d94f8e8a4d21a30973276093ae57ed76f5acb130823f774d058f1bdb00fae687

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 00:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac32ea9ca3c13214cd56c53b6a0ac220_JaffaCakes118.html
Size

35KB
MD5

ac32ea9ca3c13214cd56c53b6a0ac220
SHA1

981d700cdc5bf1564347f35133e5c37df94c0798
SHA256

d94f8e8a4d21a30973276093ae57ed76f5acb130823f774d058f1bdb00fae687
SHA512

08dc9cafc3001a679ebf25edeb2932534a835de4a19b4b76697806409ea6c9af4ac92b7e0f7254c74cdec04776fa9b97ee44103bec7fc0f525724eb6250e125e
SSDEEP

768:K3nwzXyEuPvVp3igx/qWeYcB7umh2M9vgFXdAy3ZO1NlCNFpzL:+nwzXyEuPvVp3igx/qWeYcB7umQM9vgt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10457"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000002a077d4ae1dc8037f8e6b0695b51ace37ea0f7263c34a02d4b3d726f627750ec000000000e8000000002000020000000919fe9d45cd510adff62135c1f3d730a7d97b07e9f13aa51e23572c4013fa1a990000000e3c45624020e2a23bd1d83266fdc16634cd1bd473f42ca590c78d2c1b91e3e2d7d7d8ea46e7ea53311c4d65c08ee0bbecb1e3462b5859a68999e4f2adfea0aaaa2f3901e981d189da9983d5718483b71dd44c357a7160c0c92f8867792e542cc957e097e1f1bed761fb4efcbc4711cb88f49b07502e0d0526cb098fc77824ae6a756fb9db1c2b059b0380a8c0127e22c40000000750d6ababfd21fdd61236cee2d847ee946ff668dcee6954c46eb6418e677932d96005a7bd713c0f0981b346fcd29409a59181ce0a9ec0c64e89d899a8482d597	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CBBBE11-2AAD-11EF-8721-FEBBC6272832} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10457"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000cebadf3689464cf1b47cf3b228f9f10459aea7a8c7b034b326fcaa1f9797c672000000000e800000000200002000000053d201dedf03cd0cda34eae0c85d6fd869ea11f552faf00b7543c404799668a8200000005b5f4a0275802d69fec036d102ed7674a6f5fd3be8ded635903ef5bd46ce66e240000000401b6752862f9fd3130df0d2aaa2302e3b4ebb2476cedc1401884a981e57a0cd70e8723483c8befbe7423315ac6484fe46b67b4a075b9b5bb8707ffb3551a4d1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0afafe3b9beda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10457"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424572687"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1752	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1752	iexplore.exe
1752	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1740	1752	iexplore.exe	28
PID 1752 wrote to memory of 1740	1752	iexplore.exe	28
PID 1752 wrote to memory of 1740	1752	iexplore.exe	28
PID 1752 wrote to memory of 1740	1752	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ac32ea9ca3c13214cd56c53b6a0ac220_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1740

Network

DNS

netdna.bootstrapcdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

netdna.bootstrapcdn.com

IN A

Response

netdna.bootstrapcdn.com

IN A

104.18.10.207

netdna.bootstrapcdn.com

IN A

104.18.11.207
DNS

code.jquery.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.194.137

code.jquery.com

IN A

151.101.2.137

code.jquery.com

IN A

151.101.130.137

code.jquery.com

IN A

151.101.66.137
DNS

coinhive.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

coinhive.com

IN A

Response

coinhive.com

IN A

172.67.165.117

coinhive.com

IN A

104.21.57.186
GET

http://netdna.bootstrapcdn.com/font-awesome/3.1.1/css/font-awesome.css

IEXPLORE.EXE

Remote address:

104.18.10.207:80

Request

GET /font-awesome/3.1.1/css/font-awesome.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: netdna.bootstrapcdn.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 15 Jun 2024 00:20:22 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: FR
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31919000
Content-Encoding: gzip
ETag: W/"bbd098fc6d8263878a58191b4b45e7a6"
Last-Modified: Mon, 25 Jan 2021 22:04:50 GMT
CDN-CachedAt: 10/31/2023 20:35:35
CDN-ProxyVer: 1.04
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 947
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
CDN-Status: 200
CDN-RequestId: 86169579c8b79330329d3f4676b13baf
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 399007
Server: cloudflare
CF-RAY: 893e64d87f523db2-LHR
alt-svc: h3=":443"; ma=86400
GET

http://netdna.bootstrapcdn.com/font-awesome/3.1.1/font/fontawesome-webfont.eot?

