Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    15/06/2024, 00:20 UTC

General

  • Target

    ac32ea9ca3c13214cd56c53b6a0ac220_JaffaCakes118.html

  • Size

    35KB

  • MD5

    ac32ea9ca3c13214cd56c53b6a0ac220

  • SHA1

    981d700cdc5bf1564347f35133e5c37df94c0798

  • SHA256

    d94f8e8a4d21a30973276093ae57ed76f5acb130823f774d058f1bdb00fae687

  • SHA512

    08dc9cafc3001a679ebf25edeb2932534a835de4a19b4b76697806409ea6c9af4ac92b7e0f7254c74cdec04776fa9b97ee44103bec7fc0f525724eb6250e125e

  • SSDEEP

    768:K3nwzXyEuPvVp3igx/qWeYcB7umh2M9vgFXdAy3ZO1NlCNFpzL:+nwzXyEuPvVp3igx/qWeYcB7umQM9vgt

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ac32ea9ca3c13214cd56c53b6a0ac220_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1740

Network

  • flag-us
    DNS
    netdna.bootstrapcdn.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    netdna.bootstrapcdn.com
    IN A
    Response
    netdna.bootstrapcdn.com
    IN A
    104.18.10.207
    netdna.bootstrapcdn.com
    IN A
    104.18.11.207
  • flag-us
    DNS
    code.jquery.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    code.jquery.com
    IN A
    Response
    code.jquery.com
    IN A
    151.101.194.137
    code.jquery.com
    IN A
    151.101.2.137
    code.jquery.com
    IN A
    151.101.130.137
    code.jquery.com
    IN A
    151.101.66.137
  • flag-us
    DNS
    coinhive.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    coinhive.com
    IN A
    Response
    coinhive.com
    IN A
    172.67.165.117
    coinhive.com
    IN A
    104.21.57.186
  • flag-us
    GET
    http://netdna.bootstrapcdn.com/font-awesome/3.1.1/css/font-awesome.css
    IEXPLORE.EXE
    Remote address:
    104.18.10.207:80
    Request
    GET /font-awesome/3.1.1/css/font-awesome.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: netdna.bootstrapcdn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 15 Jun 2024 00:20:22 GMT
    Content-Type: text/css; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    CDN-PullZone: 252412
    CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
    CDN-RequestCountryCode: FR
    Access-Control-Allow-Origin: *
    Cache-Control: public, max-age=31919000
    Content-Encoding: gzip
    ETag: W/"bbd098fc6d8263878a58191b4b45e7a6"
    Last-Modified: Mon, 25 Jan 2021 22:04:50 GMT
    CDN-CachedAt: 10/31/2023 20:35:35
    CDN-ProxyVer: 1.04
    CDN-RequestPullCode: 200
    CDN-RequestPullSuccess: True
    CDN-EdgeStorageId: 947
    timing-allow-origin: *
    cross-origin-resource-policy: cross-origin
    X-Content-Type-Options: nosniff
    CDN-Status: 200
    CDN-RequestId: 86169579c8b79330329d3f4676b13baf
    CDN-Cache: HIT
    CF-Cache-Status: HIT
    Age: 399007
    Server: cloudflare
    CF-RAY: 893e64d87f523db2-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://netdna.bootstrapcdn.com/font-awesome/3.1.1/font/fontawesome-webfont.eot?
    IEXPLORE.EXE
    Remote address:
    104.18.10.207:80
    Request
    GET /font-awesome/3.1.1/font/fontawesome-webfont.eot? HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: netdna.bootstrapcdn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 15 Jun 2024 00:20:22 GMT
    Content-Type: application/vnd.ms-fontobject
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    CDN-PullZone: 252412
    CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
    CDN-RequestCountryCode: FR
    Access-Control-Allow-Origin: *
    Cache-Control: public, max-age=31919000
    ETag: W/"3a02d698864c3140f35ad0f7f2e208ba"
    Last-Modified: Mon, 25 Jan 2021 22:04:50 GMT
    CDN-CachedAt: 06/11/2024 07:55:41
    CDN-ProxyVer: 1.04
    CDN-RequestPullCode: 200
    CDN-RequestPullSuccess: True
    CDN-EdgeStorageId: 1072
    timing-allow-origin: *
    cross-origin-resource-policy: cross-origin
    X-Content-Type-Options: nosniff
    CDN-Status: 200
    CDN-RequestId: 93ff006cd926018ec587d9b19d38c201
    CDN-Cache: HIT
    Content-Encoding: gzip
    CF-Cache-Status: MISS
    Server: cloudflare
    CF-RAY: 893e64da78a23db2-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://code.jquery.com/jquery-latest.js
    IEXPLORE.EXE
    Remote address:
    151.101.194.137:80
    Request
    GET /jquery-latest.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: code.jquery.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 83875
    Server: nginx
    Content-Type: application/javascript; charset=utf-8
    Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
    ETag: W/"28feccc0-4508e"
    Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
    Access-Control-Allow-Origin: *
    Content-Encoding: gzip
    Via: 1.1 varnish, 1.1 varnish
    Accept-Ranges: bytes
    Date: Sat, 15 Jun 2024 00:20:22 GMT
    Age: 23608615
    X-Served-By: cache-lga21958-LGA, cache-lcy-eglc8600054-LCY
    X-Cache: HIT, HIT
    X-Cache-Hits: 742, 14005
    X-Timer: S1718410822.477909,VS0,VE0
    Vary: Accept-Encoding
  • flag-us
    GET
    https://coinhive.com/lib/coinhive.min.js
    IEXPLORE.EXE
    Remote address:
    172.67.165.117:443
    Request
    GET /lib/coinhive.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: coinhive.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 15 Jun 2024 00:20:23 GMT
    Content-Type: application/x-javascript
    Content-Length: 1115
    Connection: keep-alive
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Encoding: gzip
    ETag: "806233d282cfd71:0"
    Last-Modified: Tue, 02 Nov 2021 00:44:41 GMT
    Set-Cookie: ARRAffinity=467bfcea8c5a083dbbc88b4c64fe4e95280c84e9025fb0da4be6181f0f0f6d2f;Path=/;HttpOnly;Secure;Domain=coinhive.com
    Set-Cookie: ARRAffinitySameSite=467bfcea8c5a083dbbc88b4c64fe4e95280c84e9025fb0da4be6181f0f0f6d2f;Path=/;HttpOnly;SameSite=None;Secure;Domain=coinhive.com
    Vary: Accept-Encoding
    X-Powered-By: ASP.NET
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RgHoJXoDrRxQpCkpZJijenmsNlxMDDcLBIQSoNstT8RxLZHiQhJkmPfFClWIRYim7Rsrh68Pdhub5YYcLE%2FUjBdPlGtryqN2Tz5AWWBzY4KtgCzUdPCbTinsAAjtFwY%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 893e64dae86c955f-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    www.youtube.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    172.217.169.46
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    216.58.201.110
  • flag-gb
    GET
    https://www.youtube.com/embed/y0QgKMo-CaI
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    GET /embed/y0QgKMo-CaI HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Sat, 15 Jun 2024 00:20:22 GMT
    Strict-Transport-Security: max-age=31536000
    Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
    Cross-Origin-Resource-Policy: cross-origin
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
    Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
    P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
    Content-Encoding: gzip
    Server: ESF
    X-XSS-Protection: 0
    Set-Cookie: YSC=AaINtFCgnLY; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
    Set-Cookie: VISITOR_INFO1_LIVE=Q1zbtdnpdi0; Domain=.youtube.com; Expires=Thu, 12-Dec-2024 00:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
    Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgaA%3D%3D; Domain=.youtube.com; Expires=Thu, 12-Dec-2024 00:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.youtube.com/s/player/74204f6c/www-player.css
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    GET /s/player/74204f6c/www-player.css HTTP/1.1
    Accept: text/css, */*
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: YSC=AaINtFCgnLY; VISITOR_INFO1_LIVE=Q1zbtdnpdi0; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgaA%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
    Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
    Content-Length: 59236
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Wed, 12 Jun 2024 07:32:52 GMT
    Expires: Thu, 12 Jun 2025 07:32:52 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
    Content-Type: text/css
    Vary: Accept-Encoding, Origin
    Age: 233251
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/embed/bjBEHmWvQGI
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    GET /embed/bjBEHmWvQGI HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Sat, 15 Jun 2024 00:20:22 GMT
    Strict-Transport-Security: max-age=31536000
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
    Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
    Cross-Origin-Resource-Policy: cross-origin
    Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
    P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
    Content-Encoding: gzip
    Server: ESF
    X-XSS-Protection: 0
    Set-Cookie: YSC=dC2j-NI2dKw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
    Set-Cookie: VISITOR_INFO1_LIVE=7-SQ_cztWIA; Domain=.youtube.com; Expires=Thu, 12-Dec-2024 00:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
    Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D; Domain=.youtube.com; Expires=Thu, 12-Dec-2024 00:20:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.youtube.com/s/player/74204f6c/www-embed-player.vflset/www-embed-player.js
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    GET /s/player/74204f6c/www-embed-player.vflset/www-embed-player.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
    Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
    Content-Length: 116598
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Wed, 12 Jun 2024 07:32:53 GMT
    Expires: Thu, 12 Jun 2025 07:32:53 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding, Origin
    Age: 233250
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/base.js
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    GET /s/player/74204f6c/player_ias.vflset/en_US/base.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D
    Response
    HTTP/1.1 200 OK
    Content-Encoding: gzip
    Accept-Ranges: bytes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
    Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
    Content-Length: 824822
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Wed, 12 Jun 2024 07:31:38 GMT
    Expires: Thu, 12 Jun 2025 07:31:38 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding, Origin
    Age: 233325
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/remote.js
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    GET /s/player/74204f6c/player_ias.vflset/en_US/remote.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
    Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
    Content-Length: 39279
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Wed, 12 Jun 2024 07:42:14 GMT
    Expires: Thu, 12 Jun 2025 07:42:14 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding, Origin
    Age: 232690
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/embed.js
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    GET /s/player/74204f6c/player_ias.vflset/en_US/embed.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
    Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
    Content-Length: 22351
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 13 Jun 2024 11:33:52 GMT
    Expires: Fri, 13 Jun 2025 11:33:52 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Wed, 12 Jun 2024 04:23:02 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding, Origin
    Age: 132393
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    POST
    https://www.youtube.com/api/stats/qoe?cpn=jxsx9KtMVwFRa8zx&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C121055%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C7648%2C1424%2C29152%2C2196%2C9996%2C1103%2C4081%2C181%2C2691%2C101%2C7395%2C1510%2C2540%2C1477%2C492%2C5084%2C39%2C55%2C2368%2C713%2C2585%2C2%2C1365%2C508%2C5058%2C1201%2C236%2C997%2C1376%2C2995%2C545%2C220%2C1803%2C112%2C1243%2C378%2C143%2C2765%2C2959%2C210&cl=642462524&seq=1&event=streamingstats&docid=bjBEHmWvQGI&qclc=ChBqeHN4OUt0TVZ3RlJhOHp4EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240611.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    POST /api/stats/qoe?cpn=jxsx9KtMVwFRa8zx&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C121055%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C7648%2C1424%2C29152%2C2196%2C9996%2C1103%2C4081%2C181%2C2691%2C101%2C7395%2C1510%2C2540%2C1477%2C492%2C5084%2C39%2C55%2C2368%2C713%2C2585%2C2%2C1365%2C508%2C5058%2C1201%2C236%2C997%2C1376%2C2995%2C545%2C220%2C1803%2C112%2C1243%2C378%2C143%2C2765%2C2959%2C210&cl=642462524&seq=1&event=streamingstats&docid=bjBEHmWvQGI&qclc=ChBqeHN4OUt0TVZ3RlJhOHp4EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240611.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
    Accept: */*
    X-Goog-Visitor-Id: Cgs3LVNRX2N6dFdJQSjGvLOzBjIKCgJVUxIEGgAgbQ%3D%3D
    X-YouTube-Client-Name: 56
    X-YouTube-Client-Version: 1.20240611.01.00
    X-YouTube-Utc-Offset: 0
    X-YouTube-Ad-Signals: dt=1718410823172&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=422%2C1305%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C420%2C315&vis=1&wgl=true&ca_type=image
    Content-Type: application/x-www-form-urlencoded
    Referer: https://www.youtube.com/embed/bjBEHmWvQGI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: www.youtube.com
    Content-Length: 226
    Connection: Keep-Alive
    Cache-Control: no-cache
    Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D
    Response
    HTTP/1.1 204 No Content
    Content-Type: text/html; charset=UTF-8
    Date: Sat, 15 Jun 2024 00:20:25 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, must-revalidate
    X-Content-Type-Options: nosniff
    Server: Video Stats Server
    Content-Length: 0
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.youtube.com/generate_204?eZcM0w
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    GET /generate_204?eZcM0w HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.youtube.com
    Connection: Keep-Alive
    Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D
    Response
    HTTP/1.1 204 No Content
    Content-Length: 0
    Cross-Origin-Resource-Policy: cross-origin
