7da1e8ea2f335a43418de93b6f37e2320cb15370feb3dc9949e6ab156791739e

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 11:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0797ce5cb8a358b463470b15b10f6db8_JaffaCakes118.html
Size

175KB
MD5

0797ce5cb8a358b463470b15b10f6db8
SHA1

5868469c2bb2963bbf2d5993f65bae3776533767
SHA256

7da1e8ea2f335a43418de93b6f37e2320cb15370feb3dc9949e6ab156791739e
SHA512

ba76e16cb34b3467368ccddfdbd78572b046e559d995656c367cf17fd190a4b8989af2c02f91833a512cb1200c5c4330bb5abc1a8a5e041917508182a09c3d0d
SSDEEP

1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3uGNkFMYfBCJiZC+aeTH+WK/Lf1/hpnVSV:S9CT3u/FpBCJixB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
2252	msedge.exe
2252	msedge.exe
2552	identity_helper.exe
2552	identity_helper.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 1448	2252	msedge.exe	82
PID 2252 wrote to memory of 1448	2252	msedge.exe	82
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4364	2252	msedge.exe	84
PID 2252 wrote to memory of 4164	2252	msedge.exe	85
PID 2252 wrote to memory of 4164	2252	msedge.exe	85
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86
PID 2252 wrote to memory of 4880	2252	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0797ce5cb8a358b463470b15b10f6db8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdba7a46f8,0x7ffdba7a4708,0x7ffdba7a4718
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17431909685922875040,8686732733941365796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

Network

DNS

www.konthaiusa.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.konthaiusa.com

IN A

Response
GET

http://fonts.googleapis.com/css?family=Arial

msedge.exe

Remote address:

172.217.16.234:80

Request

GET /css?family=Arial HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Apr 2024 11:46:34 GMT
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

14.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.160.190.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f10�I
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
GET

http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:80

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Apr 2024 11:46:35 GMT
Location: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:80

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Apr 2024 11:46:35 GMT
Location: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

msedge.exe

Remote address:

157.240.221.35:80

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 29 Apr 2024 11:46:35 GMT
Connection: keep-alive
Content-Length: 0
GET

https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/652ba3a2/www-player.css

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/player/652ba3a2/www-player.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/652ba3a2/player_ias.vflset/en_US/embed.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/player/652ba3a2/player_ias.vflset/en_US/embed.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/652ba3a2/www-embed-player.vflset/www-embed-player.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/player/652ba3a2/www-embed-player.vflset/www-embed-player.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/652ba3a2/player_ias.vflset/en_US/base.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/player/652ba3a2/player_ias.vflset/en_US/base.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:80

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Apr 2024 11:46:35 GMT
Location: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:80

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Apr 2024 11:46:35 GMT
Location: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

msedge.exe

Remote address:

142.250.200.14:80

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Apr 2024 11:46:35 GMT
Location: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

142.250.180.14:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Mon, 29 Apr 2024 11:18:01 GMT
Expires: Mon, 29 Apr 2024 13:18:01 GMT
Cache-Control: public, max-age=7200
Age: 1714
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

i.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22
GET

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

msedge.exe

Remote address:

172.217.169.54:443

Request

GET /vi/gS2GhpTPLvQ/sddefault.jpg HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

msedge.exe

Remote address:

172.217.169.54:443

Request

GET /vi/ygK7kej0BPA/sddefault.jpg HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

static.xx.fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

14.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.180.250.142.in-addr.arpa

IN PTR

Response

14.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f141e100net
DNS

54.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.169.217.172.in-addr.arpa

IN PTR

Response

54.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f221e100net
DNS

227.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.212.58.216.in-addr.arpa

IN PTR

Response

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2271e100net

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f3�J

227.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f3�J
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.169.66
GET

https://googleads.g.doubleclick.net/pagead/id

msedge.exe

Remote address:

172.217.169.66:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

scontent.xx.fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN A

Response

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

static.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.180.6
GET

https://static.doubleclick.net/instream/ad_status.js

msedge.exe

Remote address:

142.250.180.6:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

142.250.187.202:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/js/th/YAFhOK119coHyqOZ5ffOElkI3qfbcVWRDTaZetnaUos.js

msedge.exe

Remote address:

142.250.178.4:443

Request

GET /js/th/YAFhOK119coHyqOZ5ffOElkI3qfbcVWRDTaZetnaUos.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

yt3.ggpht.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
GET

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

msedge.exe

Remote address:

142.250.178.1:443

Request

GET /ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

21.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.151.70.163.in-addr.arpa

IN PTR

Response

21.151.70.163.in-addr.arpa

IN PTR

xx-fbcdn-shv-02-lhr6fbcdnnet
DNS

66.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.169.217.172.in-addr.arpa

IN PTR

Response

66.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f21e100net
DNS

6.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.180.250.142.in-addr.arpa

IN PTR

Response

6.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f61e100net
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

4.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.178.250.142.in-addr.arpa

IN PTR

Response

4.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f41e100net
DNS

1.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.178.250.142.in-addr.arpa

IN PTR

Response

1.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f11e100net
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.206
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.187.206:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85m5guPadlrGvsno0oD1SbTVUCUzYnMlgiAevjGTXmzewt5NrQvjI-95Qcn8k1DGZgS3QAwxlIMMuhKupnyt1QQbfPUPrGOVDbDGBw5TSCN1DiXJ68JHpOuv9ofjG-tLkrcOIQCqYt3Rq4dloDVH1YSRpRUqi-vmsgB-UBUThAsMMpyWc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3De6d4a5c512f111927487c3eebad0810b&TIME=20240426T131233Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85m5guPadlrGvsno0oD1SbTVUCUzYnMlgiAevjGTXmzewt5NrQvjI-95Qcn8k1DGZgS3QAwxlIMMuhKupnyt1QQbfPUPrGOVDbDGBw5TSCN1DiXJ68JHpOuv9ofjG-tLkrcOIQCqYt3Rq4dloDVH1YSRpRUqi-vmsgB-UBUThAsMMpyWc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3De6d4a5c512f111927487c3eebad0810b&TIME=20240426T131233Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2B51955CE01A61953C29812CE1FA60C7; domain=.bing.com; expires=Sat, 24-May-2025 11:46:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F6E1BFCC7C70437FB2D4AB60A0B7500C Ref B: LON04EDGE1016 Ref C: 2024-04-29T11:46:38Z
date: Mon, 29 Apr 2024 11:46:37 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85m5guPadlrGvsno0oD1SbTVUCUzYnMlgiAevjGTXmzewt5NrQvjI-95Qcn8k1DGZgS3QAwxlIMMuhKupnyt1QQbfPUPrGOVDbDGBw5TSCN1DiXJ68JHpOuv9ofjG-tLkrcOIQCqYt3Rq4dloDVH1YSRpRUqi-vmsgB-UBUThAsMMpyWc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3De6d4a5c512f111927487c3eebad0810b&TIME=20240426T131233Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85m5guPadlrGvsno0oD1SbTVUCUzYnMlgiAevjGTXmzewt5NrQvjI-95Qcn8k1DGZgS3QAwxlIMMuhKupnyt1QQbfPUPrGOVDbDGBw5TSCN1DiXJ68JHpOuv9ofjG-tLkrcOIQCqYt3Rq4dloDVH1YSRpRUqi-vmsgB-UBUThAsMMpyWc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3De6d4a5c512f111927487c3eebad0810b&TIME=20240426T131233Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2B51955CE01A61953C29812CE1FA60C7; _EDGE_S=SID=39717CCBFA516DA135B768BBFB3D6CAF

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=3hEqOI5vD_O2MEVhG2UMNmLotKOVsA2mpD6w5ta2bT0; domain=.bing.com; expires=Sat, 24-May-2025 11:46:38 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8831C04A99E747A2943CA71FBC6E45FF Ref B: LON04EDGE1016 Ref C: 2024-04-29T11:46:38Z
date: Mon, 29 Apr 2024 11:46:37 GMT
GET

https://www.bing.com/aes/c.gif?RG=20ac10d6d3f8437ea4ece5f5d7f132ad&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131233Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=20ac10d6d3f8437ea4ece5f5d7f132ad&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131233Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2B51955CE01A61953C29812CE1FA60C7