IEXPLORE.EXE

Remote address:

104.18.10.207:80

Request

GET /font-awesome/3.1.1/font/fontawesome-webfont.eot? HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: netdna.bootstrapcdn.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 15 Jun 2024 00:20:22 GMT
Content-Type: application/vnd.ms-fontobject
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: FR
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31919000
ETag: W/"3a02d698864c3140f35ad0f7f2e208ba"
Last-Modified: Mon, 25 Jan 2021 22:04:50 GMT
CDN-CachedAt: 06/11/2024 07:55:41
CDN-ProxyVer: 1.04
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 1072
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
CDN-Status: 200
CDN-RequestId: 93ff006cd926018ec587d9b19d38c201
CDN-Cache: HIT
Content-Encoding: gzip
CF-Cache-Status: MISS
Server: cloudflare
CF-RAY: 893e64da78a23db2-LHR
alt-svc: h3=":443"; ma=86400
GET

http://code.jquery.com/jquery-latest.js

IEXPLORE.EXE

Remote address:

151.101.194.137:80

Request

GET /jquery-latest.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: code.jquery.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 83875
Server: nginx
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
ETag: W/"28feccc0-4508e"
Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 15 Jun 2024 00:20:22 GMT
Age: 23608615
X-Served-By: cache-lga21958-LGA, cache-lcy-eglc8600054-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 742, 14005
X-Timer: S1718410822.477909,VS0,VE0
Vary: Accept-Encoding
GET

https://coinhive.com/lib/coinhive.min.js

IEXPLORE.EXE

Remote address:

172.67.165.117:443

Request

GET /lib/coinhive.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: coinhive.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 15 Jun 2024 00:20:23 GMT
Content-Type: application/x-javascript
Content-Length: 1115
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ETag: "806233d282cfd71:0"
Last-Modified: Tue, 02 Nov 2021 00:44:41 GMT
Set-Cookie: ARRAffinity=467bfcea8c5a083dbbc88b4c64fe4e95280c84e9025fb0da4be6181f0f0f6d2f;Path=/;HttpOnly;Secure;Domain=coinhive.com
Set-Cookie: ARRAffinitySameSite=467bfcea8c5a083dbbc88b4c64fe4e95280c84e9025fb0da4be6181f0f0f6d2f;Path=/;HttpOnly;SameSite=None;Secure;Domain=coinhive.com
Vary: Accept-Encoding
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RgHoJXoDrRxQpCkpZJijenmsNlxMDDcLBIQSoNstT8RxLZHiQhJkmPfFClWIRYim7Rsrh68Pdhub5YYcLE%2FUjBdPlGtryqN2Tz5AWWBzY4KtgCzUdPCbTinsAAjtFwY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 893e64dae86c955f-LHR
alt-svc: h3=":443"; ma=86400
DNS

www.youtube.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.201.110
GET

https://www.youtube.com/embed/y0QgKMo-CaI

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /embed/y0QgKMo-CaI HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 15 Jun 2024 00:20:22 GMT
Strict-Transport-Security: max-age=31536000
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Resource-Policy: cross-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=AaINtFCgnLY; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=Q1zbtdnpdi0; Domain=.youtube.com; Expires=Thu, 12-Dec-2024 00:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgaA%3D%3D; Domain=.youtube.com; Expires=Thu, 12-Dec-2024 00:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/74204f6c/www-player.css

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /s/player/74204f6c/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=AaINtFCgnLY; VISITOR_INFO1_LIVE=Q1zbtdnpdi0; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgaA%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 59236
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 12 Jun 2024 07:32:52 GMT
Expires: Thu, 12 Jun 2025 07:32:52 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 233251
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/embed/bjBEHmWvQGI

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /embed/bjBEHmWvQGI HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 15 Jun 2024 00:20:22 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=dC2j-NI2dKw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=7-SQ_cztWIA; Domain=.youtube.com; Expires=Thu, 12-Dec-2024 00:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D; Domain=.youtube.com; Expires=Thu, 12-Dec-2024 00:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/74204f6c/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /s/player/74204f6c/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 116598
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 12 Jun 2024 07:32:53 GMT
Expires: Thu, 12 Jun 2025 07:32:53 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 233250
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /s/player/74204f6c/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 824822
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 12 Jun 2024 07:31:38 GMT
Expires: Thu, 12 Jun 2025 07:31:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 233325
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/remote.js

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /s/player/74204f6c/player_ias.vflset/en_US/remote.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 39279
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 12 Jun 2024 07:42:14 GMT
Expires: Thu, 12 Jun 2025 07:42:14 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 232690
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /s/player/74204f6c/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 22351
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 13 Jun 2024 11:33:52 GMT
Expires: Fri, 13 Jun 2025 11:33:52 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 132393
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=jxsx9KtMVwFRa8zx&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C121055%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C7648%2C1424%2C29152%2C2196%2C9996%2C1103%2C4081%2C181%2C2691%2C101%2C7395%2C1510%2C2540%2C1477%2C492%2C5084%2C39%2C55%2C2368%2C713%2C2585%2C2%2C1365%2C508%2C5058%2C1201%2C236%2C997%2C1376%2C2995%2C545%2C220%2C1803%2C112%2C1243%2C378%2C143%2C2765%2C2959%2C210&cl=642462524&seq=1&event=streamingstats&docid=bjBEHmWvQGI&qclc=ChBqeHN4OUt0TVZ3RlJhOHp4EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240611.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