    Date: Sat, 15 Jun 2024 00:20:26 GMT
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    POST
    https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
    Accept: */*
    X-Goog-Request-Time: 1718410827308
    Content-Type: application/json
    X-Goog-Visitor-Id: Cgs3LVNRX2N6dFdJQSjGvLOzBjIKCgJVUxIEGgAgbQ%3D%3D
    X-YouTube-Client-Name: 56
    X-YouTube-Client-Version: 1.20240611.01.00
    X-YouTube-Utc-Offset: 0
    X-YouTube-Ad-Signals: dt=1718410822547&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=422%2C1305%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C420%2C315&vis=1&wgl=true&ca_type=image
    Referer: https://www.youtube.com/embed/bjBEHmWvQGI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: www.youtube.com
    Content-Length: 9815
    Connection: Keep-Alive
    Cache-Control: no-cache
    Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D
    Response
    HTTP/1.1 200 OK
    Content-Type: application/json; charset=UTF-8
    Vary: Origin
    Vary: X-Origin
    Vary: Referer
    Content-Encoding: gzip
    Date: Sat, 15 Jun 2024 00:20:28 GMT
    Server: scaffolding on HTTPServer2
    Cache-Control: private
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    POST
    https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
    IEXPLORE.EXE
    Remote address:
    142.250.180.14:443
    Request
    POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
    Accept: */*
    X-Goog-Request-Time: 1718410827886
    Content-Type: application/json
    X-Goog-Visitor-Id: CgtRMXpidGRucGRpMCjGvLOzBjIKCgJVUxIEGgAgaA%3D%3D
    X-YouTube-Client-Name: 56
    X-YouTube-Client-Version: 1.20240611.01.00
    X-YouTube-Utc-Offset: 0
    X-YouTube-Ad-Signals: dt=1718410822953&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=422%2C3188%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C420%2C315&vis=1&wgl=true&ca_type=image
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: www.youtube.com
    Content-Length: 10651
    Connection: Keep-Alive
    Cache-Control: no-cache
    Cookie: YSC=dC2j-NI2dKw; VISITOR_INFO1_LIVE=7-SQ_cztWIA; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbQ%3D%3D
    Response
    HTTP/1.1 200 OK
    Content-Type: application/json; charset=UTF-8
    Vary: Origin
    Vary: X-Origin
    Vary: Referer
    Content-Encoding: gzip
    Date: Sat, 15 Jun 2024 00:20:28 GMT
    Server: scaffolding on HTTPServer2
    Cache-Control: private
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    DNS
    googleads.g.doubleclick.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    googleads.g.doubleclick.net
    IN A
    Response
    googleads.g.doubleclick.net
    IN A
    172.217.16.226
  • flag-us
    DNS
    static.doubleclick.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    static.doubleclick.net
    IN A
    Response
    static.doubleclick.net
    IN A
    216.58.213.6
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/id
    IEXPLORE.EXE
    Remote address:
    172.217.16.226:443
    Request
    GET /pagead/id HTTP/1.1
    Accept: */*
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    Access-Control-Allow-Credentials: true
    Date: Sat, 15 Jun 2024 00:20:24 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    IEXPLORE.EXE
    Remote address:
    172.217.16.226:443
    Request
    GET /pagead/id?slf_rd=1 HTTP/1.1
    Accept: */*
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Access-Control-Allow-Credentials: true
    Content-Type: application/json; charset=UTF-8
    Date: Sat, 15 Jun 2024 00:20:24 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/id
    IEXPLORE.EXE
    Remote address:
    172.217.16.226:443
    Request
    GET /pagead/id HTTP/1.1
    Accept: */*
    Referer: https://www.youtube.com/embed/bjBEHmWvQGI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    Access-Control-Allow-Credentials: true
    Date: Sat, 15 Jun 2024 00:20:24 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    IEXPLORE.EXE
    Remote address:
    172.217.16.226:443
    Request
    GET /pagead/id?slf_rd=1 HTTP/1.1
    Accept: */*
    Referer: https://www.youtube.com/embed/bjBEHmWvQGI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Access-Control-Allow-Credentials: true
    Content-Type: application/json; charset=UTF-8
    Date: Sat, 15 Jun 2024 00:20:24 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://static.doubleclick.net/instream/ad_status.js
    IEXPLORE.EXE
    Remote address:
    216.58.213.6:443
    Request
    GET /instream/ad_status.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
    Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
    Timing-Allow-Origin: *
    Content-Length: 29
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 15 Jun 2024 00:08:13 GMT
    Expires: Sat, 15 Jun 2024 00:23:13 GMT
    Cache-Control: public, max-age=900
    Age: 731
    Last-Modified: Thu, 12 Dec 2013 23:40:16 GMT
    Content-Type: text/javascript
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    jnn-pa.googleapis.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    jnn-pa.googleapis.com
    IN A
    Response
    jnn-pa.googleapis.com
    IN A
    142.250.200.10
    jnn-pa.googleapis.com
    IN A
    142.250.180.10
    jnn-pa.googleapis.com
    IN A
    216.58.212.234
    jnn-pa.googleapis.com
    IN A
    216.58.204.74
    jnn-pa.googleapis.com
    IN A
    142.250.179.234
    jnn-pa.googleapis.com
    IN A
    142.250.187.202
    jnn-pa.googleapis.com
    IN A
    172.217.169.74
    jnn-pa.googleapis.com
    IN A
    216.58.212.202
    jnn-pa.googleapis.com
    IN A
    142.250.200.42
    jnn-pa.googleapis.com
    IN A
    142.250.187.234
    jnn-pa.googleapis.com
    IN A
    142.250.178.10
    jnn-pa.googleapis.com
    IN A
    172.217.16.234
    jnn-pa.googleapis.com
    IN A
    216.58.201.106
  • flag-gb
    POST
    https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
    IEXPLORE.EXE
    Remote address:
    142.250.200.10:443
    Request
    POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
    Accept: */*
    X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
    Content-Type: application/json+protobuf
    X-User-Agent: grpc-web-javascript/0.1
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: jnn-pa.googleapis.com
    Content-Length: 24
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Content-Type: application/json+protobuf; charset=UTF-8
    Vary: Origin
    Vary: X-Origin
    Vary: Referer
    Content-Encoding: gzip
    Date: Sat, 15 Jun 2024 00:20:25 GMT
    Server: ESF
    Cache-Control: private
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    POST
    https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
    IEXPLORE.EXE
    Remote address:
    142.250.200.10:443
    Request
    POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
    Accept: */*
    X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
    Content-Type: application/json+protobuf
    X-User-Agent: grpc-web-javascript/0.1
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: jnn-pa.googleapis.com
    Content-Length: 1319