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4A71D74E245240958B18F2DDBAA828AA Ref B: BRU30EDGE0520 Ref C: 2024-04-29T11:46:38Z
content-length: 0
date: Mon, 29 Apr 2024 11:46:38 GMT
set-cookie: _EDGE_S=SID=39717CCBFA516DA135B768BBFB3D6CAF; path=/; httponly; domain=bing.com
set-cookie: MUIDB=2B51955CE01A61953C29812CE1FA60C7; path=/; httponly; expires=Sat, 24-May-2025 11:46:38 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1714391198.2bc4af
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.194:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=2B51955CE01A61953C29812CE1FA60C7; _EDGE_S=SID=39717CCBFA516DA135B768BBFB3D6CAF; MSPTC=3hEqOI5vD_O2MEVhG2UMNmLotKOVsA2mpD6w5ta2bT0; MUIDB=2B51955CE01A61953C29812CE1FA60C7
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Mon, 29 Apr 2024 11:46:40 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1714391200.2bcb33
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.187.226
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.201.98
DNS

226.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.187.250.142.in-addr.arpa

IN PTR

Response

226.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f21e100net
DNS

226.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.187.250.142.in-addr.arpa

IN PTR

Response

226.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f21e100net

172.217.16.234:80

http://fonts.googleapis.com/css?family=Arial

http

msedge.exe

608 B
1.5kB
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Arial

HTTP Response

400
142.250.200.14:80

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

http

msedge.exe

1.3kB
1.2kB
8
8

HTTP Request

GET http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

301

HTTP Request

GET http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

301
157.240.221.35:80

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

http

msedge.exe

967 B
685 B
7
6

HTTP Request

GET http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

301
142.250.200.14:443

https://www.youtube.com/s/player/652ba3a2/player_ias.vflset/en_US/base.js

tls, http2

msedge.exe

28.4kB
1.2MB
575
897

HTTP Request

GET https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Request

GET https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Request

GET https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Request

GET https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Request

GET https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Request

GET https://www.youtube.com/s/player/652ba3a2/www-player.css

HTTP Request

GET https://www.youtube.com/s/player/652ba3a2/player_ias.vflset/en_US/embed.js

HTTP Request

GET https://www.youtube.com/s/player/652ba3a2/www-embed-player.vflset/www-embed-player.js

HTTP Request

GET https://www.youtube.com/s/player/652ba3a2/player_ias.vflset/en_US/base.js
142.250.200.14:80

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

http

msedge.exe

799 B
695 B
7
6

HTTP Request

GET http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

301
142.250.200.14:80

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

http

msedge.exe

799 B
695 B
7
6

HTTP Request

GET http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

301
142.250.200.14:80

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

http

msedge.exe

799 B
695 B
7
6

HTTP Request

GET http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

301
157.240.221.35:443

www.facebook.com

tls

msedge.exe

2.1kB
18.3kB
18
24
142.250.200.14:443

www.youtube.com

tls

msedge.exe

1.0kB
7.4kB
11
9
142.250.180.14:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.4kB
13
18

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
172.217.169.54:443

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

tls, http2

msedge.exe

3.8kB
82.3kB
56
68

HTTP Request

GET https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

HTTP Request

GET https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

943 B
2.8kB
8
6
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

6.6kB
190.8kB
99
163
172.217.169.66:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

msedge.exe

1.8kB
7.0kB
15
17

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
142.250.180.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

msedge.exe

1.8kB
6.9kB
15
15

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
142.250.187.202:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

msedge.exe

2.1kB
7.3kB
18
20

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.187.202:443

jnn-pa.googleapis.com

tls, http2

msedge.exe

999 B
6.2kB
9
8
142.250.178.4:443

https://www.google.com/js/th/YAFhOK119coHyqOZ5ffOElkI3qfbcVWRDTaZetnaUos.js

tls, http2

msedge.exe

2.5kB
27.8kB
29
30

HTTP Request

GET https://www.google.com/js/th/YAFhOK119coHyqOZ5ffOElkI3qfbcVWRDTaZetnaUos.js
142.250.187.202:443

jnn-pa.googleapis.com

msedge.exe

98 B
52 B
2
1
142.250.178.1:443

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

tls, http2

msedge.exe

2.0kB
12.6kB
17
19

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj
142.250.187.206:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
142.250.187.206:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
142.250.187.206:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

