Resubmissions

28-10-2024 00:39

241028-az5gqawemb 10

28-10-2024 00:38

241028-azgewstmar 3

20-10-2024 18:41

241020-xbtfwatele 10

Analysis

  • max time kernel
    6s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-10-2024 00:38

General

  • Target

    http://google.com

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc45246f8,0x7ffdc4524708,0x7ffdc4524718
      2⤵
        PID:3116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
        2⤵
          PID:560
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1912
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
          2⤵
            PID:3716
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
            2⤵
              PID:2952
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:2100
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
                2⤵
                  PID:3688
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
                  2⤵
                    PID:4052
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2988
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
                    2⤵
                      PID:4476
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3655709871926926813,17647486865368823741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                      2⤵
                        PID:3112
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:5012
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3696

                        Network

                        • flag-us
                          DNS
                          8.8.8.8.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          8.8.8.8.in-addr.arpa
                          IN PTR
                          Response
                          8.8.8.8.in-addr.arpa
                          IN PTR
                          dnsgoogle
                        • flag-us
                          DNS
                          149.220.183.52.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          149.220.183.52.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          google.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          google.com
                          IN A
                          Response
                          google.com
                          IN A
                          172.217.16.238
                        • flag-gb
                          GET
                          http://google.com/
                          msedge.exe
                          Remote address:
                          172.217.16.238:80
                          Request
                          GET / HTTP/1.1
                          Host: google.com
                          Connection: keep-alive
                          DNT: 1
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Response
                          HTTP/1.1 301 Moved Permanently
                          Location: http://www.google.com/
                          Content-Type: text/html; charset=UTF-8
                          Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-L1F1eDnUaf4T9Zrk45SIEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
                          Permissions-Policy: unload=()
                          Date: Mon, 28 Oct 2024 00:39:04 GMT
                          Expires: Wed, 27 Nov 2024 00:39:04 GMT
                          Cache-Control: public, max-age=2592000
                          Server: gws
                          Content-Length: 219
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                        • flag-us
                          DNS
                          www.google.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.google.com
                          IN A
                          Response
                          www.google.com
                          IN A
                          172.217.169.36
                        • flag-gb
                          GET
                          http://www.google.com/
                          msedge.exe
                          Remote address:
                          172.217.169.36:80
                          Request
                          GET / HTTP/1.1
                          Host: www.google.com
                          Connection: keep-alive
                          DNT: 1
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Response
                          HTTP/1.1 302 Found
                          Location: https://www.google.com/?gws_rd=ssl
                          Cache-Control: private
                          Content-Type: text/html; charset=UTF-8
                          Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-UTLrENm9WYSYyJ-C7CsQCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
                          Permissions-Policy: unload=()
                          Date: Mon, 28 Oct 2024 00:39:04 GMT
                          Server: gws
                          Content-Length: 231
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                          Set-Cookie: AEC=AVYB7cpCe4CrE7RXNQsNjQXfVWx1e224ejLlf_z7oOf1QwktCYLnTlvckQ; expires=Sat, 26-Apr-2025 00:39:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                        • flag-gb
                          GET
                          https://www.google.com/?gws_rd=ssl
                          msedge.exe
                          Remote address:
                          172.217.169.36:443
                          Request
                          GET /?gws_rd=ssl HTTP/2.0
                          host: www.google.com
                          dnt: 1
                          upgrade-insecure-requests: 1
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                          sec-fetch-site: none
                          sec-fetch-mode: navigate
                          sec-fetch-user: ?1
                          sec-fetch-dest: document
                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                          sec-ch-ua-mobile: ?0
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-gb
                          GET
                          https://www.google.com/xjs/_/ss/k=xjs.hd.PXLohcdDHcw.L.W.O/am=JFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAAAAoAAQkAAAAIwAAGwAgAAAAAAAEAAAGAAAAAAAACQAAAAgAAIABQAAAAAAQAAACAASBAAAFAEAABCAAEKAAAACLID3KwAJCICCIB6FAAAAwAAAACEIDGAYgKACAKMAAQAAAAAAAAhACAAAAEQAIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACAABACAmAAYIAMQAAAAAAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAIIAAIACgAAAAAAAAAAAAAAAAAAAAAAg/d=1/ed=1/rs=ACT90oEFPCbyTncYquDeksBfhNI4AhtjIA/m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi
                          msedge.exe
                          Remote address:
                          172.217.169.36:443
                          Request
