67dd007fcda2f31d183021d1b0cf65d7a1a1c3ad232371dc3c2d38c05213ba96

Analysis

max time kernel
141s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 04:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Size

140KB
MD5

0ca57fc7a6686f0d256062653f314a8d
SHA1

ace8f5fac4eb409a45c4af92b5867cdff4041165
SHA256

67dd007fcda2f31d183021d1b0cf65d7a1a1c3ad232371dc3c2d38c05213ba96
SHA512

d2c62232da88608184d021eead18f7561555f7b71f7bfe15751c80e1663891618d2efc08dc3abaf40b8735c396027f5f9b09bfc086e61f9458b83f7ea79da9d8
SSDEEP

3072:am4bH9vTQbR76mS40PidJW63e3g4qjRz6DHzg8X0gxyUgawrxVj:DyvTb4lcAlsHZE5X3tV

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	4568	WerFault.exe	86

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Download	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3940	msedge.exe
3940	msedge.exe
4876	identity_helper.exe
4876	identity_helper.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3272	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4568	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 3940	4568	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe	95
PID 4568 wrote to memory of 3940	4568	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe	95
PID 3940 wrote to memory of 4076	3940	msedge.exe	96
PID 3940 wrote to memory of 4076	3940	msedge.exe	96
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3184	3940	msedge.exe	98
PID 3940 wrote to memory of 3184	3940	msedge.exe	98
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 388
  2⤵
  - Program crash
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81c8146f8,0x7ff81c814708,0x7ff81c814718
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:2944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:1412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4704 /prefetch:8
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    PID:2944
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
    3⤵
    PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
    3⤵
    PID:4304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4568 -ip 4568
1⤵
PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x158 0x294
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3272

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83iFSfY9e0IgCuu7fJup75DVUCUwiDo_z6-F6yKeUg98TyD3OGsQvgfBZ58gCdRCR_9fEOZKMrN4m7VCrNfDFhoyNMvDliYoRJMlQzSo66CoH0ujIvf7CSrSUM2tc3nID6RhJUzSIxaCMDHR7CQIiwI0km4wxfCC3tDSJ_D344SEnql4i%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D18379322f5e71a3aa864f54a574e3d4d&TIME=20240611T191728Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351&muid=82EA48EC8031841EBBBB3EE75126D09B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83iFSfY9e0IgCuu7fJup75DVUCUwiDo_z6-F6yKeUg98TyD3OGsQvgfBZ58gCdRCR_9fEOZKMrN4m7VCrNfDFhoyNMvDliYoRJMlQzSo66CoH0ujIvf7CSrSUM2tc3nID6RhJUzSIxaCMDHR7CQIiwI0km4wxfCC3tDSJ_D344SEnql4i%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D18379322f5e71a3aa864f54a574e3d4d&TIME=20240611T191728Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=385B58B7738367A70F504C1E72A46669; domain=.bing.com; expires=Sun, 20-Jul-2025 04:55:26 GMT; path=/; SameSite=None; Secure; Priority=High;
set-cookie: MR=0; domain=g.bing.com; expires=Tue, 02-Jul-2024 04:55:26 GMT; path=/; SameSite=None; Secure;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 673F4D5271134376A821ABF7F7CB1659 Ref B: LON04EDGE0610 Ref C: 2024-06-25T04:55:26Z
date: Tue, 25 Jun 2024 04:55:26 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83iFSfY9e0IgCuu7fJup75DVUCUwiDo_z6-F6yKeUg98TyD3OGsQvgfBZ58gCdRCR_9fEOZKMrN4m7VCrNfDFhoyNMvDliYoRJMlQzSo66CoH0ujIvf7CSrSUM2tc3nID6RhJUzSIxaCMDHR7CQIiwI0km4wxfCC3tDSJ_D344SEnql4i%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D18379322f5e71a3aa864f54a574e3d4d&TIME=20240611T191728Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351&muid=82EA48EC8031841EBBBB3EE75126D09B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83iFSfY9e0IgCuu7fJup75DVUCUwiDo_z6-F6yKeUg98TyD3OGsQvgfBZ58gCdRCR_9fEOZKMrN4m7VCrNfDFhoyNMvDliYoRJMlQzSo66CoH0ujIvf7CSrSUM2tc3nID6RhJUzSIxaCMDHR7CQIiwI0km4wxfCC3tDSJ_D344SEnql4i%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D18379322f5e71a3aa864f54a574e3d4d&TIME=20240611T191728Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=385B58B7738367A70F504C1E72A46669; _EDGE_S=SID=20E49B851739681233578F2C16F96921; MR=0