POST /api/stats/qoe?cpn=jxsx9KtMVwFRa8zx&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C121055%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C7648%2C1424%2C29152%2C2196%2C9996%2C1103%2C4081%2C181%2C2691%2C101%2C7395%2C1510%2C2540%2C1477%2C492%2C5084%2C39%2C55%2C2368%2C713%2C2585%2C2%2C1365%2C508%2C5058%2C1201%2C236%2C997%2C1376%2C2995%2C545%2C220%2C1803%2C112%2C1243%2C378%2C143%2C2765%2C2959%2C210&cl=642462524&seq=1&event=streamingstats&docid=bjBEHmWvQGI&qclc=ChBqeHN4OUt0TVZ3RlJhOHp4EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240611.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: Cgs3LVNRX2N6dFdJQSjGvLOzBjIKCgJVUxIEGgAgbQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240611.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1718410823172&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=422%2C1305%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C420%2C315&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/bjBEHmWvQGI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Sat, 15 Jun 2024 00:20:25 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/generate_204?eZcM0w

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /generate_204?eZcM0w HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Sat, 15 Jun 2024 00:20:26 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1718410827308
Content-Type: application/json
X-Goog-Visitor-Id: Cgs3LVNRX2N6dFdJQSjGvLOzBjIKCgJVUxIEGgAgbQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240611.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1718410822547&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=422%2C1305%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C420%2C315&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/bjBEHmWvQGI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9815
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 15 Jun 2024 00:20:28 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1718410827886
Content-Type: application/json
X-Goog-Visitor-Id: CgtRMXpidGRucGRpMCjGvLOzBjIKCgJVUxIEGgAgaA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240611.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1718410822953&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=422%2C3188%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C420%2C315&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 10651
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 15 Jun 2024 00:20:28 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.16.226
DNS

static.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

216.58.213.6
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.16.226:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 15 Jun 2024 00:20:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.16.226:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 15 Jun 2024 00:20:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.16.226:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/bjBEHmWvQGI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 15 Jun 2024 00:20:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.16.226:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/bjBEHmWvQGI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 15 Jun 2024 00:20:24 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://static.doubleclick.net/instream/ad_status.js

IEXPLORE.EXE

Remote address:

216.58.213.6:443

Request

GET /instream/ad_status.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 29
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 15 Jun 2024 00:08:13 GMT
Expires: Sat, 15 Jun 2024 00:23:13 GMT
Cache-Control: public, max-age=900
Age: 731
Last-Modified: Thu, 12 Dec 2013 23:40:16 GMT
Content-Type: text/javascript
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

jnn-pa.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

216.58.201.106
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.200.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 15 Jun 2024 00:20:25 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.200.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1319
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 15 Jun 2024 00:20:26 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

i.ytimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.212.214
GET

https://www.google.com/js/th/lA2ntTx-2QuHkXZslM9sAF03Z9lhVUC55dA1orjIb5A.js

IEXPLORE.EXE

Remote address:

142.250.187.196:443

Request

GET /js/th/lA2ntTx-2QuHkXZslM9sAF03Z9lhVUC55dA1orjIb5A.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Length: 23894
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 08 Jun 2024 18:18:32 GMT
Expires: Sun, 08 Jun 2025 18:18:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 03 Jun 2024 09:30:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 540113
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/vi/y0QgKMo-CaI/sddefault.jpg

IEXPLORE.EXE

Remote address:

172.217.169.86:443

Request

GET /vi/y0QgKMo-CaI/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: image/jpeg
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 30359
Date: Sat, 15 Jun 2024 00:20:25 GMT
Expires: Sat, 15 Jun 2024 02:20:25 GMT
Cache-Control: public, max-age=7200
ETag: "0"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.200.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/bjBEHmWvQGI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 15 Jun 2024 00:20:26 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.200.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/bjBEHmWvQGI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1119
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 15 Jun 2024 00:20:26 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

yt3.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
GET

https://yt3.ggpht.com/ytc/AIdro_ns5Q2Ep-lrnaJqjESyrKczAe8jet_i9cv1dpWnHIuEzQ=s68-c-k-c0x00ffffff-no-rj

IEXPLORE.EXE

Remote address:

142.250.180.1:443

Request

GET /ytc/AIdro_ns5Q2Ep-lrnaJqjESyrKczAe8jet_i9cv1dpWnHIuEzQ=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yt3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v16"
Expires: Sun, 16 Jun 2024 00:20:26 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="unnamed.jpg"
X-Content-Type-Options: nosniff
Date: Sat, 15 Jun 2024 00:20:26 GMT
Server: fife
Content-Length: 1872
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

fe0.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

fe0.google.com

IN A

Response
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.16.226:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/bjBEHmWvQGI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 15 Jun 2024 00:22:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.16.226:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/bjBEHmWvQGI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 15 Jun 2024 00:22:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.16.226:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 15 Jun 2024 00:22:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.16.226:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/y0QgKMo-CaI
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 15 Jun 2024 00:22:26 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

104.18.10.207:80

http://netdna.bootstrapcdn.com/font-awesome/3.1.1/font/fontawesome-webfont.eot?

http

IEXPLORE.EXE

1.6kB
37.6kB
22
32

HTTP Request

GET http://netdna.bootstrapcdn.com/font-awesome/3.1.1/css/font-awesome.css

HTTP Response

200

HTTP Request

GET http://netdna.bootstrapcdn.com/font-awesome/3.1.1/font/fontawesome-webfont.eot?

HTTP Response

200
151.101.194.137:80

http://code.jquery.com/jquery-latest.js

http

IEXPLORE.EXE

2.0kB
87.2kB
38
67

HTTP Request

GET http://code.jquery.com/jquery-latest.js

HTTP Response

200
172.67.165.117:443

coinhive.com

tls

IEXPLORE.EXE

773 B
5.8kB
10
10
172.67.165.117:443

https://coinhive.com/lib/coinhive.min.js

tls, http

IEXPLORE.EXE

1.3kB
9.0kB
14
14

HTTP Request

GET https://coinhive.com/lib/coinhive.min.js

HTTP Response

200
151.101.194.137:80

code.jquery.com

IEXPLORE.EXE

242 B
184 B
5
4
104.18.10.207:80

netdna.bootstrapcdn.com

IEXPLORE.EXE

466 B
92 B
10
2
142.250.180.14:443

https://www.youtube.com/s/player/74204f6c/www-player.css

tls, http

IEXPLORE.EXE

3.4kB
116.0kB
51
93

HTTP Request

GET https://www.youtube.com/embed/y0QgKMo-CaI

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/74204f6c/www-player.css

HTTP Response

200
142.250.180.14:443

https://www.youtube.com/s/player/74204f6c/www-embed-player.vflset/www-embed-player.js

tls, http

IEXPLORE.EXE

4.5kB
175.2kB
74
135

HTTP Request

GET https://www.youtube.com/embed/bjBEHmWvQGI

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/74204f6c/www-embed-player.vflset/www-embed-player.js

HTTP Response

200
142.250.180.14:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

44.3kB
939.1kB
387
709

HTTP Request

GET https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/remote.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/embed.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=jxsx9KtMVwFRa8zx&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C121055%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C7648%2C1424%2C29152%2C2196%2C9996%2C1103%2C4081%2C181%2C2691%2C101%2C7395%2C1510%2C2540%2C1477%2C492%2C5084%2C39%2C55%2C2368%2C713%2C2585%2C2%2C1365%2C508%2C5058%2C1201%2C236%2C997%2C1376%2C2995%2C545%2C220%2C1803%2C112%2C1243%2C378%2C143%2C2765%2C2959%2C210&cl=642462524&seq=1&event=streamingstats&docid=bjBEHmWvQGI&qclc=ChBqeHN4OUt0TVZ3RlJhOHp4EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240611.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000

HTTP Response

204

HTTP Request

GET https://www.youtube.com/generate_204?eZcM0w

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.180.14:443

www.youtube.com

tls

IEXPLORE.EXE

519 B
355 B
6
5
142.250.180.14:443

www.youtube.com

tls

IEXPLORE.EXE

519 B
355 B
6
5
172.217.16.226:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.4kB
6.9kB
11
13

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.16.226:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.4kB
6.8kB
11
13

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
216.58.213.6:443

static.doubleclick.net

tls

IEXPLORE.EXE

759 B
5.0kB
10
9
216.58.213.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http

IEXPLORE.EXE

1.1kB
6.5kB
10
10

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js

HTTP Response

200
142.250.200.10:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

4.1kB
51.7kB
30
46

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.187.196:443

www.google.com

tls

IEXPLORE.EXE

1.0kB
4.7kB
16
9
142.250.187.196:443

https://www.google.com/js/th/lA2ntTx-2QuHkXZslM9sAF03Z9lhVUC55dA1orjIb5A.js

tls, http

IEXPLORE.EXE

1.5kB
30.7kB
19
27

HTTP Request

GET https://www.google.com/js/th/lA2ntTx-2QuHkXZslM9sAF03Z9lhVUC55dA1orjIb5A.js

HTTP Response

200
172.217.169.86:443

i.ytimg.com

tls

IEXPLORE.EXE

720 B
5.1kB
9
8
172.217.169.86:443

https://i.ytimg.com/vi/y0QgKMo-CaI/sddefault.jpg

tls, http

IEXPLORE.EXE

1.7kB
38.3kB
22
33

HTTP Request

GET https://i.ytimg.com/vi/y0QgKMo-CaI/sddefault.jpg

HTTP Response

200
142.250.200.10:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.8kB
47.1kB
28
43

