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                Set-Cookie: AEC=AQTF6Hyig-xiTBq-O9Zj6QkuMXAjo222jav7qZK_GgC_KBk5NCS0PnXSqQ; expires=Sun, 13-Oct-2024 10:13:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                              • flag-gb
                                GET
                                https://www.google.com/?gws_rd=ssl
                                msedge.exe
                                Remote address:
                                142.250.178.4:443
                                Request
                                GET /?gws_rd=ssl HTTP/2.0
                                host: www.google.com
                                dnt: 1
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: none
                                sec-fetch-mode: navigate
                                sec-fetch-user: ?1
                                sec-fetch-dest: document
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                sec-ch-ua-mobile: ?0
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://www.google.com/xjs/_/ss/k=xjs.hd.XYynbIKr1HI.L.W.O/am=cAEAAAAAAMAAAAAAAAAAAAAAAAAAgAAAAgAAAAAgAHzCAQLAhgAAAEAAAIAAACAAAACCAAAAABAEAAwAAAgAAACAQAgABECABJCEIAMBAEQwgQCpAMAAAAAAkAAAAAABAQgYgADgIQIAAAIdgAASAABkgBAAAAAAAACAAAAAAAAwAAAAAAAAAAAAAAAAACAAAABQAAAAAAAAAAAAAAAAAAAC/d=1/ed=1/rs=ACT90oGBacXd7beNAxnF3ulnf-Q6qiAvZw/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl
                                msedge.exe
                                Remote address:
                                142.250.178.4:443
                                Request
                                GET /xjs/_/ss/k=xjs.hd.XYynbIKr1HI.L.W.O/am=cAEAAAAAAMAAAAAAAAAAAAAAAAAAgAAAAgAAAAAgAHzCAQLAhgAAAEAAAIAAACAAAACCAAAAABAEAAwAAAgAAACAQAgABECABJCEIAMBAEQwgQCpAMAAAAAAkAAAAAABAQgYgADgIQIAAAIdgAASAABkgBAAAAAAAACAAAAAAAAwAAAAAAAAAAAAAAAAACAAAABQAAAAAAAAAAAAAAAAAAAC/d=1/ed=1/rs=ACT90oGBacXd7beNAxnF3ulnf-Q6qiAvZw/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/2.0
                                host: www.google.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                sec-ch-ua-arch: "x86"
                                sec-ch-ua-full-version: "90.0.818.66"
                                sec-ch-ua-platform-version: "10.0"
                                sec-ch-ua-model:
                                sec-ch-ua-platform: "Windows"
                                accept: text/css,*/*;q=0.1
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: style
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: AEC=AQTF6HyVr0mlnPl9tuqWUUF2mIdOJ7p5Iml4zNQ0hKvoZSiR37xdcnENtw
                                cookie: NID=513=mutCmol4uWbl9D2LdBbaZA-oZLToMBlkmwugTQDpb0kGCKuOVz74irirdqnNIyGzehZF80CZrKC_qqb4NCWU7nejhYVB9OyF5vvy3VJiZegzT46zqH2hXNdA3FnFiOCjyuVRKqZRcQsLpIUstnikILIbBgviU3qxQH7JCKP34Fs
                              • flag-gb
                                GET
                                https://www.google.com/xjs/_/js/k=xjs.hd.en.0-6vG_J1lSs.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAGgEBBAEAAwAIQjAQ5kAQMAEAAAABACEAAQBAEAAAACgAAAAAAAAAAAAwAABAgAAAAAAAAAAAAAdAAAEAIBggBAAgAAAAADkAQgO4CA1AQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG/d=1/ed=1/dg=2/rs=ACT90oGT8dzNMu5NCAOkEyf-amJlOqCuWw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bDXwRe:UsyOtc;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;p2tIDb:tp1Cx;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl
                                msedge.exe
                                Remote address:
                                142.250.178.4:443
                                Request
                                GET /xjs/_/js/k=xjs.hd.en.0-6vG_J1lSs.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAGgEBBAEAAwAIQjAQ5kAQMAEAAAABACEAAQBAEAAAACgAAAAAAAAAAAAwAABAgAAAAAAAAAAAAAdAAAEAIBggBAAgAAAAADkAQgO4CA1AQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG/d=1/ed=1/dg=2/rs=ACT90oGT8dzNMu5NCAOkEyf-amJlOqCuWw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bDXwRe:UsyOtc;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;p2tIDb:tp1Cx;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/2.0
                                host: www.google.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                sec-ch-ua-arch: "x86"
                                sec-ch-ua-full-version: "90.0.818.66"
                                sec-ch-ua-platform-version: "10.0"
                                sec-ch-ua-model:
                                sec-ch-ua-platform: "Windows"
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: AEC=AQTF6HyVr0mlnPl9tuqWUUF2mIdOJ7p5Iml4zNQ0hKvoZSiR37xdcnENtw
                                cookie: NID=513=mutCmol4uWbl9D2LdBbaZA-oZLToMBlkmwugTQDpb0kGCKuOVz74irirdqnNIyGzehZF80CZrKC_qqb4NCWU7nejhYVB9OyF5vvy3VJiZegzT46zqH2hXNdA3FnFiOCjyuVRKqZRcQsLpIUstnikILIbBgviU3qxQH7JCKP34Fs
                              • flag-gb
                                GET
                                https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
                                msedge.exe
                                Remote address:
                                142.250.178.4:443
                                Request
                                GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/2.0
                                host: www.google.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                sec-ch-ua-arch: "x86"
                                sec-ch-ua-full-version: "90.0.818.66"
                                sec-ch-ua-platform-version: "10.0"
                                sec-ch-ua-model:
                                sec-ch-ua-platform: "Windows"
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: AEC=AQTF6HyVr0mlnPl9tuqWUUF2mIdOJ7p5Iml4zNQ0hKvoZSiR37xdcnENtw
                                cookie: NID=513=mutCmol4uWbl9D2LdBbaZA-oZLToMBlkmwugTQDpb0kGCKuOVz74irirdqnNIyGzehZF80CZrKC_qqb4NCWU7nejhYVB9OyF5vvy3VJiZegzT46zqH2hXNdA3FnFiOCjyuVRKqZRcQsLpIUstnikILIbBgviU3qxQH7JCKP34Fs
                              • flag-gb
                                GET
                                https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
                                msedge.exe
                                Remote address:
                                142.250.178.4:443
                                Request
                                GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/2.0
                                host: www.google.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                sec-ch-ua-arch: "x86"
                                sec-ch-ua-full-version: "90.0.818.66"
                                sec-ch-ua-platform-version: "10.0"
                                sec-ch-ua-model:
                                sec-ch-ua-platform: "Windows"
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: AEC=AQTF6HyVr0mlnPl9tuqWUUF2mIdOJ7p5Iml4zNQ0hKvoZSiR37xdcnENtw
                                cookie: NID=513=mutCmol4uWbl9D2LdBbaZA-oZLToMBlkmwugTQDpb0kGCKuOVz74irirdqnNIyGzehZF80CZrKC_qqb4NCWU7nejhYVB9OyF5vvy3VJiZegzT46zqH2hXNdA3FnFiOCjyuVRKqZRcQsLpIUstnikILIbBgviU3qxQH7JCKP34Fs
                              • flag-us
                                DNS
                                4.178.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                4.178.250.142.in-addr.arpa
                                IN PTR
                                Response
                                4.178.250.142.in-addr.arpa
                                IN PTR
                                lhr48s27-in-f41e100net
                              • flag-us
                                DNS
                                ssl.gstatic.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                ssl.gstatic.com
                                IN A
                                Response
                                ssl.gstatic.com
                                IN A
                                142.250.179.227
                              • flag-us
                                DNS
                                227.179.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                227.179.250.142.in-addr.arpa
                                IN PTR
                                Response
                                227.179.250.142.in-addr.arpa
                                IN PTR
                                lhr25s31-in-f31e100net
                              • flag-us
                                DNS
                                195.168.217.172.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                195.168.217.172.in-addr.arpa
                                IN PTR
                                Response
                                195.168.217.172.in-addr.arpa
                                IN PTR
                                ams16s32-in-f31e100net