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Content-Type: application/json+protobuf; charset=UTF-8
    Vary: Origin
    Vary: X-Origin
    Vary: Referer
    Content-Encoding: gzip
    Date: Sat, 15 Jun 2024 00:20:26 GMT
    Server: ESF
    Cache-Control: private
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    DNS
    www.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.196
  • flag-us
    DNS
    i.ytimg.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i.ytimg.com
    IN A
    Response
    i.ytimg.com
    IN A
    172.217.169.86
    i.ytimg.com
    IN A
    216.58.201.118
    i.ytimg.com
    IN A
    172.217.16.246
    i.ytimg.com
    IN A
    216.58.213.22
    i.ytimg.com
    IN A
    142.250.180.22
    i.ytimg.com
    IN A
    172.217.169.54
    i.ytimg.com
    IN A
    142.250.187.246
    i.ytimg.com
    IN A
    142.250.200.22
    i.ytimg.com
    IN A
    142.250.179.246
    i.ytimg.com
    IN A
    142.250.187.214
    i.ytimg.com
    IN A
    142.250.178.22
    i.ytimg.com
    IN A
    216.58.204.86
    i.ytimg.com
    IN A
    142.250.200.54
    i.ytimg.com
    IN A
    216.58.212.214
  • flag-gb
    GET
    https://www.google.com/js/th/lA2ntTx-2QuHkXZslM9sAF03Z9lhVUC55dA1orjIb5A.js
    IEXPLORE.EXE
    Remote address:
    142.250.187.196:443
    Request
    GET /js/th/lA2ntTx-2QuHkXZslM9sAF03Z9lhVUC55dA1orjIb5A.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
    Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
    Content-Length: 23894
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 08 Jun 2024 18:18:32 GMT
    Expires: Sun, 08 Jun 2025 18:18:32 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 03 Jun 2024 09:30:00 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding
    Age: 540113
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://i.ytimg.com/vi/y0QgKMo-CaI/sddefault.jpg
    IEXPLORE.EXE
    Remote address:
    172.217.169.86:443
    Request
    GET /vi/y0QgKMo-CaI/sddefault.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i.ytimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Type: image/jpeg
    Vary: Origin
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
    Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
    Timing-Allow-Origin: *
    Content-Length: 30359
    Date: Sat, 15 Jun 2024 00:20:25 GMT
    Expires: Sat, 15 Jun 2024 02:20:25 GMT
    Cache-Control: public, max-age=7200
    ETag: "0"
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    POST
    https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
    IEXPLORE.EXE
    Remote address:
    142.250.200.10:443
    Request
    POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
    Accept: */*
    X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
    Content-Type: application/json+protobuf
    X-User-Agent: grpc-web-javascript/0.1
    Referer: https://www.youtube.com/embed/bjBEHmWvQGI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: jnn-pa.googleapis.com
    Content-Length: 24
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Content-Type: application/json+protobuf; charset=UTF-8
    Vary: Origin
    Vary: X-Origin
    Vary: Referer
    Content-Encoding: gzip
    Date: Sat, 15 Jun 2024 00:20:26 GMT
    Server: ESF
    Cache-Control: private
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    POST
    https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
    IEXPLORE.EXE
    Remote address:
    142.250.200.10:443
    Request
    POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
    Accept: */*
    X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
    Content-Type: application/json+protobuf
    X-User-Agent: grpc-web-javascript/0.1
    Referer: https://www.youtube.com/embed/bjBEHmWvQGI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: jnn-pa.googleapis.com
    Content-Length: 1119
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Content-Type: application/json+protobuf; charset=UTF-8
    Vary: Origin
    Vary: X-Origin
    Vary: Referer
    Content-Encoding: gzip
    Date: Sat, 15 Jun 2024 00:20:26 GMT
    Server: ESF
    Cache-Control: private
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    DNS
    yt3.ggpht.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    yt3.ggpht.com
    IN A
    Response
    yt3.ggpht.com
    IN CNAME
    photos-ugc.l.googleusercontent.com
    photos-ugc.l.googleusercontent.com
    IN A
    142.250.180.1
  • flag-gb
    GET
    https://yt3.ggpht.com/ytc/AIdro_ns5Q2Ep-lrnaJqjESyrKczAe8jet_i9cv1dpWnHIuEzQ=s68-c-k-c0x00ffffff-no-rj
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:443
    Request
    GET /ytc/AIdro_ns5Q2Ep-lrnaJqjESyrKczAe8jet_i9cv1dpWnHIuEzQ=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: yt3.ggpht.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: image/jpeg
    Vary: Origin
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    ETag: "v16"
    Expires: Sun, 16 Jun 2024 00:20:26 GMT
    Cache-Control: public, max-age=86400, no-transform
    Content-Disposition: inline;filename="unnamed.jpg"
    X-Content-Type-Options: nosniff
    Date: Sat, 15 Jun 2024 00:20:26 GMT
    Server: fife
    Content-Length: 1872
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    fe0.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fe0.google.com
    IN A
    Response
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/id
    IEXPLORE.EXE
    Remote address:
    172.217.16.226:443
    Request
    GET /pagead/id HTTP/1.1
    Accept: */*
    Referer: https://www.youtube.com/embed/bjBEHmWvQGI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    Access-Control-Allow-Credentials: true
    Date: Sat, 15 Jun 2024 00:22:26 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    IEXPLORE.EXE
    Remote address:
    172.217.16.226:443
    Request
    GET /pagead/id?slf_rd=1 HTTP/1.1
    Accept: */*
    Referer: https://www.youtube.com/embed/bjBEHmWvQGI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Access-Control-Allow-Credentials: true
    Content-Type: application/json; charset=UTF-8
    Date: Sat, 15 Jun 2024 00:22:26 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/id
    IEXPLORE.EXE
    Remote address:
    172.217.16.226:443
    Request
    GET /pagead/id HTTP/1.1
    Accept: */*
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    Access-Control-Allow-Credentials: true
    Date: Sat, 15 Jun 2024 00:22:26 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    IEXPLORE.EXE
    Remote address:
    172.217.16.226:443
    Request
    GET /pagead/id?slf_rd=1 HTTP/1.1
    Accept: */*
    Referer: https://www.youtube.com/embed/y0QgKMo-CaI
    Accept-Language: en-US
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Access-Control-Allow-Credentials: true
    Content-Type: application/json; charset=UTF-8
    Date: Sat, 15 Jun 2024 00:22:26 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • 104.18.10.207:80
    http://netdna.bootstrapcdn.com/font-awesome/3.1.1/font/fontawesome-webfont.eot?
    http
    IEXPLORE.EXE
    1.6kB
    37.6kB
    22
    32