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.180.1:443

yt3.ggpht.com

tls

IEXPLORE.EXE

796 B
9.7kB
11
12
142.250.180.1:443

https://yt3.ggpht.com/ytc/AIdro_ns5Q2Ep-lrnaJqjESyrKczAe8jet_i9cv1dpWnHIuEzQ=s68-c-k-c0x00ffffff-no-rj

tls, http

IEXPLORE.EXE

1.2kB
12.1kB
11
14

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_ns5Q2Ep-lrnaJqjESyrKczAe8jet_i9cv1dpWnHIuEzQ=s68-c-k-c0x00ffffff-no-rj

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13
172.217.16.226:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.2kB
2.2kB
7
8

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.16.226:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.2kB
2.2kB
7
9

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

8.8.8.8:53

netdna.bootstrapcdn.com

dns

IEXPLORE.EXE

69 B
101 B
1
1

DNS Request

netdna.bootstrapcdn.com

DNS Response

104.18.10.207

104.18.11.207
8.8.8.8:53

code.jquery.com

dns

IEXPLORE.EXE

61 B
125 B
1
1

DNS Request

code.jquery.com

DNS Response

151.101.194.137

151.101.2.137

151.101.130.137

151.101.66.137
8.8.8.8:53

coinhive.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

coinhive.com

DNS Response

172.67.165.117

104.21.57.186
8.8.8.8:53

www.youtube.com

dns

IEXPLORE.EXE

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.180.14

172.217.169.78

142.250.178.14

142.250.187.238

142.250.187.206

142.250.200.14

142.250.179.238

172.217.169.46

216.58.212.206

142.250.200.46

216.58.212.238

216.58.204.78

172.217.16.238

216.58.201.110
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.16.226
8.8.8.8:53

static.doubleclick.net

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

216.58.213.6
8.8.8.8:53

jnn-pa.googleapis.com

dns

IEXPLORE.EXE

67 B
275 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.200.10

142.250.180.10

216.58.212.234

216.58.204.74

142.250.179.234

142.250.187.202

172.217.169.74

216.58.212.202

142.250.200.42

142.250.187.234

142.250.178.10

172.217.16.234

216.58.201.106
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

i.ytimg.com

dns

IEXPLORE.EXE

57 B
281 B
1
1

DNS Request

i.ytimg.com

DNS Response

172.217.169.86

216.58.201.118

172.217.16.246

216.58.213.22

142.250.180.22

172.217.169.54

142.250.187.246

142.250.200.22

142.250.179.246

142.250.187.214

142.250.178.22

216.58.204.86

142.250.200.54

216.58.212.214
8.8.8.8:53

yt3.ggpht.com

dns

IEXPLORE.EXE

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.180.1
8.8.8.8:53

fe0.google.com

dns

IEXPLORE.EXE

60 B
110 B
1
1

DNS Request

fe0.google.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90e7fa1e04eee1c593fd3f3143989a85

SHA1
34d83ddf66e75963ea8c13eac7f1bcdbad3ad438

SHA256
7d631232b8ff40ad99bb222333caa249cbc9a2e1b68051e5951cb3ec8c878aed

SHA512
5a48e64ffd2a4a512486e35d25e9ad944396e4e02704e8c2593e496c2d86602a37f42f63f9507b7b5309c145306f863330425f877ee572e0c2ae0efdc3db0548

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad9f37a00bc36632a7632b1b143fbf42

SHA1
42b74b358673a808d64215e1785253bae18c8261

SHA256
9d705dc47fd7062cc39f3fd63545ce99875b25909f50b0fd387defaa172cdc16

SHA512
34a87e04ad1ab33ae7ada9b5bca2e54ea04668b90109553dd8fb7eaba2f651359949caf73a5066bb1adbd11abe7581f878be3911b6495dee297937e373b2c124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9153a6f664de96f0b74832814d2799b

SHA1
5a87c869d1cb78ce3470b08eb93a30c81b284474

SHA256
c4f6f5365358fe9ac05812e9d13b78ef8cdcb593ef320376301d66b1219b5b67

SHA512
d391ed8ac4a6f33edcb5a40c53259be684fac184c173a200fdb830cb49d5849efa39d3919737e1183496e43a3add5099d8d82233fd323f9af75f1575e897cd37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8a3f5694592769a934a31034b7c807c