                              • flag-us
                                DNS
                                static.doubleclick.net
                                Remote address:
                                8.8.8.8:53
                                Request
                                static.doubleclick.net
                                IN A
                                Response
                                static.doubleclick.net
                                IN A
                                142.250.179.230
                              • flag-us
                                DNS
                                33.200.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                33.200.250.142.in-addr.arpa
                                IN PTR
                                Response
                                33.200.250.142.in-addr.arpa
                                IN PTR
                                lhr48s30-in-f11e100net
                              • flag-us
                                DNS
                                240.221.184.93.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                240.221.184.93.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                249.197.17.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                249.197.17.2.in-addr.arpa
                                IN PTR
                                Response
                                249.197.17.2.in-addr.arpa
                                IN PTR
                                a2-17-197-249deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                fonts.gstatic.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                fonts.gstatic.com
                                IN A
                                Response
                                fonts.gstatic.com
                                IN A
                                172.217.169.3
                              • flag-us
                                DNS
                                3.169.217.172.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                3.169.217.172.in-addr.arpa
                                IN PTR
                                Response
                                3.169.217.172.in-addr.arpa
                                IN PTR
                                lhr25s26-in-f31e100net
                              • flag-us
                                DNS
                                i.ytimg.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                i.ytimg.com
                                IN A
                                Response
                                i.ytimg.com
                                IN A
                                142.250.200.22
                                i.ytimg.com
                                IN A
                                142.250.200.54
                                i.ytimg.com
                                IN A
                                216.58.201.118
                                i.ytimg.com
                                IN A
                                216.58.204.86
                                i.ytimg.com
                                IN A
                                216.58.213.22
                                i.ytimg.com
                                IN A
                                172.217.169.22
                                i.ytimg.com
                                IN A
                                216.58.212.214
                                i.ytimg.com
                                IN A
                                172.217.169.86
                                i.ytimg.com
                                IN A
                                142.250.179.246
                                i.ytimg.com
                                IN A
                                142.250.180.22
                                i.ytimg.com
                                IN A
                                142.250.187.214
                                i.ytimg.com
                                IN A
                                142.250.187.246
                                i.ytimg.com
                                IN A
                                142.250.178.22
                                i.ytimg.com
                                IN A
                                172.217.16.246
                              • flag-us
                                DNS
                                98.201.58.216.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                98.201.58.216.in-addr.arpa
                                IN PTR
                                Response
                                98.201.58.216.in-addr.arpa
                                IN PTR
                                prg03s02-in-f21e100net
                                98.201.58.216.in-addr.arpa
                                IN PTR
                                prg03s02-in-f98�G
                                98.201.58.216.in-addr.arpa
                                IN PTR
                                lhr48s48-in-f2�G
                              • flag-us
                                DNS
                                234.16.217.172.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                234.16.217.172.in-addr.arpa
                                IN PTR
                                Response
                                234.16.217.172.in-addr.arpa
                                IN PTR
                                mad08s04-in-f101e100net
                                234.16.217.172.in-addr.arpa
                                IN PTR
                                lhr48s28-in-f10�I
                              • flag-us
                                DNS
                                encrypted-vtbn0.gstatic.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                encrypted-vtbn0.gstatic.com
                                IN A
                                Response
                                encrypted-vtbn0.gstatic.com
                                IN A
                                142.250.187.238
                              • flag-gb
                                GET
                                https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en
                                msedge.exe
                                Remote address:
                                172.217.16.238:443
                                Request
                                GET /widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en HTTP/2.0
                                host: ogs.google.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                sec-ch-ua-mobile: ?0
                                upgrade-insecure-requests: 1
                                dnt: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: same-site
                                sec-fetch-mode: navigate
                                sec-fetch-dest: iframe
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: AEC=AQTF6HyVr0mlnPl9tuqWUUF2mIdOJ7p5Iml4zNQ0hKvoZSiR37xdcnENtw
                                cookie: NID=513=mutCmol4uWbl9D2LdBbaZA-oZLToMBlkmwugTQDpb0kGCKuOVz74irirdqnNIyGzehZF80CZrKC_qqb4NCWU7nejhYVB9OyF5vvy3VJiZegzT46zqH2hXNdA3FnFiOCjyuVRKqZRcQsLpIUstnikILIbBgviU3qxQH7JCKP34Fs
                              • flag-gb
                                GET
                                https://www.youtube.com/iframe_api?version=3
                                msedge.exe
                                Remote address:
                                172.217.16.238:443
                                Request
                                GET /iframe_api?version=3 HTTP/2.0
                                host: www.youtube.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0
                                msedge.exe
                                Remote address:
                                216.58.201.110:443
                                Request
                                GET /_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0 HTTP/2.0
                                host: apis.google.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: */*
                                sec-fetch-site: same-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: AEC=AQTF6HyVr0mlnPl9tuqWUUF2mIdOJ7p5Iml4zNQ0hKvoZSiR37xdcnENtw
                                cookie: NID=513=mutCmol4uWbl9D2LdBbaZA-oZLToMBlkmwugTQDpb0kGCKuOVz74irirdqnNIyGzehZF80CZrKC_qqb4NCWU7nejhYVB9OyF5vvy3VJiZegzT46zqH2hXNdA3FnFiOCjyuVRKqZRcQsLpIUstnikILIbBgviU3qxQH7JCKP34Fs
                              • flag-gb
                                GET
                                https://ssl.gstatic.com/privacyplus/spot02_light_opt.png
                                msedge.exe
                                Remote address:
                                142.250.179.227:443
                                Request
                                GET /privacyplus/spot02_light_opt.png HTTP/2.0
                                host: ssl.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://ssl.gstatic.com/privacyplus/spot03_light_opt.png
                                msedge.exe
                                Remote address:
                                142.250.179.227:443
                                Request
                                GET /privacyplus/spot03_light_opt.png HTTP/2.0
                                host: ssl.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://ssl.gstatic.com/privacyplus/spot01_light_opt.png
                                msedge.exe
                                Remote address:
                                142.250.179.227:443
                                Request
                                GET /privacyplus/spot01_light_opt.png HTTP/2.0
                                host: ssl.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_180x72dp.png
                                msedge.exe
                                Remote address:
                                142.250.179.227:443
                                Request
                                GET /images/branding/googlelogo/1x/googlelogo_color_180x72dp.png HTTP/2.0
                                host: ssl.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://ssl.gstatic.com/privacyplus/hero_light_opt.png
                                msedge.exe
                                Remote address:
                                142.250.179.227:443
                                Request
                                GET /privacyplus/hero_light_opt.png HTTP/2.0
                                host: ssl.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://ssl.gstatic.com/privacyplus/spot04_light_opt.png
                                msedge.exe
                                Remote address:
                                142.250.179.227:443
                                Request
                                GET /privacyplus/spot04_light_opt.png HTTP/2.0
                                host: ssl.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                DNS
                                play.google.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                play.google.com
                                IN A
                                Response
                                play.google.com
                                IN A
                                142.250.187.206
                              • flag-us
                                DNS
                                22.200.250.142.in-addr.arpa
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                22.200.250.142.in-addr.arpa
                                IN PTR
                                Response
                                22.200.250.142.in-addr.arpa
                                IN PTR
                                lhr48s29-in-f221e100net
                              • flag-us
                                DNS
                                googleads.g.doubleclick.net
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                googleads.g.doubleclick.net
                                IN A
                                Response
                                googleads.g.doubleclick.net
                                IN A
                                172.217.16.226
                              • flag-us
                                DNS
                                tpc.googlesyndication.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                tpc.googlesyndication.com
                                IN A
                                Response
                                tpc.googlesyndication.com
                                IN A
                                142.250.200.33
                              • flag-us
                                DNS
                                ctldl.windowsupdate.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ctldl.windowsupdate.com
                                IN A
                                Response
                                ctldl.windowsupdate.com
                                IN CNAME
                                wu-bg-shim.trafficmanager.net
                                wu-bg-shim.trafficmanager.net
                                IN CNAME
                                wu.azureedge.net
                                wu.azureedge.net
                                IN CNAME
                                wu.ec.azureedge.net
                                wu.ec.azureedge.net
                                IN CNAME
                                bg.apr-52dd2-0503.edgecastdns.net
                                bg.apr-52dd2-0503.edgecastdns.net
                                IN CNAME
                                hlb.apr-52dd2-0.edgecastdns.net
                                hlb.apr-52dd2-0.edgecastdns.net
                                IN CNAME
                                cs11.wpc.v0cdn.net
                                cs11.wpc.v0cdn.net
                                IN A
                                93.184.221.240
                              • flag-gb
                                OPTIONS
                                https://play.google.com/log?format=json&hasfast=true&authuser=0
                                msedge.exe
                                Remote address:
                                142.250.187.206:443
                                Request
                                OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
                                host: play.google.com
                                accept: */*
                                access-control-request-method: POST
                                access-control-request-headers: x-goog-authuser
                                origin: https://ogs.google.com
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                sec-fetch-mode: cors
                                sec-fetch-site: same-site
                                sec-fetch-dest: empty
                                referer: https://ogs.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQu36tIc_9IZZQ3Yf71L1NaFHs9hH3DpRlKEUCkVHg&s=10
                                msedge.exe
                                Remote address:
                                142.250.200.14:443
                                Request
                                GET /images?q=tbn:ANd9GcQu36tIc_9IZZQ3Yf71L1NaFHs9hH3DpRlKEUCkVHg&s=10 HTTP/2.0
                                host: encrypted-tbn0.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRfzoYe8hvW9kMAZaMgUnKXUeSSno7Yf9vTaKmG-GytaIaO_UqdMQJzTvU&s=10
                                msedge.exe
                                Remote address:
                                142.250.200.14:443
                                Request
                                GET /images?q=tbn:ANd9GcRfzoYe8hvW9kMAZaMgUnKXUeSSno7Yf9vTaKmG-GytaIaO_UqdMQJzTvU&s=10 HTTP/2.0
                                host: encrypted-tbn0.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRxE8kUe7hULEB0Ts4t6YmZi0lxap7FkkCIT_X40VMb16IIe5-njcC1wlI&s=10
                                msedge.exe
                                Remote address:
                                142.250.200.14:443
                                Request
                                GET /images?q=tbn:ANd9GcRxE8kUe7hULEB0Ts4t6YmZi0lxap7FkkCIT_X40VMb16IIe5-njcC1wlI&s=10 HTTP/2.0
                                host: encrypted-tbn0.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRdpxUO2kj6uxaWojF5A8oITs-_DzII3X_zrqZUcb38RSBq0RGl8w11Kybn&s=10
                                msedge.exe
                                Remote address:
                                142.250.200.14:443
                                Request
                                GET /images?q=tbn:ANd9GcRdpxUO2kj6uxaWojF5A8oITs-_DzII3X_zrqZUcb38RSBq0RGl8w11Kybn&s=10 HTTP/2.0
                                host: encrypted-tbn0.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn1.gstatic.com/faviconV2?url=https://brightchamps.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL
                                msedge.exe
                                Remote address:
                                142.250.200.14:443
                                Request
                                GET /faviconV2?url=https://brightchamps.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL HTTP/2.0
                                host: encrypted-tbn1.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn1.gstatic.com/faviconV2?url=https://m.youtube.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL
                                msedge.exe