    HTTP Request

    GET http://netdna.bootstrapcdn.com/font-awesome/3.1.1/css/font-awesome.css

    HTTP Response

    200

    HTTP Request

    GET http://netdna.bootstrapcdn.com/font-awesome/3.1.1/font/fontawesome-webfont.eot?

    HTTP Response

    200
  • 151.101.194.137:80
    http://code.jquery.com/jquery-latest.js
    http
    IEXPLORE.EXE
    2.0kB
    87.2kB
    38
    67

    HTTP Request

    GET http://code.jquery.com/jquery-latest.js

    HTTP Response

    200
  • 172.67.165.117:443
    coinhive.com
    tls
    IEXPLORE.EXE
    773 B
    5.8kB
    10
    10
  • 172.67.165.117:443
    https://coinhive.com/lib/coinhive.min.js
    tls, http
    IEXPLORE.EXE
    1.3kB
    9.0kB
    14
    14

    HTTP Request

    GET https://coinhive.com/lib/coinhive.min.js

    HTTP Response

    200
  • 151.101.194.137:80
    code.jquery.com
    IEXPLORE.EXE
    242 B
    184 B
    5
    4
  • 104.18.10.207:80
    netdna.bootstrapcdn.com
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 142.250.180.14:443
    https://www.youtube.com/s/player/74204f6c/www-player.css
    tls, http
    IEXPLORE.EXE
    3.4kB
    116.0kB
    51
    93

    HTTP Request

    GET https://www.youtube.com/embed/y0QgKMo-CaI

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/s/player/74204f6c/www-player.css

    HTTP Response

    200
  • 142.250.180.14:443
    https://www.youtube.com/s/player/74204f6c/www-embed-player.vflset/www-embed-player.js
    tls, http
    IEXPLORE.EXE
    4.5kB
    175.2kB
    74
    135

    HTTP Request

    GET https://www.youtube.com/embed/bjBEHmWvQGI

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/s/player/74204f6c/www-embed-player.vflset/www-embed-player.js

    HTTP Response

    200
  • 142.250.180.14:443
    https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
    tls, http
    IEXPLORE.EXE
    44.3kB
    939.1kB
    387
    709

    HTTP Request

    GET https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/base.js

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/remote.js

    HTTP Response

    200

    HTTP Request

    GET https://www.youtube.com/s/player/74204f6c/player_ias.vflset/en_US/embed.js

    HTTP Response

    200

    HTTP Request

    POST https://www.youtube.com/api/stats/qoe?cpn=jxsx9KtMVwFRa8zx&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C121055%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C7648%2C1424%2C29152%2C2196%2C9996%2C1103%2C4081%2C181%2C2691%2C101%2C7395%2C1510%2C2540%2C1477%2C492%2C5084%2C39%2C55%2C2368%2C713%2C2585%2C2%2C1365%2C508%2C5058%2C1201%2C236%2C997%2C1376%2C2995%2C545%2C220%2C1803%2C112%2C1243%2C378%2C143%2C2765%2C2959%2C210&cl=642462524&seq=1&event=streamingstats&docid=bjBEHmWvQGI&qclc=ChBqeHN4OUt0TVZ3RlJhOHp4EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240611.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000

    HTTP Response

    204

    HTTP Request

    GET https://www.youtube.com/generate_204?eZcM0w

    HTTP Response

    204

    HTTP Request

    POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

    HTTP Response

    200

    HTTP Request

    POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

    HTTP Response

    200
  • 142.250.180.14:443
    www.youtube.com
    tls
    IEXPLORE.EXE
    519 B
    355 B
    6
    5
  • 142.250.180.14:443
    www.youtube.com
    tls
    IEXPLORE.EXE
    519 B
    355 B
    6
    5
  • 172.217.16.226:443
    https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    tls, http
    IEXPLORE.EXE
    1.4kB
    6.9kB
    11
    13

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/id

    HTTP Response

    302

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

    HTTP Response

    200
  • 172.217.16.226:443
    https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    tls, http
    IEXPLORE.EXE
    1.4kB
    6.8kB
    11
    13

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/id

    HTTP Response

    302

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

    HTTP Response

    200
  • 216.58.213.6:443
    static.doubleclick.net
    tls
    IEXPLORE.EXE
    759 B
    5.0kB
    10
    9
  • 216.58.213.6:443
    https://static.doubleclick.net/instream/ad_status.js
    tls, http
    IEXPLORE.EXE
    1.1kB
    6.5kB
    10
    10

    HTTP Request

    GET https://static.doubleclick.net/instream/ad_status.js

    HTTP Response

    200
  • 142.250.200.10:443
    https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
    tls, http
    IEXPLORE.EXE
    4.1kB
    51.7kB
    30
    46

    HTTP Request

    POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

    HTTP Response

    200

    HTTP Request

    POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

    HTTP Response

    200
  • 142.250.187.196:443
    www.google.com
    tls
    IEXPLORE.EXE
    1.0kB
    4.7kB
    16
    9
  • 142.250.187.196:443
    https://www.google.com/js/th/lA2ntTx-2QuHkXZslM9sAF03Z9lhVUC55dA1orjIb5A.js
    tls, http
    IEXPLORE.EXE
    1.5kB
    30.7kB
    19
    27

    HTTP Request

    GET https://www.google.com/js/th/lA2ntTx-2QuHkXZslM9sAF03Z9lhVUC55dA1orjIb5A.js

    HTTP Response

    200
  • 172.217.169.86:443
    i.ytimg.com
    tls
    IEXPLORE.EXE
    720 B
    5.1kB
    9
    8
  • 172.217.169.86:443
    https://i.ytimg.com/vi/y0QgKMo-CaI/sddefault.jpg
    tls, http
    IEXPLORE.EXE
    1.7kB
    38.3kB
    22
    33

    HTTP Request

    GET https://i.ytimg.com/vi/y0QgKMo-CaI/sddefault.jpg

    HTTP Response

    200
  • 142.250.200.10:443
    https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
    tls, http
    IEXPLORE.EXE
    3.8kB
    47.1kB
    28
    43

    HTTP Request

    POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

    HTTP Response

    200

    HTTP Request

    POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

    HTTP Response

    200
  • 142.250.180.1:443
    yt3.ggpht.com
    tls
    IEXPLORE.EXE
    796 B
    9.7kB
    11
    12
  • 142.250.180.1:443
    https://yt3.ggpht.com/ytc/AIdro_ns5Q2Ep-lrnaJqjESyrKczAe8jet_i9cv1dpWnHIuEzQ=s68-c-k-c0x00ffffff-no-rj
    tls, http
    IEXPLORE.EXE
    1.2kB
    12.1kB
    11
    14

    HTTP Request

    GET https://yt3.ggpht.com/ytc/AIdro_ns5Q2Ep-lrnaJqjESyrKczAe8jet_i9cv1dpWnHIuEzQ=s68-c-k-c0x00ffffff-no-rj

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
    7.7kB
    9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.6kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
    7.7kB
    10
    13
  • 172.217.16.226:443
    https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    tls, http
    IEXPLORE.EXE
    1.2kB
    2.2kB
    7
    8