SHA1
cfcb6eb363aef544db1d4caf37d966b92c8772cc

SHA256
bbc7b63fcd2ff1fc0ed316d676366762e637f9690a0ea9a41f29f1e4988a36dc

SHA512
75f154d646e13ba083b0c5bb4ef69f8c2a275bcdabd61e3eab346c26a8fe7d62461b3a0a432167af31a7be3843395a2ea5a075390786ca9ae5f1b70e0f16e775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f62d03fa93f45c0d869e398a2a962a7

SHA1
35a33b2d8b8ff26e28d22afdd77707e83b8a265c

SHA256
672ff85123b732a7d4731e829826ddc4364b7af5f3e818ff5f37ba7c888a051a

SHA512
a9081391e1f9f51a11fc5dd44737d40920fddb70a637aaee22c5dacbe50a39d574fe39585a05eef20f8f2198d8fcc4f94d9146f3a7c8350b4eaee3d2434d2c9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f457ceecc913bb8697481ecf60c9aae

SHA1
b235563672ea44e29be5460015b6b3b2d54e9657

SHA256
c1980acffde210f8bc313622de80b13d44615f04cfae6f3c744176481bd245df

SHA512
a52a67c16f038f33c6005724085ab792db84c377777f454688bfc7e7f7d5661f9456e346dc474cd7f6dc2e8aefd715cdfbfb012dfee4835d6f91d05f5c6f9c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
484245cfa5f9c913e0bbf191f9ff34bb

SHA1
03725ff880b3fdb59ba4058d96ba04ce6fda18f1

SHA256
c3c120a60fdaab14aa60129c7fb4d1bed5940f6dcca3d3ef6d8c2ceea13714d3

SHA512
22f8f8ea73d40468e38611d4ca007e8a2b6f52178b93eda6fef4d2c839e4db31caed9d859a0d8c85b7b3f47efe0a692fe673f221f5272e21b14ca7b5a0775a12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83f87bfe22829dbaa69f7a22d4b7c794

SHA1
d0e1217f8ac0b5e8b236bc04dd0c3ef9766c94d7

SHA256
a8d83ce245fac61492c7ce708061ac9ba457d733e01b90215846e63f768d4728

SHA512
fb9f1440eb942aa1dcb6d1512c165d9c003d4f24b70ee23ab5bf6cdaaaf7c85f93ee12ef80d7f3ba5ce85a1ef8276773f5f18d8f075a439af4336442fa88ecda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f1e13c2fcc85755f8021ccfac89c348

SHA1
38fe8376a58cbb1dfe8211ec6fda0d0332be3079

SHA256
54027833afaf3f635a8a62e44121f9e53ed97154b616924ba3c806a778e609a7

SHA512
6efefec35d88a418a8035f744e31300dce8a6a0635d830f13e8628e2e6a632ad12a464e13fb8c4553dbeb2f159ac32107e464df243e29a2e66e8de05e9abe45d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d2331e9a8952597925484808b146a78

SHA1
f7b9ecc38fa65b56960132a1cc0f801017b858cf

SHA256
f148bb6a27b23782878f38e3df9451e97dfe75104c99b886fc07163c9f0cc224

SHA512
921dcc3bbb629b99649b9464ad92334da88544bcf9b24d72079cac0e253827cbdb7c37c96b18ea3678a98b63525ad34b73ee74b2f53a9107297db29a4760d8c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6991ae6113a5ec3c4016f4d1595f11d

SHA1
962d2822b6a196a8880aff0138f900b72ebbf821

SHA256
7786cd84dc88d2c3eb5d081b36a5a659266d92e7823dedf973cf1d288ab60e8a

SHA512
154f7dac1ec4d1d03e74f7b5ed6cc788e42cf1b0bccfe7a9818e3428d57b5f1d41b67a5d3c36c466ac1614362c402c69bd39f0ab0d6476c16d0fec2a3245ab71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7b7235fb67e95c8e14c3c02a5969e1d

SHA1
9bb63b2feb65af80d59e7180953b4cbc7dec7784

SHA256
f5e00b08e02f82e2626a6510bee9d40a8de05fef7d88dc8d199a52f6275f9dd1

SHA512
f65d1edceddd2b3785dfc8a15abe44192ecaa5507546ffafa6b204aa5fc0903323a5ef60a547c2ffaa0887853f54a4cc608285ac6535af6f1fd27b7c4524014b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e7da7d327016477ef899236d0efd4da

SHA1
7c9636ccd8a4c057138f5cb11f023464381567b4

SHA256
ce625266a72c432241a1a3b8e977e7112fcf92718f64aac56970f9ebc7c0bb76

SHA512
2c8104c699fed85502914c504d9e4d868aa80290b944554ffa213a7e2e5f84f224662c40942ea6c0d3c11bb7d8b7fe108945695943a02ff6be7b2200b6d9a959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9109fc1d03053c0f17f040218ac7fccf