                                Remote address:
                                142.250.200.14:443
                                Request
                                GET /faviconV2?url=https://m.youtube.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL HTTP/2.0
                                host: encrypted-tbn1.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn1.gstatic.com/faviconV2?url=https://www.minecraft.net&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL
                                msedge.exe
                                Remote address:
                                142.250.200.14:443
                                Request
                                GET /faviconV2?url=https://www.minecraft.net&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL HTTP/2.0
                                host: encrypted-tbn1.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn3.gstatic.com/faviconV2?url=https://www.crazygames.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL
                                msedge.exe
                                Remote address:
                                142.250.200.14:443
                                Request
                                GET /faviconV2?url=https://www.crazygames.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL HTTP/2.0
                                host: encrypted-tbn3.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-nl
                                GET
                                https://id.google.com/verify/AKueOd5DFZuahp0cNUrabA8xgpC2-wGk1oEl4aCLjlanCVeEB9ShAbwHGxwlRtGB28gzKXidoq44D_TFI76hPVq971T5m3GOk7-ZpZOCfybgV_fFSg
                                msedge.exe
                                Remote address:
                                172.217.168.195:443
                                Request
                                GET /verify/AKueOd5DFZuahp0cNUrabA8xgpC2-wGk1oEl4aCLjlanCVeEB9ShAbwHGxwlRtGB28gzKXidoq44D_TFI76hPVq971T5m3GOk7-ZpZOCfybgV_fFSg HTTP/2.0
                                host: id.google.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: same-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                cookie: AEC=AQTF6HyVr0mlnPl9tuqWUUF2mIdOJ7p5Iml4zNQ0hKvoZSiR37xdcnENtw
                                cookie: OGPC=19037049-1:
                                cookie: NID=513=UZrJ-vYzT_iNF2r3iBhN2e_fMq6WtVqf3zx33f0oj8nzchCcmZJZpQLTu3WpCqa6BH-sTun4jIdyqczbFoOEKKXphzE5SMxQZQHAlg-8AaRasX-tWpaHMAkQyjX2ELePz2wsoAMM0teS96eID3quhDWuBTkhuw-D3pUPNNvvLls5Ft5RM11R2YLZ
                              • flag-gb
                                GET
                                https://i.ytimg.com/vi/rzoiOIFpOBc/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mhtKckiKYihfIE1PM33GEzagsyhw
                                msedge.exe
                                Remote address:
                                142.250.200.22:443
                                Request
                                GET /vi/rzoiOIFpOBc/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mhtKckiKYihfIE1PM33GEzagsyhw HTTP/2.0
                                host: i.ytimg.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://i.ytimg.com/vi/XNHSeLHsRpk/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mlkzgIHs15WdTsMF00uhGNov-8lg
                                msedge.exe
                                Remote address:
                                142.250.200.22:443
                                Request
                                GET /vi/XNHSeLHsRpk/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mlkzgIHs15WdTsMF00uhGNov-8lg HTTP/2.0
                                host: i.ytimg.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://googleads.g.doubleclick.net/pagead/id
                                msedge.exe
                                Remote address:
                                172.217.16.226:443
                                Request
                                GET /pagead/id HTTP/2.0
                                host: googleads.g.doubleclick.net
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: */*
                                origin: https://www.youtube.com
                                sec-fetch-site: cross-site
                                sec-fetch-mode: cors
                                sec-fetch-dest: empty
                                referer: https://www.youtube.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://static.doubleclick.net/instream/ad_status.js
                                msedge.exe
                                Remote address:
                                142.250.179.230:443
                                Request
                                GET /instream/ad_status.js HTTP/2.0
                                host: static.doubleclick.net
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://www.youtube.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                OPTIONS
                                https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
                                msedge.exe
                                Remote address:
                                172.217.16.234:443
                                Request
                                OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
                                host: jnn-pa.googleapis.com
                                accept: */*
                                access-control-request-method: POST
                                access-control-request-headers: content-type,x-goog-api-key,x-user-agent
                                origin: https://www.youtube.com
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                sec-fetch-mode: cors
                                sec-fetch-site: cross-site
                                sec-fetch-dest: empty
                                referer: https://www.youtube.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://tpc.googlesyndication.com/simgad/13927698368710512868?sqp=-oaymwEKCCAQICABUAFYAQ&rs=AOga4qkirknBbhNzY2TLab1891dkDqC_tw
                                msedge.exe
                                Remote address:
                                142.250.200.33:443
                                Request
                                GET /simgad/13927698368710512868?sqp=-oaymwEKCCAQICABUAFYAQ&rs=AOga4qkirknBbhNzY2TLab1891dkDqC_tw HTTP/2.0
                                host: tpc.googlesyndication.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn2.gstatic.com/faviconV2?url=https://www.youtube.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL
                                msedge.exe
                                Remote address:
                                142.250.187.238:443
                                Request
                                GET /faviconV2?url=https://www.youtube.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL HTTP/2.0
                                host: encrypted-tbn2.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-tbn2.gstatic.com/faviconV2?url=https://play.google.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL
                                msedge.exe
                                Remote address:
                                142.250.187.238:443
                                Request
                                GET /faviconV2?url=https://play.google.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL HTTP/2.0
                                host: encrypted-tbn2.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: image
                                referer: https://www.google.com/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-gb
                                GET
                                https://encrypted-vtbn0.gstatic.com/video?q=tbn:ANd9GcTwlLkljYZI0Zmu_9vVInCeMOMyvSqhtgsIBQ
                                msedge.exe
                                Remote address:
                                142.250.187.238:443
                                Request
                                GET /video?q=tbn:ANd9GcTwlLkljYZI0Zmu_9vVInCeMOMyvSqhtgsIBQ HTTP/2.0
                                host: encrypted-vtbn0.gstatic.com
                                sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                                dnt: 1
                                accept-encoding: identity;q=1, *;q=0
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: video
                                referer: https://www.google.com/
                                accept-language: en-US,en;q=0.9
                                range: bytes=0-
                              • 142.250.200.14:80
                                http://google.com/
                                http
                                msedge.exe
                                672 B
                                1.7kB
                                5
                                5