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=b4N13YoB6nkQyK-HoFmz0OA203ZA7LcvClHptgwSOpo; domain=.bing.com; expires=Sun, 20-Jul-2025 04:55:26 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BC28D2B07B72438DAFA23D9EFD295DE0 Ref B: LON04EDGE0610 Ref C: 2024-06-25T04:55:26Z
date: Tue, 25 Jun 2024 04:55:26 GMT
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

144.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.107.17.2.in-addr.arpa

IN PTR

Response

144.107.17.2.in-addr.arpa

IN PTR

a2-17-107-144deploystaticakamaitechnologiescom
GET

https://www.bing.com/aes/c.gif?RG=72f843ce013b45ac95e9407234310130&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191728Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=72f843ce013b45ac95e9407234310130&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191728Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=385B58B7738367A70F504C1E72A46669

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A03E9D45F8549E2BF86726DC44E65F4 Ref B: DUS30EDGE0309 Ref C: 2024-06-25T04:55:26Z
content-length: 0
date: Tue, 25 Jun 2024 04:55:26 GMT
set-cookie: _EDGE_S=SID=20E49B851739681233578F2C16F96921; path=/; httponly; domain=bing.com
set-cookie: MUIDB=385B58B7738367A70F504C1E72A46669; path=/; httponly; expires=Sun, 20-Jul-2025 04:55:26 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1719291326.f09b381
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

142.250.178.14
GET

http://www.youtube.com/watch?v=gOO_UqzEc5Y

msedge.exe

Remote address:

142.250.200.14:80

Request

GET /watch?v=gOO_UqzEc5Y HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 25 Jun 2024 04:55:31 GMT
Location: https://www.youtube.com/watch?v=gOO_UqzEc5Y
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

https://www.youtube.com/watch?v=gOO_UqzEc5Y

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /watch?v=gOO_UqzEc5Y HTTP/2.0
host: www.youtube.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/84314bef/player_ias.vflset/en_US/base.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/player/84314bef/player_ias.vflset/en_US/base.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/desktop_polymer.vflset/desktop_polymer.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/desktop_polymer.vflset/desktop_polymer.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/webcomponents-sd.vflset/webcomponents-sd.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/webcomponents-sd.vflset/webcomponents-sd.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/intersection-observer.min.vflset/intersection-observer.min.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/intersection-observer.min.vflset/intersection-observer.min.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/player/84314bef/www-player.css

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/player/84314bef/www-player.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/cssbin/www-main-desktop-watch-page-skeleton.css

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/cssbin/www-main-desktop-watch-page-skeleton.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/cssbin/www-main-desktop-player-skeleton.css

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/cssbin/www-main-desktop-player-skeleton.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/cssbin/www-onepick.css

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/cssbin/www-onepick.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/scheduler.vflset/scheduler.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/scheduler.vflset/scheduler.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.IeQtB9536rA.L.B1.O/am=AAACtA/d=0/br=1/rs=AGKMywFh1U0uRbtdX6YD4WswBTt1c-gvdw

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.IeQtB9536rA.L.B1.O/am=AAACtA/d=0/br=1/rs=AGKMywFh1U0uRbtdX6YD4WswBTt1c-gvdw HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/spf.vflset/spf.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/spf.vflset/spf.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
GET

https://www.youtube.com/s/desktop/252a8b44/jsbin/network.vflset/network.js

msedge.exe

Remote address:

142.250.200.14:443

Request

GET /s/desktop/252a8b44/jsbin/network.vflset/network.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/watch?v=gOO_UqzEc5Y
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: YSC=0a6pEV6Tedc
cookie: __Secure-YEC=Cgs2U2dJVUJ6YUVHYyjDm-mzBjIKCgJHQhIEGgAgbA%3D%3D
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbA%3D%3D
DNS

i.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.180.22
DNS

rr1---sn-aigl6nzk.googlevideo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rr1---sn-aigl6nzk.googlevideo.com

IN A

Response

rr1---sn-aigl6nzk.googlevideo.com

IN CNAME

rr1.sn-aigl6nzk.googlevideo.com

rr1.sn-aigl6nzk.googlevideo.com

IN A

74.125.175.102
GET

https://i.ytimg.com/generate_204

msedge.exe

Remote address:

142.250.200.54:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://rr1---sn-aigl6nzk.googlevideo.com/generate_204

msedge.exe

Remote address:

74.125.175.102:443

Request

GET /generate_204 HTTP/1.1
Host: rr1---sn-aigl6nzk.googlevideo.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://www.youtube.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Server: gvs 1.0
Date: Tue, 25 Jun 2024 04:55:31 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
Content-Length: 0
GET

https://rr1---sn-aigl6nzk.googlevideo.com/generate_204?conn2

msedge.exe

Remote address:

74.125.175.102:443

Request

GET /generate_204?conn2 HTTP/1.1
Host: rr1---sn-aigl6nzk.googlevideo.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://www.youtube.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Server: gvs 1.0
Date: Tue, 25 Jun 2024 04:55:31 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
Content-Length: 0
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

54.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.200.250.142.in-addr.arpa

IN PTR

Response

54.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f221e100net
DNS

102.175.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

102.175.125.74.in-addr.arpa

IN PTR

Response

102.175.125.74.in-addr.arpa

IN PTR

lhr25s47-in-f61e100net
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

209.85.203.84
GET

https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

msedge.exe

Remote address:

209.85.203.84:443

Request

GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

84.203.85.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.203.85.209.in-addr.arpa

IN PTR

Response

84.203.85.209.in-addr.arpa

IN PTR

dh-in-f841e100net
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

216.58.204.74
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

142.250.187.234:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

227.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.212.58.216.in-addr.arpa

IN PTR

Response

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2271e100net

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f3�J

227.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f3�J
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
GET

https://www.google.com/js/th/YjCNJ0mFj9HiCkQt39lQVpZzkP0G8dlYH-ABayRLdFs.js

msedge.exe

Remote address:

142.250.187.196:443

Request

GET /js/th/YjCNJ0mFj9HiCkQt39lQVpZzkP0G8dlYH-ABayRLdFs.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

youtube.com

IN A

Response

youtube.com

IN A

142.250.200.46
GET

https://youtube.com/

msedge.exe

Remote address:

142.250.200.46:443

Request

GET / HTTP/2.0
host: youtube.com
pragma: no-cache
cache-control: no-cache
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

46.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664170
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A2163409A734232995E7702D4B4F3D7 Ref B: LON04EDGE1009 Ref C: 2024-06-25T04:57:06Z
date: Tue, 25 Jun 2024 04:57:06 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 612524
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E823A545C3ED42E88223A1AB4738EBD0 Ref B: LON04EDGE1009 Ref C: 2024-06-25T04:57:06Z
date: Tue, 25 Jun 2024 04:57:06 GMT
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response

13.107.21.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83iFSfY9e0IgCuu7fJup75DVUCUwiDo_z6-F6yKeUg98TyD3OGsQvgfBZ58gCdRCR_9fEOZKMrN4m7VCrNfDFhoyNMvDliYoRJMlQzSo66CoH0ujIvf7CSrSUM2tc3nID6RhJUzSIxaCMDHR7CQIiwI0km4wxfCC3tDSJ_D344SEnql4i%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D18379322f5e71a3aa864f54a574e3d4d&TIME=20240611T191728Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351&muid=82EA48EC8031841EBBBB3EE75126D09B

tls, http2

2.5kB
9.2kB
20
18

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83iFSfY9e0IgCuu7fJup75DVUCUwiDo_z6-F6yKeUg98TyD3OGsQvgfBZ58gCdRCR_9fEOZKMrN4m7VCrNfDFhoyNMvDliYoRJMlQzSo66CoH0ujIvf7CSrSUM2tc3nID6RhJUzSIxaCMDHR7CQIiwI0km4wxfCC3tDSJ_D344SEnql4i%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D18379322f5e71a3aa864f54a574e3d4d&TIME=20240611T191728Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351&muid=82EA48EC8031841EBBBB3EE75126D09B

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83iFSfY9e0IgCuu7fJup75DVUCUwiDo_z6-F6yKeUg98TyD3OGsQvgfBZ58gCdRCR_9fEOZKMrN4m7VCrNfDFhoyNMvDliYoRJMlQzSo66CoH0ujIvf7CSrSUM2tc3nID6RhJUzSIxaCMDHR7CQIiwI0km4wxfCC3tDSJ_D344SEnql4i%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D18379322f5e71a3aa864f54a574e3d4d&TIME=20240611T191728Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351&muid=82EA48EC8031841EBBBB3EE75126D09B

