a8b398b240d7df104cd08c7393b9fbb583e47923d9343dd0044dacc791b86ea9

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 18:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3ac963f2eade6d8c7a14282e5352b43_JaffaCakes118.html
Size

131KB
MD5

a3ac963f2eade6d8c7a14282e5352b43
SHA1

004f84da16f7cd2e3c50b55e4f31230c07a99118
SHA256

a8b398b240d7df104cd08c7393b9fbb583e47923d9343dd0044dacc791b86ea9
SHA512

29ed06da036b95a1b06eb0e0f743b2291080deaf013ac624133b774841bdc83af49da9f3fe230e3fdfdb3d20fbc52bed1ab67c19d3d10494678a4be64e58bf88
SSDEEP

3072:GwIA0zeaUDkzzQ5sVHxGyr0gvdyHFK7BvO4ebQ7ZZb7hr69aBnXTaF18KlBoRL/n:Gz6Qj

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4564	msedge.exe
4564	msedge.exe
852	identity_helper.exe
852	identity_helper.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 2520	4564	msedge.exe	84
PID 4564 wrote to memory of 2520	4564	msedge.exe	84
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 3132	4564	msedge.exe	85
PID 4564 wrote to memory of 4044	4564	msedge.exe	86
PID 4564 wrote to memory of 4044	4564	msedge.exe	86
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87
PID 4564 wrote to memory of 1192	4564	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3ac963f2eade6d8c7a14282e5352b43_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffbb4c946f8,0x7ffbb4c94708,0x7ffbb4c94718
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9588551465753134042,8541900999153207517,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

s7.addthis.com

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN A

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net

e4016.a.akamaiedge.net

IN A

2.18.109.243
DNS

nguyenhuytap.googlecode.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nguyenhuytap.googlecode.com

IN A

Response

nguyenhuytap.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

142.251.31.82
DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.215.41
GET

https://www.blogger.com/static/v1/widgets/14020288-widget_css_bundle.css

msedge.exe

Remote address:

216.58.215.41:443

Request

GET /static/v1/widgets/14020288-widget_css_bundle.css HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/static/v1/widgets/4144282483-widgets.js

msedge.exe

Remote address:

216.58.215.41:443

Request

GET /static/v1/widgets/4144282483-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5468084349050922117&zx=9e6eecfd-1117-4b4b-bb48-23680ee582b4

msedge.exe

Remote address:

216.58.215.41:443

Request

GET /dyn-css/authorization.css?targetBlogID=5468084349050922117&zx=9e6eecfd-1117-4b4b-bb48-23680ee582b4 HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://nguyenhuytap.googlecode.com/files/jquery.min.v1.4.1.js

msedge.exe

Remote address:

142.251.31.82:443

Request

GET /files/jquery.min.v1.4.1.js HTTP/2.0
host: nguyenhuytap.googlecode.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://nguyenhuytap.googlecode.com/files/recent14.js

msedge.exe

Remote address:

142.251.31.82:443

Request

GET /files/recent14.js HTTP/2.0
host: nguyenhuytap.googlecode.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.179.78
DNS

sauciu.googlecode.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sauciu.googlecode.com

IN A

Response

sauciu.googlecode.com

IN CNAME

googlecode.l.googleusercontent.com

googlecode.l.googleusercontent.com

IN A

142.251.31.82
DNS

1.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

216.58.213.65
DNS

2.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

216.58.213.65
DNS

lh4.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh4.googleusercontent.com

IN A

Response

lh4.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.179.65
DNS

lh6.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh6.googleusercontent.com

IN A

Response

lh6.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.179.65
DNS

i.upanh.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.upanh.com

IN A

Response

i.upanh.com

IN A

46.51.221.158
DNS

3.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

216.58.213.65
DNS

resources.blogblog.com

msedge.exe

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.215.41
DNS

4.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

216.58.213.65
DNS

lh5.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh5.googleusercontent.com

IN A

Response

lh5.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.179.65
DNS

lh3.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.179.65
GET

http://sauciu.googlecode.com/files/mrelatedpost.js

msedge.exe

Remote address:

142.251.31.82:80

Request

GET /files/mrelatedpost.js HTTP/1.1
Host: sauciu.googlecode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1582
Date: Sat, 17 Aug 2024 18:37:07 GMT
GET

http://1.bp.blogspot.com/-vmzr8xYY8fs/Ts-oVg2xm6I/AAAAAAAAADY/U3kOPBcRfOY/s1600/vn.png

msedge.exe

Remote address:

216.58.213.65:80

Request

GET /-vmzr8xYY8fs/Ts-oVg2xm6I/AAAAAAAAADY/U3kOPBcRfOY/s1600/vn.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="vn.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 446
X-XSS-Protection: 0
Date: Sat, 17 Aug 2024 16:03:35 GMT
Expires: Sun, 18 Aug 2024 16:03:35 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 9212
ETag: "v36"
Content-Type: image/png
Vary: Origin
GET

http://1.bp.blogspot.com/-1RsIuFLYXIE/Ud-fKIUIkZI/AAAAAAAAAJI/UeecOWY_2cM/s1600/56756373.png

msedge.exe

Remote address:

216.58.213.65:80

Request

GET /-1RsIuFLYXIE/Ud-fKIUIkZI/AAAAAAAAAJI/UeecOWY_2cM/s1600/56756373.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="56756373.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 14200
X-XSS-Protection: 0
Date: Sat, 17 Aug 2024 18:37:06 GMT
Expires: Sun, 18 Aug 2024 18:37:06 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v93"
Content-Type: image/png
Vary: Origin
Age: 1
GET

http://1.bp.blogspot.com/-zgNsIpXxJJE/Ts-oVoylT3I/AAAAAAAAADk/DW6LSIzDvLY/s1600/us.png

msedge.exe

Remote address:

216.58.213.65:80

Request

GET /-zgNsIpXxJJE/Ts-oVoylT3I/AAAAAAAAADk/DW6LSIzDvLY/s1600/us.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="us.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 620
X-XSS-Protection: 0
Date: Sat, 17 Aug 2024 16:03:35 GMT
Expires: Sun, 18 Aug 2024 16:03:35 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 9212
ETag: "v39"
Content-Type: image/png
Vary: Origin
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

142.250.179.78:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://2.bp.blogspot.com/-rusV7fc5two/Ud-fHVFPefI/AAAAAAAAAIo/BW8KrBUKLqY/s1600/56755822.logocopy.png

msedge.exe

Remote address:

216.58.213.65:80

Request

GET /-rusV7fc5two/Ud-fHVFPefI/AAAAAAAAAIo/BW8KrBUKLqY/s1600/56755822.logocopy.png HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="56755822.logocopy.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 30470
X-XSS-Protection: 0
Date: Sat, 17 Aug 2024 18:37:06 GMT
Expires: Sun, 18 Aug 2024 18:37:06 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v8b"
Content-Type: image/png
Vary: Origin
Age: 1
GET

http://4.bp.blogspot.com/-D5gKODMzZ0I/Uc_lZ73quzI/AAAAAAAAACs/aqQQdhDtQA8/s72-c/icon+goi+dien.jpg

msedge.exe

Remote address:

216.58.213.65:80

Request

GET /-D5gKODMzZ0I/Uc_lZ73quzI/AAAAAAAAACs/aqQQdhDtQA8/s72-c/icon+goi+dien.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="icon goi dien.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 2253
X-XSS-Protection: 0
Date: Sat, 17 Aug 2024 18:37:06 GMT
Expires: Sun, 18 Aug 2024 18:37:06 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2c"
Content-Type: image/jpeg
Vary: Origin
Age: 1
GET

https://lh4.googleusercontent.com/-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg HTTP/2.0
host: lh4.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh4.googleusercontent.com/-Gru2cLmFwcI/TtTg4D0DuJI/AAAAAAAABGA/RGSalmz0kQA/s18/iconsearchr.gif

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-Gru2cLmFwcI/TtTg4D0DuJI/AAAAAAAABGA/RGSalmz0kQA/s18/iconsearchr.gif HTTP/2.0
host: lh4.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh4.googleusercontent.com/-M9bTXv6l8y8/UHzxNGfvszI/AAAAAAAAD_Q/vifUw8RtPbg/s12/RSS.png

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-M9bTXv6l8y8/UHzxNGfvszI/AAAAAAAAD_Q/vifUw8RtPbg/s12/RSS.png HTTP/2.0
host: lh4.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh4.googleusercontent.com/-bFMa5R2nfZI/UH15Udpt_mI/AAAAAAAAEBM/0ME5ciXjQm4/s16/twitter.png

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-bFMa5R2nfZI/UH15Udpt_mI/AAAAAAAAEBM/0ME5ciXjQm4/s16/twitter.png HTTP/2.0
host: lh4.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/-PP-kteLdf8g/UHb-ZUHbgBI/AAAAAAAAD2Q/Xs3Hv2_6IL8/s26/bg-nav-foot.jpg