                                HTTP Request

                                GET http://google.com/

                                HTTP Response

                                301
                              • 142.250.200.14:80
                                encrypted-tbn1.gstatic.com
                                msedge.exe
                                144 B
                                104 B
                                3
                                2
                              • 142.250.178.4:80
                                http://www.google.com/
                                http
                                msedge.exe
                                676 B
                                2.0kB
                                5
                                5

                                HTTP Request

                                GET http://www.google.com/

                                HTTP Response

                                302
                              • 142.250.178.4:443
                                https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
                                tls, http2
                                msedge.exe
                                17.0kB
                                403.8kB
                                277
                                309

                                HTTP Request

                                GET https://www.google.com/?gws_rd=ssl

                                HTTP Request

                                GET https://www.google.com/xjs/_/ss/k=xjs.hd.XYynbIKr1HI.L.W.O/am=cAEAAAAAAMAAAAAAAAAAAAAAAAAAgAAAAgAAAAAgAHzCAQLAhgAAAEAAAIAAACAAAACCAAAAABAEAAwAAAgAAACAQAgABECABJCEIAMBAEQwgQCpAMAAAAAAkAAAAAABAQgYgADgIQIAAAIdgAASAABkgBAAAAAAAACAAAAAAAAwAAAAAAAAAAAAAAAAACAAAABQAAAAAAAAAAAAAAAAAAAC/d=1/ed=1/rs=ACT90oGBacXd7beNAxnF3ulnf-Q6qiAvZw/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl

                                HTTP Request

                                GET https://www.google.com/xjs/_/js/k=xjs.hd.en.0-6vG_J1lSs.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAkgAIAAAoAACAAAAAAgMAQACAAIACLAGgEBBAEAAwAIQjAQ5kAQMAEAAAABACEAAQBAEAAAACgAAAAAAAAAAAAwAABAgAAAAAAAAAAAAAdAAAEAIBggBAAgAAAAADkAQgO4CA1AQAAAAAAAAAAAAACkCCYCxJQEAABAAAAAAAAAAAAAJBKJxbG/d=1/ed=1/dg=2/rs=ACT90oGT8dzNMu5NCAOkEyf-amJlOqCuWw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bDXwRe:UsyOtc;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;p2tIDb:tp1Cx;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl

                                HTTP Request

                                GET https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

                                HTTP Request

                                GET https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
                              • 172.217.16.238:443
                                https://www.youtube.com/iframe_api?version=3
                                tls, http2
                                msedge.exe
                                2.7kB
                                24.9kB
                                23
                                34

                                HTTP Request

                                GET https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en

                                HTTP Request

                                GET https://www.youtube.com/iframe_api?version=3
                              • 216.58.201.110:443
                                https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0
                                tls, http2
                                msedge.exe
                                3.0kB
                                49.3kB
                                36
                                43

                                HTTP Request

                                GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.dCBC8e6ENbg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8oB7UmguRctpg6togRivSNxNKjzQ/cb=gapi.loaded_0
                              • 142.250.179.227:443
                                https://ssl.gstatic.com/privacyplus/spot04_light_opt.png
                                tls, http2
                                msedge.exe
                                9.3kB
                                361.7kB
                                170
                                267

                                HTTP Request

                                GET https://ssl.gstatic.com/privacyplus/spot02_light_opt.png

                                HTTP Request

                                GET https://ssl.gstatic.com/privacyplus/spot03_light_opt.png

                                HTTP Request

                                GET https://ssl.gstatic.com/privacyplus/spot01_light_opt.png

                                HTTP Request

                                GET https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_180x72dp.png

                                HTTP Request

                                GET https://ssl.gstatic.com/privacyplus/hero_light_opt.png

                                HTTP Request

                                GET https://ssl.gstatic.com/privacyplus/spot04_light_opt.png
                              • 142.250.187.206:443
                                https://play.google.com/log?format=json&hasfast=true&authuser=0
                                tls, http2
                                msedge.exe
                                1.7kB
                                8.4kB
                                13
                                15