HTTP Response

204
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=72f843ce013b45ac95e9407234310130&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191728Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351

tls, http2

1.5kB
5.4kB
17
15

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=72f843ce013b45ac95e9407234310130&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191728Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6755470484009351

HTTP Response

200
142.250.200.14:80

www.youtube.com

msedge.exe

236 B
208 B
5
4
142.250.200.14:80

http://www.youtube.com/watch?v=gOO_UqzEc5Y

http

msedge.exe

788 B
684 B
7
6

HTTP Request

GET http://www.youtube.com/watch?v=gOO_UqzEc5Y

HTTP Response

301
142.250.200.14:443

https://www.youtube.com/s/desktop/252a8b44/jsbin/network.vflset/network.js

tls, http2

msedge.exe

63.9kB
3.0MB
1286
2154

HTTP Request

GET https://www.youtube.com/watch?v=gOO_UqzEc5Y

HTTP Request

GET https://www.youtube.com/s/player/84314bef/player_ias.vflset/en_US/base.js

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/desktop_polymer.vflset/desktop_polymer.js

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/webcomponents-sd.vflset/webcomponents-sd.js

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/intersection-observer.min.vflset/intersection-observer.min.js

HTTP Request

GET https://www.youtube.com/s/player/84314bef/www-player.css

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/cssbin/www-main-desktop-watch-page-skeleton.css

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/cssbin/www-main-desktop-player-skeleton.css

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/cssbin/www-onepick.css

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/scheduler.vflset/scheduler.js

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js

HTTP Request

GET https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.IeQtB9536rA.L.B1.O/am=AAACtA/d=0/br=1/rs=AGKMywFh1U0uRbtdX6YD4WswBTt1c-gvdw

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/spf.vflset/spf.js

HTTP Request

GET https://www.youtube.com/s/desktop/252a8b44/jsbin/network.vflset/network.js
142.250.200.54:443

https://i.ytimg.com/generate_204

tls, http2

msedge.exe

1.7kB
6.5kB
14
14

HTTP Request

GET https://i.ytimg.com/generate_204
74.125.175.102:443

https://rr1---sn-aigl6nzk.googlevideo.com/generate_204

tls, http

msedge.exe

1.6kB
5.8kB
11
12

HTTP Request

GET https://rr1---sn-aigl6nzk.googlevideo.com/generate_204

HTTP Response

204
74.125.175.102:443

https://rr1---sn-aigl6nzk.googlevideo.com/generate_204?conn2

tls, http

msedge.exe

1.6kB
5.8kB
11
12

HTTP Request

GET https://rr1---sn-aigl6nzk.googlevideo.com/generate_204?conn2

HTTP Response

204
209.85.203.84:443

https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

tls, http2

msedge.exe

2.1kB
7.6kB
17
18

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en
142.250.187.234:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

msedge.exe

1.9kB
6.8kB
16
17

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.187.196:443

https://www.google.com/js/th/YjCNJ0mFj9HiCkQt39lQVpZzkP0G8dlYH-ABayRLdFs.js

tls, http2

msedge.exe

1.8kB
27.6kB
15
31

HTTP Request

GET https://www.google.com/js/th/YjCNJ0mFj9HiCkQt39lQVpZzkP0G8dlYH-ABayRLdFs.js
142.250.179.238:443

play.google.com

tls, http2

msedge.exe

943 B
7.6kB
8
9
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.9kB
8.7kB
16
20

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.200.46:443

https://youtube.com/

tls, http2

msedge.exe

1.7kB
9.5kB
13
19

HTTP Request

GET https://youtube.com/
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

48.3kB
1.3MB
968
965

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

144.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

144.107.17.2.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

www.youtube.com

dns

msedge.exe

61 B
303 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.200.14

216.58.213.14

172.217.16.238

216.58.201.110

142.250.187.238

142.250.187.206

216.58.212.206

172.217.169.46

142.250.179.238

142.250.200.46

142.250.180.14

216.58.204.78

142.250.178.14
142.250.200.14:443

www.youtube.com

https

msedge.exe

20.8kB
170.8kB
100
166
8.8.8.8:53

i.ytimg.com

dns

msedge.exe

57 B
249 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.200.54

142.250.178.22

142.250.179.246

142.250.187.214

142.250.200.22

216.58.212.214

216.58.201.118

216.58.213.22

216.58.204.86

172.217.16.246

142.250.187.246

142.250.180.22
8.8.8.8:53

rr1---sn-aigl6nzk.googlevideo.com

dns

msedge.exe

79 B
125 B
1
1

DNS Request

rr1---sn-aigl6nzk.googlevideo.com

DNS Response

74.125.175.102
142.250.200.54:443

i.ytimg.com

https

msedge.exe

3.6kB
8.4kB
8
11
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

54.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

54.200.250.142.in-addr.arpa
8.8.8.8:53

102.175.125.74.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

102.175.125.74.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

209.85.203.84
209.85.203.84:443

accounts.google.com

https

msedge.exe

3.3kB
11.3kB
15
18
8.8.8.8:53

84.203.85.209.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.203.85.209.in-addr.arpa
8.8.8.8:53