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-PP-kteLdf8g/UHb-ZUHbgBI/AAAAAAAAD2Q/Xs3Hv2_6IL8/s26/bg-nav-foot.jpg HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/-Tie8MX__wvA/UHehq5XkyzI/AAAAAAAAD4w/fOZkTtYvAQk/s48/li-right.jpg

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-Tie8MX__wvA/UHehq5XkyzI/AAAAAAAAD4w/fOZkTtYvAQk/s48/li-right.jpg HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/-QBU9fAwdWQE/Ud_zG3tFxYI/AAAAAAAAAMg/IHJtnDXlhjI/w300-h250-no/quang+cao.png

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-QBU9fAwdWQE/Ud_zG3tFxYI/AAAAAAAAAMg/IHJtnDXlhjI/w300-h250-no/quang+cao.png HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh5.googleusercontent.com/-i04EiWmSFuc/UHzl8QMHfrI/AAAAAAAAD-c/nA4x4LVDGIk/s125/headerj.gif

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-i04EiWmSFuc/UHzl8QMHfrI/AAAAAAAAD-c/nA4x4LVDGIk/s125/headerj.gif HTTP/2.0
host: lh5.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh5.googleusercontent.com/-zJIbSjA0Vpc/UHwi-xtFy4I/AAAAAAAAD9M/12JPXvcuwqw/s32/njnm.gif

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-zJIbSjA0Vpc/UHwi-xtFy4I/AAAAAAAAD9M/12JPXvcuwqw/s32/njnm.gif HTTP/2.0
host: lh5.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh6.googleusercontent.com/-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh6.googleusercontent.com/-ikwqo8Fs1x8/UHzkFs1r5OI/AAAAAAAAD-I/77cKlsVO54Q/s101/hnjn.gif

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-ikwqo8Fs1x8/UHzkFs1r5OI/AAAAAAAAD-I/77cKlsVO54Q/s101/hnjn.gif HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh6.googleusercontent.com/-8Q8_bB8Jhf8/UH15SxtVP4I/AAAAAAAAEAw/5A9nHwtU3As/s16/facebook.png

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-8Q8_bB8Jhf8/UH15SxtVP4I/AAAAAAAAEAw/5A9nHwtU3As/s16/facebook.png HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh6.googleusercontent.com/-mGuMMXcOEkM/UH15S1Px2EI/AAAAAAAAEAo/ICNRZxoRk_g/s16/googlebuzz.png

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-mGuMMXcOEkM/UH15S1Px2EI/AAAAAAAAEAo/ICNRZxoRk_g/s16/googlebuzz.png HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh6.googleusercontent.com/-VcU-ixwuk2o/Ud_zFTkc4fI/AAAAAAAAAL0/vyOlzJc0HCU/w830-h74-no/56757145.baner+%25281%2529.gif

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /-VcU-ixwuk2o/Ud_zFTkc4fI/AAAAAAAAAL0/vyOlzJc0HCU/w830-h74-no/56757145.baner+%25281%2529.gif HTTP/2.0
host: lh6.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://3.bp.blogspot.com/-gjSXwM5eyjU/TZa3mvhqdBI/AAAAAAAABY4/c6t0LcUeu6o/s1600/vers-haut-icone-7320-48.png

msedge.exe

Remote address:

216.58.213.65:80

Request

GET /-gjSXwM5eyjU/TZa3mvhqdBI/AAAAAAAABY4/c6t0LcUeu6o/s1600/vers-haut-icone-7320-48.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="vers-haut-icone-7320-48.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 3455
X-XSS-Protection: 0
Date: Sat, 17 Aug 2024 18:37:06 GMT
Expires: Sun, 18 Aug 2024 18:37:06 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v58e"
Content-Type: image/png
Vary: Origin
Age: 1
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

msedge.exe

Remote address:

216.58.215.41:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

opi.yahoo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

opi.yahoo.com

IN A

Response
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

41.215.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.215.58.216.in-addr.arpa

IN PTR

Response

41.215.58.216.in-addr.arpa

IN PTR

par21s17-in-f91e100net
DNS

82.31.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.31.251.142.in-addr.arpa