                                HTTP Request

                                OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
                              • 142.250.200.14:443
                                encrypted-tbn0.gstatic.com
                                tls, http2
                                msedge.exe
                                989 B
                                5.3kB
                                9
                                8
                              • 142.250.200.14:443
                                https://encrypted-tbn3.gstatic.com/faviconV2?url=https://www.crazygames.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL
                                tls, http2
                                msedge.exe
                                3.6kB
                                15.7kB
                                33
                                32

                                HTTP Request

                                GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQu36tIc_9IZZQ3Yf71L1NaFHs9hH3DpRlKEUCkVHg&s=10

                                HTTP Request

                                GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRfzoYe8hvW9kMAZaMgUnKXUeSSno7Yf9vTaKmG-GytaIaO_UqdMQJzTvU&s=10

                                HTTP Request

                                GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRxE8kUe7hULEB0Ts4t6YmZi0lxap7FkkCIT_X40VMb16IIe5-njcC1wlI&s=10

                                HTTP Request

                                GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRdpxUO2kj6uxaWojF5A8oITs-_DzII3X_zrqZUcb38RSBq0RGl8w11Kybn&s=10

                                HTTP Request

                                GET https://encrypted-tbn1.gstatic.com/faviconV2?url=https://brightchamps.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL

                                HTTP Request

                                GET https://encrypted-tbn1.gstatic.com/faviconV2?url=https://m.youtube.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL

                                HTTP Request

                                GET https://encrypted-tbn1.gstatic.com/faviconV2?url=https://www.minecraft.net&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL

                                HTTP Request

                                GET https://encrypted-tbn3.gstatic.com/faviconV2?url=https://www.crazygames.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL
                              • 142.250.200.14:443
                                encrypted-tbn0.gstatic.com
                                tls, http2
                                msedge.exe
                                989 B
                                5.3kB
                                9
                                8
                              • 142.250.200.14:443
                                encrypted-tbn0.gstatic.com
                                tls, http2
                                msedge.exe
                                989 B
                                5.3kB
                                9
                                8
                              • 172.217.168.195:443
                                https://id.google.com/verify/AKueOd5DFZuahp0cNUrabA8xgpC2-wGk1oEl4aCLjlanCVeEB9ShAbwHGxwlRtGB28gzKXidoq44D_TFI76hPVq971T5m3GOk7-ZpZOCfybgV_fFSg
                                tls, http2
                                msedge.exe
                                2.1kB
                                9.0kB
                                14
                                17

                                HTTP Request

                                GET https://id.google.com/verify/AKueOd5DFZuahp0cNUrabA8xgpC2-wGk1oEl4aCLjlanCVeEB9ShAbwHGxwlRtGB28gzKXidoq44D_TFI76hPVq971T5m3GOk7-ZpZOCfybgV_fFSg
                              • 142.250.200.22:443
                                i.ytimg.com
                                tls, http2
                                msedge.exe
                                989 B
                                5.7kB
                                9
                                8
                              • 142.250.200.22:443
                                https://i.ytimg.com/vi/XNHSeLHsRpk/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mlkzgIHs15WdTsMF00uhGNov-8lg
                                tls, http2
                                msedge.exe
                                2.3kB
                                15.9kB
                                22
                                23

                                HTTP Request

                                GET https://i.ytimg.com/vi/rzoiOIFpOBc/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mhtKckiKYihfIE1PM33GEzagsyhw

                                HTTP Request

                                GET https://i.ytimg.com/vi/XNHSeLHsRpk/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mlkzgIHs15WdTsMF00uhGNov-8lg
                              • 172.217.16.226:443
                                https://googleads.g.doubleclick.net/pagead/id
                                tls, http2
                                msedge.exe
                                1.7kB
                                6.4kB
                                13
                                15

                                HTTP Request

                                GET https://googleads.g.doubleclick.net/pagead/id
                              • 142.250.179.230:443
                                https://static.doubleclick.net/instream/ad_status.js
                                tls, http2
                                msedge.exe
                                1.6kB
                                6.2kB
                                12
                                12

                                HTTP Request

                                GET https://static.doubleclick.net/instream/ad_status.js
                              • 172.217.16.234:443
                                https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
                                tls, http2
                                msedge.exe
                                1.8kB
                                6.4kB
                                14
                                16

                                HTTP Request

                                OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
                              • 142.250.200.33:443
                                https://tpc.googlesyndication.com/simgad/13927698368710512868?sqp=-oaymwEKCCAQICABUAFYAQ&rs=AOga4qkirknBbhNzY2TLab1891dkDqC_tw
                                tls, http2
                                msedge.exe
                                1.8kB
                                8.2kB
                                14
                                15

                                HTTP Request

                                GET https://tpc.googlesyndication.com/simgad/13927698368710512868?sqp=-oaymwEKCCAQICABUAFYAQ&rs=AOga4qkirknBbhNzY2TLab1891dkDqC_tw
                              • 142.250.187.238:443
                                encrypted-tbn2.gstatic.com
                                tls, http2
                                msedge.exe
                                989 B
                                5.3kB
                                9
                                8
                              • 142.250.187.238:443
                                https://encrypted-vtbn0.gstatic.com/video?q=tbn:ANd9GcTwlLkljYZI0Zmu_9vVInCeMOMyvSqhtgsIBQ
                                tls, http2
                                msedge.exe
                                3.3kB
                                69.7kB
                                39
                                63

                                HTTP Request

                                GET https://encrypted-tbn2.gstatic.com/faviconV2?url=https://www.youtube.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL

                                HTTP Request

                                GET https://encrypted-tbn2.gstatic.com/faviconV2?url=https://play.google.com&client=IMAGE_SEARCH&size=24&type=FAVICON&fallback_opts=TYPE,SIZE,URL