jnn-pa.googleapis.com

dns

msedge.exe

67 B
275 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.187.234

216.58.212.202

142.250.178.10

142.250.179.234

142.250.187.202

216.58.201.106

142.250.180.10

172.217.16.234

216.58.212.234

216.58.213.10

142.250.200.42

142.250.200.10

216.58.204.74
142.250.187.234:443

jnn-pa.googleapis.com

https

msedge.exe

6.5kB
50.8kB
29
46
8.8.8.8:53

227.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

227.212.58.216.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
8.8.8.8:53

youtube.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

youtube.com

DNS Response

142.250.200.46
142.250.179.238:443

play.google.com

https

msedge.exe

8.0kB
9.2kB
20
23
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

46.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

46.200.250.142.in-addr.arpa
224.0.0.251:5353

596 B
9
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
340 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

10.27.171.150.in-addr.arpa

DNS Request

10.27.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
203e05fd57d8c2983818aafb42305597

SHA1
c7913172e78bdb2559ad96b1febb80f0696730fe

SHA256
de39a33474477fa24f74e8c3a22ffab691f2cc61e3bf7f02a8ab9a6e3f3bf078

SHA512
12ad2286ceb269b37e2ad65ed91ddbe51b36b3f0fac1a21ff7e96f52505ab5688825c69a6e1d39e3b6d560d7e39d442b31bc19ff46d686bc5a7200427da03649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
abe2061b6ced8f924b4a7946c629503a

SHA1
0aef6f3ddcc04861f483bf9c0a2d25fc3886fccc

SHA256
8b4328e619e72dfdbcea2575c2992e00ec7e75797fc8a1c3d9210c5216b8b688

SHA512
7af4e2c1fb1f0d202e4114b13303ef6aea9dc9b8f6a9bbcc5d9fab96ef9ac42c23fc24b4c82ccd0cc6c20bd9de72c6e864fe5d98d876b88ab8ed5f064a6fc181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b1478e3ef130678a3c5a76b1097cc74d

SHA1
f27507b86d6300e41f9c2c600f6c32ce18b8ba9b

SHA256
6cbb44b54a10bfa6267ab33948db814394d1368e0fbe378964b87afc0135de3a

SHA512
0b79da887161fc9718b30b5456300171c16569f4694973a3ce0648049bdacf533ec42e35e8ffc574419e9981842d2103129dbd955abf2dc35539808dfcea08e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db49f3b0ce39ec8d13cfb943a17ed4ca

SHA1
30bdfe68f8c8f95dcf1fec23fcf42ef2e33babd8

SHA256
5b8718e7266fd03ec6bb777846ef5fa3fb27832d9ef016c6f04623ebf3878ce9

SHA512
b9ba63a138aef936dd493a18566e067566c38f7680f5580944ca4b53c0ff29ccf89ce3183df9b0a2cb5a7604484d6aecf469a084bc9a331209f7c25acdf9d38e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2110e4b6dc4d67788d6645da4a8232d2

SHA1
1f48d136a9db57ce8d077103560d21e642d27763

SHA256
4aa575dca29c9a9a45f16ae592a42cf251c93f1307d708f4f29566769f4ce2f0

SHA512
5e801cd66f377cb85680a9b1ff2c0757cf8c271006951c068db77b69db513d11c500efaa1e031ed049d4b6dc3985fc34393e3bde4a25eab654e5a768d2708eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fc61588-84c2-4029-ab96-17146db922f0\index-dir\the-real-index

Filesize
2KB

MD5
e006cd2cb86b69e3a4523840e6b95e3c

SHA1
f29f5bfc753a8c2c07d9453aca319e3f23b7535a

SHA256
43eb969f7a208dd465bcf0982c571883c5e561f9948c2ed8277f56367bea78c0

SHA512
a804f34cd1cb68b0c608a8983691bab9f595fcec5d571788b6f68ec774e962ad19a7173c342b2048c97e9d02a3429338341147fe0a936f0fd12915f424f35782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fc61588-84c2-4029-ab96-17146db922f0\index-dir\the-real-index~RFe57fef1.TMP