IN PTR

Response

82.31.251.142.in-addr.arpa

IN PTR

eq-in-f821e100net
DNS

65.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.213.58.216.in-addr.arpa

IN PTR

Response

65.213.58.216.in-addr.arpa

IN PTR

lhr25s01-in-f651e100net

65.213.58.216.in-addr.arpa

IN PTR

lhr25s01-in-f1�H

65.213.58.216.in-addr.arpa

IN PTR

par21s18-in-f1�H
DNS

78.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.179.250.142.in-addr.arpa

IN PTR

Response

78.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f141e100net
DNS

65.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.179.250.142.in-addr.arpa

IN PTR

Response

65.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f11e100net
DNS

s7.addthis.com

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN A

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net

e4016.a.akamaiedge.net

IN A

2.18.109.243
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

99.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.58.20.217.in-addr.arpa

IN PTR

Response
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
GET

http://sauciu.googlecode.com/files/mrelatedpost.js

msedge.exe

Remote address:

142.251.31.82:80

Request

GET /files/mrelatedpost.js HTTP/1.1
Host: sauciu.googlecode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1582
Date: Sat, 17 Aug 2024 18:37:50 GMT
DNS

connect.facebook.net

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.247.8
DNS

connect.facebook.net

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.247.8
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
DNS

240.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.143.123.92.in-addr.arpa

IN PTR

Response

240.143.123.92.in-addr.arpa

IN PTR

a92-123-143-240deploystaticakamaitechnologiescom
DNS

240.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.143.123.92.in-addr.arpa

IN PTR

Response

240.143.123.92.in-addr.arpa

IN PTR

a92-123-143-240deploystaticakamaitechnologiescom
DNS

duocphamxanh.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

duocphamxanh.blogspot.com

IN A

Response

duocphamxanh.blogspot.com

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

142.250.201.161
GET

http://duocphamxanh.blogspot.com/favicon.ico

msedge.exe

Remote address:

142.250.201.161:80

Request

GET /favicon.ico HTTP/1.1
Host: duocphamxanh.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/x-icon; charset=UTF-8
Expires: Sat, 17 Aug 2024 18:38:13 GMT
Date: Sat, 17 Aug 2024 18:38:13 GMT
Cache-Control: private, max-age=86400
Last-Modified: Wed, 03 Jul 2024 02:15:55 GMT
ETag: W/"c6c3c602c51f4fa19deb92bff95a78900a8b1e1a9bf88f90b2b311f7f54ac4d4"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 285
Server: GSE
DNS

161.201.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.201.250.142.in-addr.arpa

IN PTR

Response

161.201.250.142.in-addr.arpa

IN PTR

par21s23-in-f11e100net
DNS

161.201.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.201.250.142.in-addr.arpa

IN PTR

Response

161.201.250.142.in-addr.arpa

IN PTR

par21s23-in-f11e100net
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388115_1OIS3ERNXZ6FC49JX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388115_1OIS3ERNXZ6FC49JX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 1145630
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 407AB2FDA9824FE28398A2EAA635DC10 Ref B: LON04EDGE1012 Ref C: 2024-08-17T18:38:49Z
date: Sat, 17 Aug 2024 18:38:48 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 474395
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EC3C95210AA248A6A23C956966B6C2AC Ref B: LON04EDGE1012 Ref C: 2024-08-17T18:38:49Z
date: Sat, 17 Aug 2024 18:38:48 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 522409
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A29074B892E7410986CE177ACFCCBB59 Ref B: LON04EDGE1012 Ref C: 2024-08-17T18:38:49Z
date: Sat, 17 Aug 2024 18:38:48 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388116_1HBZ24TGK6VST5MLJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388116_1HBZ24TGK6VST5MLJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 504006
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C8B6AF2AAE964E6D89CB7181CF2D1F29 Ref B: LON04EDGE1012 Ref C: 2024-08-17T18:38:49Z
date: Sat, 17 Aug 2024 18:38:48 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 534196
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8130F0BF789649D681B17B32F1D85252 Ref B: LON04EDGE1012 Ref C: 2024-08-17T18:38:49Z
date: Sat, 17 Aug 2024 18:38:49 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 1071336
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F70EBCE63E1140CA801CB2DC3517125F Ref B: LON04EDGE1012 Ref C: 2024-08-17T18:38:51Z
date: Sat, 17 Aug 2024 18:38:50 GMT