SHA1
50fc4e4f1f4c34978ca465b6e7952a13b9b683de

SHA256
5aafd59ac264279fd197a8b30f3ccb9e478b4891a8a45d872f1f6b55caf3a4a4

SHA512
f8204c8afef04dbd430ec9dc6cba057f0e6ba339eaa26f9c7de06b4bc6d9bb58276fce6f2d6fe126bf195e8438964b3425a9fbbf222d0437ebc1501490afd470

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e9a174298f8746abbb4fa2d8f8df7d8

SHA1
2fd56627db3949543316b65d6eff89d5c2e2b8a6

SHA256
4426e757e092d12a54b4126b3fcf7643420b801c6de215344c9d8a1d9b1dee6e

SHA512
ac10f504a2de7e6254e5279108ca2dbe02247bb3b2206a091ef068cbcca6e79246d4d3f9e7485ec479031fb181cbb93f1a133402fb40873fc0b9e18d247a8c7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87f33a3accde30e314ab3fcf7ee1820c

SHA1
55fb4a271ac76c8fc4543a0194eeda96b4916eae

SHA256
f9d348b21d06a855d6ac5668a3291a61c49300ee2a5a46e608e9b150cad0a665

SHA512
3bd63474dbe55f584ca193f021408cbfa5e43149ef3aa382e01204a9b1e0603deea6ea4579be8762c4fe7bc83724573b8e38c292efa6b95146a9dab01b7b2fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e3bc8542f27e207f59d5b801758e8a9

SHA1
006332c2406c167626cc56576cdb456577b50cd9

SHA256
1f17f915628dbdeb5ae9e442573daa401e9532113dc9ebb187b1a480e2cf0abc

SHA512
02319e519b2afbb704ec567bb5a5e98abf29869c34e296f9273180bd8d9c520a3009474f07c5a834802a74e373b2c4add96b5cef8c2cab2f026177741afd0e70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
812f28cefcdc8cb070e02921166a806c

SHA1
d18c9940464447767ffd8aed3f0fc9b8a2785e4d

SHA256
1e272e5143455d566427c1055cc69d15b1f5009e881495e533b1d8c770f031d4

SHA512
d3bf6afb48271fbc905be609ac7009f24d88506a15ff11e95efee9d7386be0695560cd42a4b84303258817c638a5c364adec10e63772761452b242c0d5372b65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
159ef3f6cdcf2cd23e699565ff8b618b

SHA1
5584ed09d6d80059f042b123aef0113ec02d6ce5

SHA256
c4a7833f456aa521364c90eccc4d5fa426e273ee37ea385129bfdf36d2c725c3

SHA512
923f4739b71cfe749b555233043d9aef89af693c45e317d2bb9156431d9a76dfe3c1e1016c1e034d0878e3a7623db3827d6462fc81e561c4afb645c44eb709e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2899b4d28e2ded2a06fb3975bf7b7b3a

SHA1
b6372af912a5132abb7d4cab5ee119cf3500e225

SHA256
fd6984ff1a0793cb58fe563192897232e5dc182756ea03d28a7835e63fb4cbbd

SHA512
45defe6ea9d23e0a8ffa6362708b178306b42b4b45763d991164284cd9f55e3f0f3836949760c83bda8836c27704a6b21abf91ae4d25821bd1b7ffa8afa124a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfb4000e8c551b1c32733f302756c444

SHA1
43c53dfa2f8400fdd538c0f0ed64b1fdc0b02304

SHA256
26763fcc89c123725609e7e4e48c1ea66064ca2904b3205d7be9440ecc2c8a88

SHA512
94b08d3341ac7007604fcaed2733fb516419981b137d11701719191690ba2172a9025696f10e311acfb84d3d84aea798a372162a8b849d9e9b2a493e8f35210b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
229B

MD5
5ed0459af414cae33e90d6629c8f75d3

SHA1
6f3d325c7852bb93601d34f1c84d4b9751fce920

SHA256
e2bcdf0e357037d1b8017f1b3e81a3499978c784f30a79b6294eaba9e7e0f448

SHA512
42bdc3dae30c37d5942a897dae5b9d51685458d4dae014e15bf73af1d186a48090e57bfcb58d2570ca434fb42ac28de2f546f25eb0d659abb9c454be460ddf03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
229B

MD5
d22971b38e7d496a74b5cf66cdcde093

SHA1
337c3262024ffbecaf157759345fa9d334fa162c

SHA256
c6c127f7395767940d9bb01d94c7ece1e609f073f484e40c859eb0cd336c0660

SHA512
2d934c6404808446dd43a940b696b479ddf2974629a2ccc4b0c98ecb60e9d06738d1f30e827b0cd11e9bafe42185f6885e27843afd54c1b412dc4c07acb416f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
448B