Filesize
48B

MD5
05edf82913e524dfc20cdfc2c71df8de

SHA1
286b02ff7d5ce72c07925a82d1bf880fb6874610

SHA256
79ffc388ef36ee176de3e02c2178ea4c8990a9b70cb42adef13cdb9e2488c02e

SHA512
065ee6358c61981f10bdd42a0307d25c619418fd2a07b849c0304410d112307e7be1099e948c770188a6a36228142062577af895d81f6cd2ec2b504fbd0e7302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
c095b811e848294ce345115a5c0aaa8f

SHA1
ae1643a02e1e96e1a402fe3b769b1696abc8749d

SHA256
f5608640e6633d1e063b8ae6eea73157c6bacfe57f6869596118f2b8d38f909c

SHA512
9b9a2fd29ec681726db3ad6ebb31f80f8f88e51a978c8c8dfaea66280fa157027bf5efb7c4effcdf4cd0d0e612fd66b7e92ade57cdb9624817d022c4d874bdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5b5e8c3509bdb4d753de85e887018d77

SHA1
d948386c2f9c855d7f5581b51b335b4cdafedae1

SHA256
8d4fb857f7b31ddbe54d541892bbf7e813bd39a7873a6fbf2ad900258461cdab

SHA512
69459d85e39429a3ca88898a0cafcc2b08960f543b4ec2391401e738fcc133d8827092c7ebb6581a0e116d16c91732b38235d38415f7074991712a894e53d3ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
c85a4daaf0283b9f9ca870fc314a5be4

SHA1
8a1b9b34c4e5b77104393921cd40d7271026be2b

SHA256
721e6358338d1baa790473268b8f6ee75c41ab16217ec4173f1b97d1289c0684

SHA512
41a4e81dc1b4f6bbe8793a20221e505d6bd9cf266599a71acdfb244a780b97488ed2259709b427e269a0dc91945b98e8b8ab61079307522580f5c545bcc02d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c798618e02863c62524859607b17c577

SHA1
201a7620f96463d50f5a0d886c09ab2f075b5912

SHA256
4a70cf1ab1abda8f0c8c496eb420c626333b9a7996e1aea6edfabf9e2ceb7437

SHA512
cebf3b379d91af8b89e8b1519ddf39d341656686f0ee1e588c82baa26d3c8e091d680f9e9924cf56fc7bdc6a9e3523be6771c000453d6843f201807f9b055988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d6eff7d57a1f5c246a8c5ab45fa0f60f

SHA1
cf94900589c19efaa716f9dbd8e9939043874349

SHA256
1cf69c109ad6999a6753d0fb3cad3820ce0958fa03381c3b298009eb244a9373

SHA512
7738b8219f306904b31642609b6b2b21d97c5a880e72b0ede23d74e5fdfff8d864ca71f8385ec6359ada8e1968020f466ae22f48e99a8364b4b852e81e8263df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f906.TMP

Filesize
48B

MD5
8d8f6384d2a5bdaba0125c2eb38ee17a

SHA1
9aa66617cf1739a978f230870fa073b2700107d2

SHA256
bcebd075b3ecdefba15e17eaa7d00e947dfe5b9ae2395c4901b1144a313305ca

SHA512
3f00508128a340cba68c33c5c1587dc6ea13d7b6befb411aabf11b448660de2b79b80538e02df57fefbb89042a6fcd30f9389a8b10681b1bc3da03e20b911080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9252f021bbb66b50367cf5ea9268c3b

SHA1
6676a4b9cf81b7e533f9f340bdc208c176dabf37

SHA256
1df4260ff52d39ec9e01f3e1b994ec7b99456490800bccd4778c6a7955e94b28

SHA512
d7f754630a7ab655b9fab33329a14be5f58bb89e6083c894b3fab6e8fd4c99954e8204f1fb64dd727bb772f8c6781ce5335f3b222f8668b668ec41919283a7bc

Download Submit
memory/4568-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4568-7-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4568-8-0x00000000005E0000-0x0000000000626000-memory.dmp

Filesize
280KB

Download
memory/4568-3-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4568-2-0x00000000005E0000-0x0000000000626000-memory.dmp

Filesize
280KB

Download
memory/4568-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request