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/id

    HTTP Response

    302

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

    HTTP Response

    200
  • 172.217.16.226:443
    https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
    tls, http
    IEXPLORE.EXE
    1.2kB
    2.2kB
    7
    9

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/id

    HTTP Response

    302

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

    HTTP Response

    200
  • 8.8.8.8:53
    netdna.bootstrapcdn.com
    dns
    IEXPLORE.EXE
    69 B
    101 B
    1
    1

    DNS Request

    netdna.bootstrapcdn.com

    DNS Response

    104.18.10.207
    104.18.11.207

  • 8.8.8.8:53
    code.jquery.com
    dns
    IEXPLORE.EXE
    61 B
    125 B
    1
    1

    DNS Request

    code.jquery.com

    DNS Response

    151.101.194.137
    151.101.2.137
    151.101.130.137
    151.101.66.137

  • 8.8.8.8:53
    coinhive.com
    dns
    IEXPLORE.EXE
    58 B
    90 B
    1
    1

    DNS Request

    coinhive.com

    DNS Response

    172.67.165.117
    104.21.57.186

  • 8.8.8.8:53
    www.youtube.com
    dns
    IEXPLORE.EXE
    61 B
    319 B
    1
    1

    DNS Request

    www.youtube.com

    DNS Response

    142.250.180.14
    172.217.169.78
    142.250.178.14
    142.250.187.238
    142.250.187.206
    142.250.200.14
    142.250.179.238
    172.217.169.46
    216.58.212.206
    142.250.200.46
    216.58.212.238
    216.58.204.78
    172.217.16.238
    216.58.201.110

  • 8.8.8.8:53
    googleads.g.doubleclick.net
    dns
    IEXPLORE.EXE
    73 B
    89 B
    1
    1

    DNS Request

    googleads.g.doubleclick.net

    DNS Response

    172.217.16.226

  • 8.8.8.8:53
    static.doubleclick.net
    dns
    IEXPLORE.EXE
    68 B
    84 B
    1
    1

    DNS Request

    static.doubleclick.net

    DNS Response

    216.58.213.6

  • 8.8.8.8:53
    jnn-pa.googleapis.com
    dns
    IEXPLORE.EXE
    67 B
    275 B
    1
    1

    DNS Request

    jnn-pa.googleapis.com

    DNS Response

    142.250.200.10
    142.250.180.10
    216.58.212.234
    216.58.204.74
    142.250.179.234
    142.250.187.202
    172.217.169.74
    216.58.212.202
    142.250.200.42
    142.250.187.234
    142.250.178.10
    172.217.16.234
    216.58.201.106

  • 8.8.8.8:53
    www.google.com
    dns
    IEXPLORE.EXE
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.196

  • 8.8.8.8:53
    i.ytimg.com
    dns
    IEXPLORE.EXE
    57 B
    281 B
    1
    1

    DNS Request

    i.ytimg.com

    DNS Response

    172.217.169.86
    216.58.201.118
    172.217.16.246
    216.58.213.22
    142.250.180.22
    172.217.169.54
    142.250.187.246
    142.250.200.22
    142.250.179.246
    142.250.187.214
    142.250.178.22
    216.58.204.86
    142.250.200.54
    216.58.212.214

  • 8.8.8.8:53
    yt3.ggpht.com
    dns
    IEXPLORE.EXE
    59 B
    120 B
    1
    1

    DNS Request

    yt3.ggpht.com

    DNS Response

    142.250.180.1

  • 8.8.8.8:53
    fe0.google.com
    dns
    IEXPLORE.EXE
    60 B
    110 B
    1
    1

    DNS Request

    fe0.google.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    90e7fa1e04eee1c593fd3f3143989a85

    SHA1

    34d83ddf66e75963ea8c13eac7f1bcdbad3ad438

    SHA256

    7d631232b8ff40ad99bb222333caa249cbc9a2e1b68051e5951cb3ec8c878aed

    SHA512

    5a48e64ffd2a4a512486e35d25e9ad944396e4e02704e8c2593e496c2d86602a37f42f63f9507b7b5309c145306f863330425f877ee572e0c2ae0efdc3db0548

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ad9f37a00bc36632a7632b1b143fbf42

    SHA1

    42b74b358673a808d64215e1785253bae18c8261

    SHA256

    9d705dc47fd7062cc39f3fd63545ce99875b25909f50b0fd387defaa172cdc16

    SHA512

    34a87e04ad1ab33ae7ada9b5bca2e54ea04668b90109553dd8fb7eaba2f651359949caf73a5066bb1adbd11abe7581f878be3911b6495dee297937e373b2c124

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a9153a6f664de96f0b74832814d2799b

    SHA1

    5a87c869d1cb78ce3470b08eb93a30c81b284474

    SHA256

    c4f6f5365358fe9ac05812e9d13b78ef8cdcb593ef320376301d66b1219b5b67

    SHA512

    d391ed8ac4a6f33edcb5a40c53259be684fac184c173a200fdb830cb49d5849efa39d3919737e1183496e43a3add5099d8d82233fd323f9af75f1575e897cd37

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c8a3f5694592769a934a31034b7c807c

    SHA1

    cfcb6eb363aef544db1d4caf37d966b92c8772cc

    SHA256

    bbc7b63fcd2ff1fc0ed316d676366762e637f9690a0ea9a41f29f1e4988a36dc

    SHA512

    75f154d646e13ba083b0c5bb4ef69f8c2a275bcdabd61e3eab346c26a8fe7d62461b3a0a432167af31a7be3843395a2ea5a075390786ca9ae5f1b70e0f16e775

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1f62d03fa93f45c0d869e398a2a962a7

    SHA1

    35a33b2d8b8ff26e28d22afdd77707e83b8a265c

    SHA256

    672ff85123b732a7d4731e829826ddc4364b7af5f3e818ff5f37ba7c888a051a

    SHA512

    a9081391e1f9f51a11fc5dd44737d40920fddb70a637aaee22c5dacbe50a39d574fe39585a05eef20f8f2198d8fcc4f94d9146f3a7c8350b4eaee3d2434d2c9b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8f457ceecc913bb8697481ecf60c9aae

    SHA1

    b235563672ea44e29be5460015b6b3b2d54e9657

    SHA256

    c1980acffde210f8bc313622de80b13d44615f04cfae6f3c744176481bd245df

    SHA512

    a52a67c16f038f33c6005724085ab792db84c377777f454688bfc7e7f7d5661f9456e346dc474cd7f6dc2e8aefd715cdfbfb012dfee4835d6f91d05f5c6f9c8f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    484245cfa5f9c913e0bbf191f9ff34bb