                                HTTP Request

                                GET https://encrypted-vtbn0.gstatic.com/video?q=tbn:ANd9GcTwlLkljYZI0Zmu_9vVInCeMOMyvSqhtgsIBQ
                              • 52.111.243.29:443
                                184 B
                                4
                              • 8.8.8.8:53
                                google.com
                                dns
                                msedge.exe
                                609 B
                                1.4kB
                                9
                                9

                                DNS Request

                                google.com

                                DNS Response

                                142.250.200.14

                                DNS Request

                                ctldl.windowsupdate.com

                                DNS Response

                                2.17.197.249
                                2.17.197.240

                                DNS Request

                                47.242.123.52.in-addr.arpa

                                DNS Request

                                apis.google.com

                                DNS Response

                                216.58.201.110

                                DNS Request

                                110.201.58.216.in-addr.arpa

                                DNS Request

                                encrypted-tbn0.gstatic.com

                                DNS Response

                                142.250.200.14

                                DNS Request

                                www.youtube.com

                                DNS Response

                                172.217.169.78
                                172.217.169.46
                                142.250.179.238
                                142.250.180.14
                                142.250.187.206
                                142.250.187.238
                                142.250.178.14
                                172.217.16.238
                                142.250.200.14
                                142.250.200.46
                                216.58.201.110
                                216.58.204.78
                                216.58.213.14
                                172.217.169.14
                                216.58.212.206

                                DNS Request

                                226.16.217.172.in-addr.arpa

                                DNS Request

                                encrypted-tbn2.gstatic.com

                                DNS Response

                                142.250.187.238

                              • 142.250.178.4:443
                                www.google.com
                                https
                                msedge.exe
                                117.2kB
                                1.7MB
                                616
                                1708
                              • 8.8.8.8:53
                                4.178.250.142.in-addr.arpa
                                dns
                                495 B
                                750 B
                                7
                                7

                                DNS Request

                                4.178.250.142.in-addr.arpa

                                DNS Request

                                ssl.gstatic.com

                                DNS Response

                                142.250.179.227

                                DNS Request

                                227.179.250.142.in-addr.arpa

                                DNS Request

                                195.168.217.172.in-addr.arpa

                                DNS Request

                                static.doubleclick.net

                                DNS Response

                                142.250.179.230

                                DNS Request

                                33.200.250.142.in-addr.arpa

                                DNS Request

                                240.221.184.93.in-addr.arpa

                              • 8.8.8.8:53
                                249.197.17.2.in-addr.arpa
                                dns
                                481 B
                                1.0kB
                                7
                                7

                                DNS Request

                                249.197.17.2.in-addr.arpa

                                DNS Request

                                fonts.gstatic.com

                                DNS Response

                                172.217.169.3

                                DNS Request

                                3.169.217.172.in-addr.arpa

                                DNS Request

                                i.ytimg.com

                                DNS Response

                                142.250.200.22
                                142.250.200.54
                                216.58.201.118
                                216.58.204.86
                                216.58.213.22
                                172.217.169.22
                                216.58.212.214
                                172.217.169.86
                                142.250.179.246
                                142.250.180.22
                                142.250.187.214
                                142.250.187.246
                                142.250.178.22
                                172.217.16.246

                                DNS Request

                                98.201.58.216.in-addr.arpa

                                DNS Request

                                234.16.217.172.in-addr.arpa

                                DNS Request

                                encrypted-vtbn0.gstatic.com

                                DNS Response

                                142.250.187.238

                              • 8.8.8.8:53
                                play.google.com
                                dns
                                msedge.exe
                                347 B
                                643 B
                                5
                                5

                                DNS Request

                                play.google.com

                                DNS Response

                                142.250.187.206

                                DNS Request

                                22.200.250.142.in-addr.arpa

                                DNS Request

                                googleads.g.doubleclick.net

                                DNS Response

                                172.217.16.226

                                DNS Request

                                tpc.googlesyndication.com

                                DNS Response

                                142.250.200.33

                                DNS Request

                                ctldl.windowsupdate.com

                                DNS Response

                                93.184.221.240

                              • 142.250.187.206:443
                                play.google.com
                                https
                                msedge.exe
                                32.1kB
                                1.1MB
                                166
                                874
                              • 224.0.0.251:5353
                                515 B
                                8
                              • 142.250.200.14:443
                                encrypted-tbn1.gstatic.com
                                https
                                msedge.exe
                                11.8kB
                                80.8kB
                                95
                                120
                              • 142.250.200.22:443
                                i.ytimg.com
                                https
                                msedge.exe
                                5.0kB
                                27.4kB
                                24
                                35
                              • 172.217.16.226:443
                                googleads.g.doubleclick.net
                                https
                                msedge.exe
                                3.7kB
                                6.8kB
                                10
                                12
                              • 172.217.16.234:443
                                jnn-pa.googleapis.com
                                https
                                msedge.exe
                                6.1kB
                                50.3kB
                                30
                                46
                              • 142.250.187.206:443
                                play.google.com
                                https
                                msedge.exe
                                4.2kB
                                9.2kB
                                16
                                15
                              • 142.250.187.238:443
                                encrypted-vtbn0.gstatic.com
                                https
                                msedge.exe
                                4.9kB
                                64.4kB
                                30
                                51

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                54caf18c2cda579e0dad6a9fc5179562

                                SHA1

                                357d25de14903392900d034e37f5918b522e17c9

                                SHA256

                                28d77529de92eb605d8afee0e133a7d08e13d4386e5e38d63e2da34623eaad6b

                                SHA512

                                88da5a33df9d82408afb8344ec7dbaf7686435fdb55eccfb85d5560f39861e84cef5d71949d5efe7a191778e6be755a8448f3fc3d7043007037f9f5227e10210

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                696ffba7b83ecf008523e96918f200d9