2.3kB
8.9kB
20
21

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.187.206:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85m5guPadlrGvsno0oD1SbTVUCUzYnMlgiAevjGTXmzewt5NrQvjI-95Qcn8k1DGZgS3QAwxlIMMuhKupnyt1QQbfPUPrGOVDbDGBw5TSCN1DiXJ68JHpOuv9ofjG-tLkrcOIQCqYt3Rq4dloDVH1YSRpRUqi-vmsgB-UBUThAsMMpyWc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3De6d4a5c512f111927487c3eebad0810b&TIME=20240426T131233Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

tls, http2

2.5kB
9.0kB
20
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85m5guPadlrGvsno0oD1SbTVUCUzYnMlgiAevjGTXmzewt5NrQvjI-95Qcn8k1DGZgS3QAwxlIMMuhKupnyt1QQbfPUPrGOVDbDGBw5TSCN1DiXJ68JHpOuv9ofjG-tLkrcOIQCqYt3Rq4dloDVH1YSRpRUqi-vmsgB-UBUThAsMMpyWc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3De6d4a5c512f111927487c3eebad0810b&TIME=20240426T131233Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85m5guPadlrGvsno0oD1SbTVUCUzYnMlgiAevjGTXmzewt5NrQvjI-95Qcn8k1DGZgS3QAwxlIMMuhKupnyt1QQbfPUPrGOVDbDGBw5TSCN1DiXJ68JHpOuv9ofjG-tLkrcOIQCqYt3Rq4dloDVH1YSRpRUqi-vmsgB-UBUThAsMMpyWc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3De6d4a5c512f111927487c3eebad0810b&TIME=20240426T131233Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

HTTP Response

204
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=20ac10d6d3f8437ea4ece5f5d7f132ad&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131233Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189

tls, http2

1.4kB
5.4kB
16
12

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=20ac10d6d3f8437ea4ece5f5d7f132ad&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131233Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189

HTTP Response

200
23.62.61.194:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.6kB
6.4kB
17
13

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
52.111.227.11:443

322 B
7

8.8.8.8:53

www.konthaiusa.com

dns

msedge.exe

64 B
137 B
1
1

DNS Request

www.konthaiusa.com
8.8.8.8:53

14.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.160.190.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

www.youtube.com

dns

msedge.exe

61 B
287 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.212.206

172.217.169.78

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
142.250.200.14:443

www.youtube.com

https

msedge.exe

53.5kB
46.8kB
76
84
8.8.8.8:53

i.ytimg.com

dns

msedge.exe

57 B
249 B
1
1

DNS Request

i.ytimg.com

DNS Response

172.217.169.54

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246

142.250.200.22

142.250.200.54

216.58.201.118

216.58.204.86

216.58.213.22
8.8.8.8:53

static.xx.fbcdn.net

dns

msedge.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

14.180.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.180.250.142.in-addr.arpa
8.8.8.8:53

54.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

54.169.217.172.in-addr.arpa
8.8.8.8:53

227.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

227.212.58.216.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.169.66
8.8.8.8:53

scontent.xx.fbcdn.net

dns

msedge.exe

67 B
83 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

static.doubleclick.net

dns

msedge.exe

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

142.250.180.6
172.217.169.66:443

googleads.g.doubleclick.net

https

msedge.exe

5.1kB
10.1kB
28
37
8.8.8.8:53

jnn-pa.googleapis.com

dns

msedge.exe

67 B
291 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.234

172.217.169.42

142.250.179.234

142.250.180.10
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

yt3.ggpht.com

dns

msedge.exe

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.178.1
142.250.187.202:443

jnn-pa.googleapis.com

https

msedge.exe

14.3kB
227.9kB
87
196
8.8.8.8:53

21.151.70.163.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

21.151.70.163.in-addr.arpa
8.8.8.8:53

66.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

66.169.217.172.in-addr.arpa
8.8.8.8:53

6.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

6.180.250.142.in-addr.arpa
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

4.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.178.250.142.in-addr.arpa
8.8.8.8:53

1.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.178.250.142.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.187.206
142.250.187.206:443

play.google.com

https

msedge.exe

19.1kB
18.1kB
46
58
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.187.250.142.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
224.0.0.251:5353