2.18.109.243:445

s7.addthis.com

260 B
5
216.58.215.41:443

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5468084349050922117&zx=9e6eecfd-1117-4b4b-bb48-23680ee582b4

tls, http2

msedge.exe

4.4kB
93.0kB
66
84

HTTP Request

GET https://www.blogger.com/static/v1/widgets/14020288-widget_css_bundle.css

HTTP Request

GET https://www.blogger.com/static/v1/widgets/4144282483-widgets.js

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5468084349050922117&zx=9e6eecfd-1117-4b4b-bb48-23680ee582b4
142.251.31.82:443

nguyenhuytap.googlecode.com

tls, http2

msedge.exe

999 B
5.8kB
9
8
142.251.31.82:443

https://nguyenhuytap.googlecode.com/files/recent14.js

tls, http2

msedge.exe

2.0kB
9.9kB
18
20

HTTP Request

GET https://nguyenhuytap.googlecode.com/files/jquery.min.v1.4.1.js

HTTP Request

GET https://nguyenhuytap.googlecode.com/files/recent14.js
142.251.31.82:80

http://sauciu.googlecode.com/files/mrelatedpost.js

http

msedge.exe

599 B
1.9kB
6
5

HTTP Request

GET http://sauciu.googlecode.com/files/mrelatedpost.js

HTTP Response

404
216.58.213.65:80

http://1.bp.blogspot.com/-vmzr8xYY8fs/Ts-oVg2xm6I/AAAAAAAAADY/U3kOPBcRfOY/s1600/vn.png

http

msedge.exe

731 B
1.2kB
7
6

HTTP Request

GET http://1.bp.blogspot.com/-vmzr8xYY8fs/Ts-oVg2xm6I/AAAAAAAAADY/U3kOPBcRfOY/s1600/vn.png

HTTP Response

200
216.58.213.65:80

http://1.bp.blogspot.com/-1RsIuFLYXIE/Ud-fKIUIkZI/AAAAAAAAAJI/UeecOWY_2cM/s1600/56756373.png

http

msedge.exe

967 B
15.3kB
12
16

HTTP Request

GET http://1.bp.blogspot.com/-1RsIuFLYXIE/Ud-fKIUIkZI/AAAAAAAAAJI/UeecOWY_2cM/s1600/56756373.png

HTTP Response

200
216.58.213.65:80

http://1.bp.blogspot.com/-zgNsIpXxJJE/Ts-oVoylT3I/AAAAAAAAADk/DW6LSIzDvLY/s1600/us.png

http

msedge.exe

731 B
1.4kB
7
6

HTTP Request

GET http://1.bp.blogspot.com/-zgNsIpXxJJE/Ts-oVoylT3I/AAAAAAAAADk/DW6LSIzDvLY/s1600/us.png

HTTP Response

200
142.250.179.78:443

https://apis.google.com/js/plusone.js

tls, http2

msedge.exe

2.5kB
29.5kB
32
31

HTTP Request

GET https://apis.google.com/js/plusone.js
216.58.213.65:80

http://2.bp.blogspot.com/-rusV7fc5two/Ud-fHVFPefI/AAAAAAAAAIo/BW8KrBUKLqY/s1600/56755822.logocopy.png

http

msedge.exe

1.3kB
32.1kB
18
28

HTTP Request

GET http://2.bp.blogspot.com/-rusV7fc5two/Ud-fHVFPefI/AAAAAAAAAIo/BW8KrBUKLqY/s1600/56755822.logocopy.png

HTTP Response

200
216.58.213.65:80

http://4.bp.blogspot.com/-D5gKODMzZ0I/Uc_lZ73quzI/AAAAAAAAACs/aqQQdhDtQA8/s72-c/icon+goi+dien.jpg

http

msedge.exe

742 B
3.0kB
7
7

HTTP Request

GET http://4.bp.blogspot.com/-D5gKODMzZ0I/Uc_lZ73quzI/AAAAAAAAACs/aqQQdhDtQA8/s72-c/icon+goi+dien.jpg

HTTP Response

200
142.250.179.65:443

https://lh4.googleusercontent.com/-bFMa5R2nfZI/UH15Udpt_mI/AAAAAAAAEBM/0ME5ciXjQm4/s16/twitter.png

tls, http2

msedge.exe

2.5kB
14.6kB
23
25

HTTP Request

GET https://lh4.googleusercontent.com/-qFtpVy76z3k/UHehqGbwiWI/AAAAAAAAD4g/m8MeHKWjsFU/s15/ico-p.jpg

HTTP Request

GET https://lh4.googleusercontent.com/-Gru2cLmFwcI/TtTg4D0DuJI/AAAAAAAABGA/RGSalmz0kQA/s18/iconsearchr.gif