    SHA1

    03725ff880b3fdb59ba4058d96ba04ce6fda18f1

    SHA256

    c3c120a60fdaab14aa60129c7fb4d1bed5940f6dcca3d3ef6d8c2ceea13714d3

    SHA512

    22f8f8ea73d40468e38611d4ca007e8a2b6f52178b93eda6fef4d2c839e4db31caed9d859a0d8c85b7b3f47efe0a692fe673f221f5272e21b14ca7b5a0775a12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    83f87bfe22829dbaa69f7a22d4b7c794

    SHA1

    d0e1217f8ac0b5e8b236bc04dd0c3ef9766c94d7

    SHA256

    a8d83ce245fac61492c7ce708061ac9ba457d733e01b90215846e63f768d4728

    SHA512

    fb9f1440eb942aa1dcb6d1512c165d9c003d4f24b70ee23ab5bf6cdaaaf7c85f93ee12ef80d7f3ba5ce85a1ef8276773f5f18d8f075a439af4336442fa88ecda

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6f1e13c2fcc85755f8021ccfac89c348

    SHA1

    38fe8376a58cbb1dfe8211ec6fda0d0332be3079

    SHA256

    54027833afaf3f635a8a62e44121f9e53ed97154b616924ba3c806a778e609a7

    SHA512

    6efefec35d88a418a8035f744e31300dce8a6a0635d830f13e8628e2e6a632ad12a464e13fb8c4553dbeb2f159ac32107e464df243e29a2e66e8de05e9abe45d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d2331e9a8952597925484808b146a78

    SHA1

    f7b9ecc38fa65b56960132a1cc0f801017b858cf

    SHA256

    f148bb6a27b23782878f38e3df9451e97dfe75104c99b886fc07163c9f0cc224

    SHA512

    921dcc3bbb629b99649b9464ad92334da88544bcf9b24d72079cac0e253827cbdb7c37c96b18ea3678a98b63525ad34b73ee74b2f53a9107297db29a4760d8c1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c6991ae6113a5ec3c4016f4d1595f11d

    SHA1

    962d2822b6a196a8880aff0138f900b72ebbf821

    SHA256

    7786cd84dc88d2c3eb5d081b36a5a659266d92e7823dedf973cf1d288ab60e8a

    SHA512

    154f7dac1ec4d1d03e74f7b5ed6cc788e42cf1b0bccfe7a9818e3428d57b5f1d41b67a5d3c36c466ac1614362c402c69bd39f0ab0d6476c16d0fec2a3245ab71

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c7b7235fb67e95c8e14c3c02a5969e1d

    SHA1

    9bb63b2feb65af80d59e7180953b4cbc7dec7784

    SHA256

    f5e00b08e02f82e2626a6510bee9d40a8de05fef7d88dc8d199a52f6275f9dd1

    SHA512

    f65d1edceddd2b3785dfc8a15abe44192ecaa5507546ffafa6b204aa5fc0903323a5ef60a547c2ffaa0887853f54a4cc608285ac6535af6f1fd27b7c4524014b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e7da7d327016477ef899236d0efd4da

    SHA1

    7c9636ccd8a4c057138f5cb11f023464381567b4

    SHA256

    ce625266a72c432241a1a3b8e977e7112fcf92718f64aac56970f9ebc7c0bb76

    SHA512

    2c8104c699fed85502914c504d9e4d868aa80290b944554ffa213a7e2e5f84f224662c40942ea6c0d3c11bb7d8b7fe108945695943a02ff6be7b2200b6d9a959

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9109fc1d03053c0f17f040218ac7fccf

    SHA1

    50fc4e4f1f4c34978ca465b6e7952a13b9b683de

    SHA256

    5aafd59ac264279fd197a8b30f3ccb9e478b4891a8a45d872f1f6b55caf3a4a4

    SHA512

    f8204c8afef04dbd430ec9dc6cba057f0e6ba339eaa26f9c7de06b4bc6d9bb58276fce6f2d6fe126bf195e8438964b3425a9fbbf222d0437ebc1501490afd470

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e9a174298f8746abbb4fa2d8f8df7d8

    SHA1

    2fd56627db3949543316b65d6eff89d5c2e2b8a6

    SHA256

    4426e757e092d12a54b4126b3fcf7643420b801c6de215344c9d8a1d9b1dee6e

    SHA512

    ac10f504a2de7e6254e5279108ca2dbe02247bb3b2206a091ef068cbcca6e79246d4d3f9e7485ec479031fb181cbb93f1a133402fb40873fc0b9e18d247a8c7d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    87f33a3accde30e314ab3fcf7ee1820c

    SHA1

    55fb4a271ac76c8fc4543a0194eeda96b4916eae

    SHA256

    f9d348b21d06a855d6ac5668a3291a61c49300ee2a5a46e608e9b150cad0a665

    SHA512

    3bd63474dbe55f584ca193f021408cbfa5e43149ef3aa382e01204a9b1e0603deea6ea4579be8762c4fe7bc83724573b8e38c292efa6b95146a9dab01b7b2fe3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e3bc8542f27e207f59d5b801758e8a9

    SHA1

    006332c2406c167626cc56576cdb456577b50cd9

    SHA256

    1f17f915628dbdeb5ae9e442573daa401e9532113dc9ebb187b1a480e2cf0abc

    SHA512

    02319e519b2afbb704ec567bb5a5e98abf29869c34e296f9273180bd8d9c520a3009474f07c5a834802a74e373b2c4add96b5cef8c2cab2f026177741afd0e70

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    812f28cefcdc8cb070e02921166a806c

    SHA1

    d18c9940464447767ffd8aed3f0fc9b8a2785e4d

    SHA256

    1e272e5143455d566427c1055cc69d15b1f5009e881495e533b1d8c770f031d4

    SHA512

    d3bf6afb48271fbc905be609ac7009f24d88506a15ff11e95efee9d7386be0695560cd42a4b84303258817c638a5c364adec10e63772761452b242c0d5372b65

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    159ef3f6cdcf2cd23e699565ff8b618b

    SHA1

    5584ed09d6d80059f042b123aef0113ec02d6ce5

    SHA256

    c4a7833f456aa521364c90eccc4d5fa426e273ee37ea385129bfdf36d2c725c3

    SHA512

    923f4739b71cfe749b555233043d9aef89af693c45e317d2bb9156431d9a76dfe3c1e1016c1e034d0878e3a7623db3827d6462fc81e561c4afb645c44eb709e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2899b4d28e2ded2a06fb3975bf7b7b3a

    SHA1

    b6372af912a5132abb7d4cab5ee119cf3500e225

    SHA256

    fd6984ff1a0793cb58fe563192897232e5dc182756ea03d28a7835e63fb4cbbd

    SHA512

    45defe6ea9d23e0a8ffa6362708b178306b42b4b45763d991164284cd9f55e3f0f3836949760c83bda8836c27704a6b21abf91ae4d25821bd1b7ffa8afa124a3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cfb4000e8c551b1c32733f302756c444