MD5
021932150857e2d377c97fab7c5a6d43

SHA1
d240da1f5e58014d4c8395e193050d3f7882cf89

SHA256
970b7684d1f05ed3517317cddc20f89998b7b21ede61459f1cd2e433c1108b4d

SHA512
807d10dda9423d825f6755d491ce4c7fb2d19f3ddd11898d8a9f12a534799e69c3e90fb34d218c1ec7e8e9bdb8738d84efc33c0bcb98a7969e875b428b8c54c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
641B

MD5
12d7f77f8f2ce246580163546a0406b1

SHA1
5360727c3bd2f78d97f2bd634bafa6709e94e7dc

SHA256
8b6c7a09de46a71a9ef6529754797b092143359cc1702463bf19970fb9068333

SHA512
b56683a2b12279b01cda26cfe5b52e0f5f9533e976ae0c344c6ad8d0061916d70754bca521a19c77cc6f998a259597834ed292d89def5d62317c1166ce1a947c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
16KB

MD5
e49463556c9e43c1824a6406a9638f44

SHA1
887fd8aa1daa2f9ac94ccda1867694405ec2fad7

SHA256
21012fbca7c29d70e23620d07e8f38ed9e3de9b2f7f2b8ddb9a04e6a5a108b79

SHA512
a0e385ee6a1fd1ee5826df8556a68b38d00577386acbb4022ae35f839298a12eaf1a979b57b60f5e041758805535cb6e727c928a7eb81a791025e291736b1894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
990B

MD5
cf558cc805c4fd011cb3d0c68c9686b7

SHA1
785573207f08c8142f93e7ff8979a43f195d2576

SHA256
539a5ec49b26c95977fa0e92abb0c5aa85cedf6d3d949e8e12a95e4191a9730f

SHA512
1e292061068fab05d025301073e423e79f06796274f973a4ad65e37ffbc7559716bdcb972517701d64052ce7ba8636749efcb1cbfb8197e1b195a1073b9f8249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
990B

MD5
95e3ad32d6be77909c10820c22bb7764

SHA1
c81c39d0bcd3c0128d3b604b6eb92352eab7e8f2

SHA256
c77345a4554005e667357d3db5f506cffe2387371436eabc24acee58ba664056

SHA512
67cf9573c53e0156fbc08dc438c85e89c61d4cb9d7852442be1da77945e50bfe5640ec6d56b042d0319317164b081687ed84e18e73ce4245c8207a117e7cb8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
990B

MD5
9e9c1b4a3198fb419fb60c01bec2ac7d

SHA1
1f2bcb67836f43dd48fac6f3b49a7c4861b63280

SHA256
a895e0b002f71029dbe9f131c3ec533350cafeae80692378fcb01e8cfcd5b02b

SHA512
d088cefc0b13d14ba2029b8980826c581cac8b07b86c71f287e349aa848a1325447eba9c16d863b170b46de5747e934a5317ba2c279df37e43131c8a191dc4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
814B

MD5
1f914eac696298af883e7e43a8169434

SHA1
56608502828eab7e344f7f1f8819ad40b064c53b

SHA256
a4810548eaca6b999a993591d35fa253b65c9d8e68687585dcdf35c5ebefee16

SHA512
c8b5ecc7f4a0d73e1682020f45560d9825afb8a1490011bd95c53433059c9997ac06c26bea5771e5a4860324b75b8766c2d47c8b2d60835c320881652867d6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
990B

MD5
517fc78c0e743ce83808ea4971dcb798

SHA1
84cd6bb7f850555d2010de6b1f1df56b7120ff41

SHA256
3dfd7457b839d08dbb7aec7b6135f3eec26ec3f322bfecae3ef7ef8bf71488b8

SHA512
db1cfb010f8d677894a5e5fcd0438629ad6aa6fa9e5bc16bddd5bbea359448f7cc9097b2982c017c70cc2c4089e796d34edb212c0c38c5cef4c9af535ecbb57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
990B

MD5
9b3d362afcdc00423a93eecc2a312b3c

SHA1
51bfa6fafc3991d0092dee5593d6597ae493ecac

SHA256
00e525a2a5e4f6eb5e35b85f1ce21aacb82818fd85ce0283ee174d63c7824342

SHA512
4b4f8ef5fff25fc10869a8fb5e817367130f11ee5dddebd5941114852d5422af22dcc5881f2b339af5ea67eb0b21870a99db8376659b1118b1e44478d626ca0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
990B

MD5
45415d181ebfd36fd1fb9f1929137a9e

SHA1
1a91be4f101ac5de05cb4485aebb486508bfc6b1

SHA256
cfb64bc9ba925d829a30cc4bad83de550311e838c20b78a99d2cace08376c2ca

SHA512
f5eeee2fa9335e04ca90e96606f9fc6034c2092dfeba28f1bf6179d2093afb391606453aedc7be62844a2e7da38c1bb695dc69d2a5c01d2d9b27be61b226a484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab39F7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar39F8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request