HTTP Request

GET https://lh4.googleusercontent.com/-M9bTXv6l8y8/UHzxNGfvszI/AAAAAAAAD_Q/vifUw8RtPbg/s12/RSS.png

HTTP Request

GET https://lh4.googleusercontent.com/-bFMa5R2nfZI/UH15Udpt_mI/AAAAAAAAEBM/0ME5ciXjQm4/s16/twitter.png
142.250.179.65:443

lh4.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
142.250.179.65:443

lh4.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
142.250.179.65:443

lh4.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
142.250.179.65:443

https://lh3.googleusercontent.com/-QBU9fAwdWQE/Ud_zG3tFxYI/AAAAAAAAAMg/IHJtnDXlhjI/w300-h250-no/quang+cao.png

tls, http2

msedge.exe

2.5kB
16.2kB
24
28

HTTP Request

GET https://lh3.googleusercontent.com/-PP-kteLdf8g/UHb-ZUHbgBI/AAAAAAAAD2Q/Xs3Hv2_6IL8/s26/bg-nav-foot.jpg

HTTP Request

GET https://lh3.googleusercontent.com/-Tie8MX__wvA/UHehq5XkyzI/AAAAAAAAD4w/fOZkTtYvAQk/s48/li-right.jpg

HTTP Request

GET https://lh3.googleusercontent.com/-QBU9fAwdWQE/Ud_zG3tFxYI/AAAAAAAAAMg/IHJtnDXlhjI/w300-h250-no/quang+cao.png
142.250.179.65:443

lh3.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
142.250.179.65:443

lh5.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
142.250.179.65:443

https://lh5.googleusercontent.com/-zJIbSjA0Vpc/UHwi-xtFy4I/AAAAAAAAD9M/12JPXvcuwqw/s32/njnm.gif

tls, http2

msedge.exe

2.1kB
14.4kB
19
22

HTTP Request

GET https://lh5.googleusercontent.com/-i04EiWmSFuc/UHzl8QMHfrI/AAAAAAAAD-c/nA4x4LVDGIk/s125/headerj.gif

HTTP Request

GET https://lh5.googleusercontent.com/-zJIbSjA0Vpc/UHwi-xtFy4I/AAAAAAAAD9M/12JPXvcuwqw/s32/njnm.gif
142.250.179.65:443

https://lh6.googleusercontent.com/-VcU-ixwuk2o/Ud_zFTkc4fI/AAAAAAAAAL0/vyOlzJc0HCU/w830-h74-no/56757145.baner+%25281%2529.gif

tls, http2

msedge.exe

6.1kB
222.2kB
99
172

HTTP Request

GET https://lh6.googleusercontent.com/-ZB01xbweylQ/UHaC2q6ldZI/AAAAAAAADyk/LoWcnGJPGGs/s238/content-texture.png

HTTP Request

GET https://lh6.googleusercontent.com/-ikwqo8Fs1x8/UHzkFs1r5OI/AAAAAAAAD-I/77cKlsVO54Q/s101/hnjn.gif

HTTP Request

GET https://lh6.googleusercontent.com/-8Q8_bB8Jhf8/UH15SxtVP4I/AAAAAAAAEAw/5A9nHwtU3As/s16/facebook.png

HTTP Request

GET https://lh6.googleusercontent.com/-mGuMMXcOEkM/UH15S1Px2EI/AAAAAAAAEAo/ICNRZxoRk_g/s16/googlebuzz.png

HTTP Request

GET https://lh6.googleusercontent.com/-VcU-ixwuk2o/Ud_zFTkc4fI/AAAAAAAAAL0/vyOlzJc0HCU/w830-h74-no/56757145.baner+%25281%2529.gif
142.250.179.65:443

lh6.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
142.250.179.65:443

lh6.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
142.250.179.65:443

lh6.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
142.250.179.65:443

lh6.googleusercontent.com

tls, http2

msedge.exe

1.0kB
10.8kB
10
11
216.58.213.65:80

http://3.bp.blogspot.com/-gjSXwM5eyjU/TZa3mvhqdBI/AAAAAAAABY4/c6t0LcUeu6o/s1600/vers-haut-icone-7320-48.png

http

msedge.exe

798 B
4.3kB
8
8

HTTP Request

GET http://3.bp.blogspot.com/-gjSXwM5eyjU/TZa3mvhqdBI/AAAAAAAABY4/c6t0LcUeu6o/s1600/vers-haut-icone-7320-48.png