519 B
8
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

148 B
256 B
2
2

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

43.229.111.52.in-addr.arpa

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

146 B
178 B
2
2

DNS Request

googleads.g.doubleclick.net

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.187.226

DNS Response

216.58.201.98
142.250.187.226:443

googleads.g.doubleclick.net

https

msedge.exe

3.9kB
6.4kB
30
36
8.8.8.8:53

226.187.250.142.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

226.187.250.142.in-addr.arpa

DNS Request

226.187.250.142.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
17KB

MD5
aaa46a808d6f22dcd1424b64d8a9d811

SHA1
8fc0a6876897a96a58aabdf413de84d163a79049

SHA256
4aceaabe03f61949a6840f7255cedba05572fc58b6d54d06b438ff1126ab7796

SHA512
f67e3638a68860923f47b1d83a5b978217ef942ab6f94ef04cc4fb891e2ad7cbd51c0292ce15a952b9378608a19e7072a67c1c8eb14e7de6f987850bfc425af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
95KB

MD5
f7eaabc62f76e352325094b1dbee1026

SHA1
e105dacc3761d76dc69e6c89e2fc2ffe1a22bf0e

SHA256
ca82161ffacf45c52bf82d20af9b05ffb115c1fa1eb3836924db9c4e7890504c

SHA512
0923d252ba9ed3394c1d68b183594277dbf5d08f1f7cc5a5d039c70374de3fe9efadb1995195a1b080791a01ea7da222dafe2cdbed0bb5f6cb7256a8e8b036d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
4c6ed3b2cd922f4f69558515731a2be7

SHA1
5c14384b2ef687c15358d2f485d048085455f80d

SHA256
9dd287bcaa56b138892f332bc61c9ec72702f95554e514dfbe11ee149c5e2ca5

SHA512
4de3f4fb77b38cffabf08a55f9858a350d9df8e8a064bedbf6200ab6aa8b1d064b4db7c73f92155262c2f3de3c4ea2013e71a600102007f573f3a33425fcee80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6cbd0bec4b7679a5dd6a468f5ed7a88c

SHA1
3324412ff7a06739e40ddb5307d85b8d4dc89248

SHA256
30cb98eac7a8dea0cf652082541c456db735ea3820bd306cd2e4286984e332af

SHA512
021202ce6b139e580dc3e2e6eb7260e7bb01fc56b3ace823e8f84bade01a7d0e6505971be504f26f2aba00648e591d21cff4fb0ae4d7606abe3026dc242c2493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0b5a1d414fa1f6f2dbc08d8c84f8c1e7

SHA1
e736f810e46426533906ee5f548f63c1f7971216

SHA256
5b0a0691aa67e69d63db0a2aa534fd3c0ab0734b0008f1f02b90e3e6e71e6f65

SHA512
6c9fcbbed56765cc65ff8a4541df1019ea3d9279d2de78fc465a39ade9bfd01a30de06dde1c3297ca7be0b72aedcacac81f83cd95dfcd257424254cfeeec8b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
289bb4fad027115ea0d2c5c221b8ff73

SHA1
8eff91bfd1fa67edf5c7a2ba80de7e39860b7b32

SHA256
8ef7b082db95535eb2f56207e1ef53b3d58c6d7580acda75b7b9db1184ffa593

SHA512
4213ca45dab7cf8f3a89af2cf96dbe52d24cfee61de84ee2e8c22414ab58f03bb837a34a2b39e4405a87f31feaf15a74e1689610c4293cc955bef459746fe20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f9a43d09b7ea01dbaaee2b256bcb49e

SHA1
36a3b81d0a3b50db7899692786d2468edbcfd05e

SHA256
47dce40b9a12c47eadfc72d43029e8d3310ead7e34a60cb788c1de109070e9b6

SHA512
b2ab7c010e94f4d5fcf77caee411ac274bd3f434a14a67aa4751fcd5c6af5d89a72385fdd2f0288cfd254ddc6492b60ae0721807e574a083f524476ebfbb9b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d67227181911800df78725e2070f75c3

SHA1
f005c462e197bc02350107f0deb12fa6f6e67ca2

SHA256
eb61e65895189dd6c45f8d8316477c7976cb005517fe865f02eff9958a933e23

SHA512
1e60f01d91621f1e1ece83fe2ad008e3a603733da887d7c9c0816bc59e78aabceaecf694b736d457b32e9f58a9e304b216f431135e58a85d0e69f760fae6f2f7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response