    SHA1

    43c53dfa2f8400fdd538c0f0ed64b1fdc0b02304

    SHA256

    26763fcc89c123725609e7e4e48c1ea66064ca2904b3205d7be9440ecc2c8a88

    SHA512

    94b08d3341ac7007604fcaed2733fb516419981b137d11701719191690ba2172a9025696f10e311acfb84d3d84aea798a372162a8b849d9e9b2a493e8f35210b

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    229B

    MD5

    5ed0459af414cae33e90d6629c8f75d3

    SHA1

    6f3d325c7852bb93601d34f1c84d4b9751fce920

    SHA256

    e2bcdf0e357037d1b8017f1b3e81a3499978c784f30a79b6294eaba9e7e0f448

    SHA512

    42bdc3dae30c37d5942a897dae5b9d51685458d4dae014e15bf73af1d186a48090e57bfcb58d2570ca434fb42ac28de2f546f25eb0d659abb9c454be460ddf03

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    229B

    MD5

    d22971b38e7d496a74b5cf66cdcde093

    SHA1

    337c3262024ffbecaf157759345fa9d334fa162c

    SHA256

    c6c127f7395767940d9bb01d94c7ece1e609f073f484e40c859eb0cd336c0660

    SHA512

    2d934c6404808446dd43a940b696b479ddf2974629a2ccc4b0c98ecb60e9d06738d1f30e827b0cd11e9bafe42185f6885e27843afd54c1b412dc4c07acb416f0

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    448B

    MD5

    021932150857e2d377c97fab7c5a6d43

    SHA1

    d240da1f5e58014d4c8395e193050d3f7882cf89

    SHA256

    970b7684d1f05ed3517317cddc20f89998b7b21ede61459f1cd2e433c1108b4d

    SHA512

    807d10dda9423d825f6755d491ce4c7fb2d19f3ddd11898d8a9f12a534799e69c3e90fb34d218c1ec7e8e9bdb8738d84efc33c0bcb98a7969e875b428b8c54c9

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    641B

    MD5

    12d7f77f8f2ce246580163546a0406b1

    SHA1

    5360727c3bd2f78d97f2bd634bafa6709e94e7dc

    SHA256

    8b6c7a09de46a71a9ef6529754797b092143359cc1702463bf19970fb9068333

    SHA512

    b56683a2b12279b01cda26cfe5b52e0f5f9533e976ae0c344c6ad8d0061916d70754bca521a19c77cc6f998a259597834ed292d89def5d62317c1166ce1a947c

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    16KB

    MD5

    e49463556c9e43c1824a6406a9638f44

    SHA1

    887fd8aa1daa2f9ac94ccda1867694405ec2fad7

    SHA256

    21012fbca7c29d70e23620d07e8f38ed9e3de9b2f7f2b8ddb9a04e6a5a108b79

    SHA512

    a0e385ee6a1fd1ee5826df8556a68b38d00577386acbb4022ae35f839298a12eaf1a979b57b60f5e041758805535cb6e727c928a7eb81a791025e291736b1894

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    990B

    MD5

    cf558cc805c4fd011cb3d0c68c9686b7

    SHA1

    785573207f08c8142f93e7ff8979a43f195d2576

    SHA256

    539a5ec49b26c95977fa0e92abb0c5aa85cedf6d3d949e8e12a95e4191a9730f

    SHA512

    1e292061068fab05d025301073e423e79f06796274f973a4ad65e37ffbc7559716bdcb972517701d64052ce7ba8636749efcb1cbfb8197e1b195a1073b9f8249

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    990B

    MD5

    95e3ad32d6be77909c10820c22bb7764

    SHA1

    c81c39d0bcd3c0128d3b604b6eb92352eab7e8f2

    SHA256

    c77345a4554005e667357d3db5f506cffe2387371436eabc24acee58ba664056

    SHA512

    67cf9573c53e0156fbc08dc438c85e89c61d4cb9d7852442be1da77945e50bfe5640ec6d56b042d0319317164b081687ed84e18e73ce4245c8207a117e7cb8ed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    990B

    MD5

    9e9c1b4a3198fb419fb60c01bec2ac7d

    SHA1

    1f2bcb67836f43dd48fac6f3b49a7c4861b63280

    SHA256

    a895e0b002f71029dbe9f131c3ec533350cafeae80692378fcb01e8cfcd5b02b

    SHA512

    d088cefc0b13d14ba2029b8980826c581cac8b07b86c71f287e349aa848a1325447eba9c16d863b170b46de5747e934a5317ba2c279df37e43131c8a191dc4cb

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    814B

    MD5

    1f914eac696298af883e7e43a8169434

    SHA1

    56608502828eab7e344f7f1f8819ad40b064c53b

    SHA256

    a4810548eaca6b999a993591d35fa253b65c9d8e68687585dcdf35c5ebefee16

    SHA512

    c8b5ecc7f4a0d73e1682020f45560d9825afb8a1490011bd95c53433059c9997ac06c26bea5771e5a4860324b75b8766c2d47c8b2d60835c320881652867d6de

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    990B

    MD5

    517fc78c0e743ce83808ea4971dcb798

    SHA1

    84cd6bb7f850555d2010de6b1f1df56b7120ff41

    SHA256

    3dfd7457b839d08dbb7aec7b6135f3eec26ec3f322bfecae3ef7ef8bf71488b8

    SHA512

    db1cfb010f8d677894a5e5fcd0438629ad6aa6fa9e5bc16bddd5bbea359448f7cc9097b2982c017c70cc2c4089e796d34edb212c0c38c5cef4c9af535ecbb57f

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    990B

    MD5

    9b3d362afcdc00423a93eecc2a312b3c

    SHA1

    51bfa6fafc3991d0092dee5593d6597ae493ecac

    SHA256

    00e525a2a5e4f6eb5e35b85f1ce21aacb82818fd85ce0283ee174d63c7824342

    SHA512

    4b4f8ef5fff25fc10869a8fb5e817367130f11ee5dddebd5941114852d5422af22dcc5881f2b339af5ea67eb0b21870a99db8376659b1118b1e44478d626ca0c

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    990B

    MD5

    45415d181ebfd36fd1fb9f1929137a9e

    SHA1

    1a91be4f101ac5de05cb4485aebb486508bfc6b1

    SHA256

    cfb64bc9ba925d829a30cc4bad83de550311e838c20b78a99d2cace08376c2ca

    SHA512

    f5eeee2fa9335e04ca90e96606f9fc6034c2092dfeba28f1bf6179d2093afb391606453aedc7be62844a2e7da38c1bb695dc69d2a5c01d2d9b27be61b226a484

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\77863Z3T\www.youtube[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Temp\Cab39F7.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar39F8.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.