HTTP Response

200
216.58.215.41:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http2

msedge.exe

1.8kB
7.0kB
15
16

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png
46.51.221.158:80

i.upanh.com

msedge.exe

260 B
5
46.51.221.158:80

i.upanh.com

msedge.exe

260 B
5
142.250.179.66:445

pagead2.googlesyndication.com

260 B
5
142.250.179.66:139

pagead2.googlesyndication.com

260 B
5
142.251.31.82:80

http://sauciu.googlecode.com/files/mrelatedpost.js

http

msedge.exe

599 B
1.9kB
6
4

HTTP Request

GET http://sauciu.googlecode.com/files/mrelatedpost.js

HTTP Response

404
157.240.221.35:445

www.facebook.com

260 B
5
157.240.247.8:445

connect.facebook.net

260 B
5
157.240.247.8:139

connect.facebook.net

260 B
5
142.250.201.161:80

http://duocphamxanh.blogspot.com/favicon.ico

http

msedge.exe

597 B
933 B
5
5

HTTP Request

GET http://duocphamxanh.blogspot.com/favicon.ico

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.3kB
7.3kB
17
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
16
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

157.6kB
4.5MB
3361
3353

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388115_1OIS3ERNXZ6FC49JX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388116_1HBZ24TGK6VST5MLJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
16
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.5kB
6.8kB
17
11

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

s7.addthis.com

dns

60 B
169 B
1
1

DNS Request

s7.addthis.com

DNS Response

2.18.109.243
8.8.8.8:53

nguyenhuytap.googlecode.com

dns

msedge.exe

73 B
134 B
1
1

DNS Request

nguyenhuytap.googlecode.com

DNS Response

142.251.31.82
8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

216.58.215.41
216.58.215.41:443

www.blogger.com

https

msedge.exe

4.6kB
10.0kB
14
18
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.179.78
8.8.8.8:53

sauciu.googlecode.com

dns

msedge.exe

67 B
128 B
1
1

DNS Request

sauciu.googlecode.com

DNS Response

142.251.31.82
8.8.8.8:53

1.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

216.58.213.65
8.8.8.8:53

2.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

216.58.213.65
8.8.8.8:53

lh4.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh4.googleusercontent.com

DNS Response

142.250.179.65
8.8.8.8:53

lh6.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh6.googleusercontent.com

DNS Response

142.250.179.65
8.8.8.8:53

i.upanh.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

i.upanh.com

DNS Response

46.51.221.158
8.8.8.8:53

3.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

216.58.213.65
8.8.8.8:53

resources.blogblog.com

dns

msedge.exe

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

216.58.215.41
8.8.8.8:53

4.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

216.58.213.65
8.8.8.8:53

lh5.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh5.googleusercontent.com

DNS Response

142.250.179.65
8.8.8.8:53

lh3.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

lh3.googleusercontent.com

DNS Response

142.250.179.65
8.8.8.8:53

opi.yahoo.com

dns

msedge.exe

59 B
120 B
1
1

DNS Request

opi.yahoo.com
142.250.179.65:443

lh3.googleusercontent.com

https

msedge.exe

3.0kB
6.2kB
4
5
142.250.179.65:443

lh3.googleusercontent.com

https

msedge.exe

3.0kB
6.2kB
4
5
142.250.179.65:443

lh3.googleusercontent.com

https

msedge.exe

9.6kB
192.3kB
83
157
142.250.179.65:443

lh3.googleusercontent.com

https

msedge.exe

3.0kB
6.2kB
4
5
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

41.215.58.216.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

41.215.58.216.in-addr.arpa
8.8.8.8:53

82.31.251.142.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

82.31.251.142.in-addr.arpa
8.8.8.8:53

65.213.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

65.213.58.216.in-addr.arpa
8.8.8.8:53

78.179.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.179.250.142.in-addr.arpa
8.8.8.8:53