                                SHA1

                                970d90e22c8b3674fc33cdd1913c51ef28514255

                                SHA256

                                dc6dacd725d7385b2e4db1f488d93f2840d2289efdaaf3737849304d1ab9ba34

                                SHA512

                                f8528683b70b58376f3eba3338fa6b462c9e9248c72524573005cff6397a0556bdcc2fdc2ebb020ba8218bc8174ba552002f223a245dfe3d3688826d24d63237

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                1KB

                                MD5

                                f9720cc5d26c5995d2afe624a7747816

                                SHA1

                                d0ac3f604c3889006b0bb118f3d5135ab5c6dd34

                                SHA256

                                ff1df3fca04175d001f49d5a56698d3dda83e426803c412cc294395bae6b57bf

                                SHA512

                                2d6616c9da6f1a74ebf4d7ea9889bb1e92630137320d57d92fef6a217a5d0af99e6426bf976d7da853dc328574c552a534ceb864d1eb962db22d8cbf1277f0b5

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                3KB

                                MD5

                                444d98e318aace13f153c18b48dca222

                                SHA1

                                2109915eccef37862da6de5aed3ce4a313dddcc0

                                SHA256

                                bf8f639c17d6615c3f2832f336d9af6f8c57e7032bd999047569c732a4930065

                                SHA512

                                99ce5c62c269990230915316937876ae6df972854a4606e35908dff37377bca8b16c9c6f8a5abba601aaa4e3c5558a2e3d04645cef519d6fca78a7c13f0ce462

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                93a6b49a487aa331e57f13622aebc0e7

                                SHA1

                                338cb450867b5cea7db69e843f8914e027c71de3

                                SHA256

                                7b56df4cb8bbe915911dc74222833ee37e56c9f1247a2aa7ff7a72ca6450bf30

                                SHA512

                                2a029eacbec0ce756641487b43622a514d5121df5c9aefe11ca69f5c2a07eea4ac9d49067c3c2caf0587de3daa0a590567cacd7d0ee6ab8af953d032fc513bf9

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                a95a80cdad497df72878eaf278febcb4

                                SHA1

                                d92f4a609bc6c65839932db7365ab2b5deee6273

                                SHA256

                                6ac9aafd77e120912ff566c67a6ba805dab3ec0d9add4b08ef78639f70905ba3

                                SHA512

                                e5962de7a426e043f8fba7b6e83add47f254645d316015ff3c03c0891333add736cd2fc88e9c9201ee1cb17b5a15d0f6001cf1c0eb11d802346b90e9ae65ea5e

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                4ae6a47025773752ef14266d8e035698

                                SHA1

                                76ce606376fed25ac9416f1cec5a33841c3dfcba

                                SHA256

                                d900fe9599ce156f55e0233ad6ec458f07261ae62f9d264c8702d4d2c9ea5fe8

                                SHA512

                                9e5e06543db661a52084b2742bb0941c927894386a31b28de0fc93fa2774e99a5ee8ba442cc23be5da4299bf4e4fe6ed221c70f3bf51f84b254b5f2eedca3069

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                Filesize

                                90B

                                MD5

                                d6e4d14472e0d64e95e9c6e16d3330f7

                                SHA1

                                6b4b79cb7fd1a405631d4af6dfd80263b3fc25ba

                                SHA256

                                4d2658c08a4445c985add9d1d8569e3aa26cef3d364589db1b6ba31aed69aee7

                                SHA512

                                3b7d2cae90058eca2f93abcf695db27a158e8cb5a526925d779813dafc35128d04cf32a2dcb667f20dc70d469a05c476cacacdbd60a5ea1c94fdfda3433ca9a0

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                Filesize

                                26B

                                MD5

                                2892eee3e20e19a9ba77be6913508a54

                                SHA1

                                7c4ef82faa28393c739c517d706ac6919a8ffc49

                                SHA256

                                4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

                                SHA512

                                b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                540B

                                MD5

                                77a11e5feaffed5057a6d0243e58c13e

                                SHA1

                                b06e756ccd2638b6b7ccfe85a1d62280fdf3c78c

                                SHA256

                                59347dab7963e418171e214b869c8394ed88eaabe3284627cc68d7cf32c3d3dd

                                SHA512

                                3aa1b8d234a9631ea0348addceb0d3cdae453ec92e0b9470d997ba76fae0ef428b070d9237b89316d603c6d13a809c07339a658eb2ae9d57f5bdc3ae1a65c258

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                540B

                                MD5

                                b45e1408e11233a29e68a60a5408cbbe

                                SHA1

                                2e77ad136d1bf25432646788b5f4b3818dc7574d

                                SHA256

                                bd0e91284414deacf8a2ad26151dc92f22937f884e580571a07d1a8e6ab315e4

                                SHA512

                                3c25f0f8fd11335d4549ef3d4866c0beabfb6a4eaae01dea04f1d6a3032a65e0985055e1318d9c6043efaa126804febcc3598f3350b5c0b0287788ddc20a59d2

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c8ce.TMP

                                Filesize

                                372B

                                MD5

                                9c4af196be78116d1516b4e621611186

                                SHA1

                                9c54f7bbbb8e19f7247db87e46b6447bd8d42557

                                SHA256

                                3261e84a623efe3a56f4e4fb9ad2776fe5fd2278c80d096fc0961db68638b2f2

                                SHA512

                                93bb760220ff3b9cc9ed124758529525861e98c0af8a5d5c0527b17b02efdc6a33623aa2449327f16ecd6bdfdb346d4162aa48a7dc0484259dd465ca9e16f9cd

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                11KB

                                MD5

                                c56fd26d31cafcb0210898ff88cddb69

                                SHA1

                                4df1d18ab2f95282d65620a6a7b8c92905848d67

                                SHA256

                                17f9982f1bec8b3d18dd11ece43aa44352bd711d1749d4b58629daed955c208f

                                SHA512

                                64a00fa3c0b0cf2604db5117a9f35c8d8706a7b5c39902b30842e23147a5b327a73654d2f3a2e91568f00d219796a21c72f335c2fa08f105bd0bae5a424c9903

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.