65.179.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

65.179.250.142.in-addr.arpa
8.8.8.8:53

s7.addthis.com

dns

60 B
169 B
1
1

DNS Request

s7.addthis.com

DNS Response

2.18.109.243
224.0.0.251:5353

msedge.exe

525 B
8
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
142.250.179.78:443

apis.google.com

https

msedge.exe

7.3kB
397.6kB
82
297
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

99.58.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

99.58.20.217.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

connect.facebook.net

dns

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

157.240.247.8
8.8.8.8:53

connect.facebook.net

dns

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

157.240.247.8
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

240.143.123.92.in-addr.arpa

dns

146 B
278 B
2
2

DNS Request

240.143.123.92.in-addr.arpa

DNS Request

240.143.123.92.in-addr.arpa
8.8.8.8:53

duocphamxanh.blogspot.com

dns

msedge.exe

71 B
130 B
1
1

DNS Request

duocphamxanh.blogspot.com

DNS Response

142.250.201.161
8.8.8.8:53

161.201.250.142.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

161.201.250.142.in-addr.arpa

DNS Request

161.201.250.142.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
340 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10

DNS Response

150.171.28.10

150.171.27.10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ccfa5c0e85062e3c06989591b6ea850b

SHA1
e39e8868d79b26ca38168012dfd9ed96239b1be0

SHA256
ac7247a821c1a0c7498b007e25b6f96b194e4fed7e12610d0f21175984d20f64

SHA512
403c8763d874b368b2692c9e0b7f0b73e329622d595c383cc5dde283440f866ccce3c0fc93cbeb92deeb8adb2455be05d47c910ec8e76e17f3cc6ced2f76f093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8bf32ff707c2dcdd77831a34c46f9cd3

SHA1
b796f0c306a71602d89d92d2aeb6bdb85b982ec5

SHA256
132fbc9b047fb545ff79d938d763b1a2a15f09b20e87cd48db0092bd4302b04f

SHA512
08eff6b16d04adce2c49c590bb3e0dd65234795b0733426bcfc3c7283efb782b292c6d6e95ef6b0ec79a22315b806a0fa732a7361dcec0fc278742d89088115b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5b10b619085176f0e49fc5a0d9c309e9

SHA1
dd9a2dc05c27f64c7d3497d3195fe97a453451aa

SHA256
b6f7f097f541ea4d22f3394ee2578c32f53a32aa2258c1f8b53fa12ae3090981

SHA512
8d07684afda1dabb9aa45230309779f26fbe33d83c34ef267ee93c67eeeaa26049da46d22a757e47b4d8abe2fe5b2f01ba57b57e0ab81465668da47342ab3fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2555c3e274db297cf175cc9fa436e6c2

SHA1
16afcc588ee3f037579d63227fb1aceaedaf5560

SHA256
db885423ec15a7434f50ae9da7a956f211945765a6c98ec55c1276de0f5f79b1

SHA512
57b7c4c6e9c0ecbc5c68969f0deceb67c571023acaeffa6205f448de7e68e30089003541c1ad15724891ef3ea7f64ba069ad1b54c709e1e0bd804a41335258f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b7beb7bf0a721109211267166ec112b

SHA1
47302fa19a8340f2bf79642888c836de00b52d66

SHA256
c97f84213d67e8d3b352ebb328b21b8380f7eb9bf5e038d9522047583f31b153

SHA512
68221d3aff5fc5e477fcc90f7119e01ca3e31f72608c538fd787ce3184a3988e83af667f9bd65ee89e31170e807db68e37790e0a7b125a4ed61cbea15976acfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5df2fa10f444263fbc32c84ddb182501

SHA1
c13d354bd2714f5ab81d579a6adbae8b24ff1a6e

SHA256
c49c5f94c532418b0aa26e1d3d6ae65aed34ac94405d868c02aafae8f04ad334

SHA512
227242f7549f5edc210da94f288d655c3c09443a1127c46af012133276d038c13633e12aacbe2e3e3de7681374e7d25353bace55a99250ab7574c50ceae06355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7374620cde931302ce951d72072ed7c6

SHA1
48ecb76d70145ca07d1b6463e28b229cfc5a9d72

SHA256
745cc04871077fa84171bc9ac59c4da481e3297e6ab535777e5b0defe7bcf8e9

SHA512
1a7605fb90ebbf80c0983f9acec75c25e1c13c6464365f3331c8d805cef32c56a35ad123b0cade31eb22c9ec710960c5904e9255c45fb8686bb61ed38d7f194f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c055796f660ab424740cc54770be332c

SHA1
6016e0bf703435bc7ed9af7e20a2770d7238ca8d

SHA256
b748bb4734279f59f34da93e90ecb9a1cb36799eb295fa7078fed31bfa2a5d6f

SHA512
07376688ae4a85e85ef4542bf00461b6ab206cb69203032f8bad50df6c557c545071fa8c42400432616c40871b0aaa80c9d76b11a5879f3cdedcfd923a1189c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request