                          GET /xjs/_/ss/k=xjs.hd.PXLohcdDHcw.L.W.O/am=JFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAAAAoAAQkAAAAIwAAGwAgAAAAAAAEAAAGAAAAAAAACQAAAAgAAIABQAAAAAAQAAACAASBAAAFAEAABCAAEKAAAACLID3KwAJCICCIB6FAAAAwAAAACEIDGAYgKACAKMAAQAAAAAAAAhACAAAAEQAIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACAABACAmAAYIAMQAAAAAAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAIIAAIACgAAAAAAAAAAAAAAAAAAAAAAg/d=1/ed=1/rs=ACT90oEFPCbyTncYquDeksBfhNI4AhtjIA/m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi HTTP/2.0
                          host: www.google.com
                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                          sec-ch-ua-arch: "x86"
                          sec-ch-ua-full-version: "92.0.902.67"
                          sec-ch-ua-platform-version: "10.0"
                          sec-ch-ua-model:
                          sec-ch-ua-platform: "Windows"
                          accept: text/css,*/*;q=0.1
                          sec-fetch-site: same-origin
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: style
                          referer: https://www.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: AEC=AVYB7crBqmPjbQgpxDQxyxws6mnV5rHJ1_U7qyr1oEuNW0r10NhH5ymVaT4
                          cookie: __Secure-ENID=23.SE=Ffpz_Tep1zynrcHbNShpL_KCpq8zQOXiXyDjT71GhUlf8WONFpVUAYqIf4D97iqij0wcQlwhnm-p3HvOBKmygGCyX9XgW5S71ckppocBmVnUQJPnNviQaNgtpq2M9Ma_hR7Czk261GPF8NwN57xPtpTBFKxMpsofNYUBewhmpRagN93lWC7EjGlQoN2STgfjP3eRCVk0KPey
                        • flag-gb
                          GET
                          https://www.google.com/xjs/_/js/k=xjs.hd.en.Kd-Hj1F9wUU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAACAgAAJAAAAAIACAAAAAAAAAAAAAAAAAAAgQCAAACQAAAgAAACABQAgAgEAEAAAACAQAAAQIAHgUTYAAEQAkAAABAAAIAAACICCAAAACAAAwAAAACAIAAAAAIACAAAAAAAAAAAAAAAAAAAAAQQIAAAAAAAAAAAAABAAAAAAoAcAAAAAAAAAAAgAAEAQAAAYIAMQAAAAAAAAoA8AggfgkMICAAAAAAAAAAAAAAAIYIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB/d=1/ed=1/dg=3/rs=ACT90oE3CwS2V9XDYEHyXb7b_8CVdyef5g/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi
                          msedge.exe
                          Remote address:
                          172.217.169.36:443
                          Request
                          GET /xjs/_/js/k=xjs.hd.en.Kd-Hj1F9wUU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAACAgAAJAAAAAIACAAAAAAAAAAAAAAAAAAAgQCAAACQAAAgAAACABQAgAgEAEAAAACAQAAAQIAHgUTYAAEQAkAAABAAAIAAACICCAAAACAAAwAAAACAIAAAAAIACAAAAAAAAAAAAAAAAAAAAAQQIAAAAAAAAAAAAABAAAAAAoAcAAAAAAAAAAAgAAEAQAAAYIAMQAAAAAAAAoA8AggfgkMICAAAAAAAAAAAAAAAIYIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB/d=1/ed=1/dg=3/rs=ACT90oE3CwS2V9XDYEHyXb7b_8CVdyef5g/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi HTTP/2.0
                          host: www.google.com
                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                          sec-ch-ua-arch: "x86"
                          sec-ch-ua-full-version: "92.0.902.67"
                          sec-ch-ua-platform-version: "10.0"
                          sec-ch-ua-model:
                          sec-ch-ua-platform: "Windows"
                          accept: */*
                          sec-fetch-site: same-origin
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: script
                          referer: https://www.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: AEC=AVYB7crBqmPjbQgpxDQxyxws6mnV5rHJ1_U7qyr1oEuNW0r10NhH5ymVaT4
                          cookie: __Secure-ENID=23.SE=Ffpz_Tep1zynrcHbNShpL_KCpq8zQOXiXyDjT71GhUlf8WONFpVUAYqIf4D97iqij0wcQlwhnm-p3HvOBKmygGCyX9XgW5S71ckppocBmVnUQJPnNviQaNgtpq2M9Ma_hR7Czk261GPF8NwN57xPtpTBFKxMpsofNYUBewhmpRagN93lWC7EjGlQoN2STgfjP3eRCVk0KPey
                        • flag-us
                          DNS
                          79.190.18.2.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          79.190.18.2.in-addr.arpa
                          IN PTR
                          Response
                          79.190.18.2.in-addr.arpa
                          IN PTR
                          a2-18-190-79deploystaticakamaitechnologiescom
                        • flag-us
                          DNS
                          238.16.217.172.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          238.16.217.172.in-addr.arpa
                          IN PTR
                          Response
                          238.16.217.172.in-addr.arpa
                          IN PTR
                          mad08s04-in-f141e100net
                          238.16.217.172.in-addr.arpa
                          IN PTR
                          lhr48s28-in-f14�I
                        • flag-us
                          DNS
                          36.169.217.172.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          36.169.217.172.in-addr.arpa
                          IN PTR
                          Response
                          36.169.217.172.in-addr.arpa
                          IN PTR
                          lhr48s08-in-f41e100net
                        • flag-us
                          DNS
                          68.32.126.40.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          68.32.126.40.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          95.221.229.192.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          95.221.229.192.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          227.187.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          227.187.250.142.in-addr.arpa
                          IN PTR
                          Response
                          227.187.250.142.in-addr.arpa
                          IN PTR
                          lhr25s34-in-f31e100net
                        • flag-us
                          DNS
                          apis.google.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          apis.google.com
                          IN A
                          Response
                          apis.google.com
                          IN CNAME
                          plus.l.google.com
                          plus.l.google.com
                          IN A
                          142.250.200.46
                        • flag-us
                          DNS
                          ogads-pa.googleapis.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          ogads-pa.googleapis.com
                          IN A
                          Response
                          ogads-pa.googleapis.com
                          IN A
                          216.58.201.106
                          ogads-pa.googleapis.com
                          IN A
                          172.217.169.42
                          ogads-pa.googleapis.com
                          IN A
                          172.217.169.10
                          ogads-pa.googleapis.com
                          IN A
                          172.217.169.74
                          ogads-pa.googleapis.com
                          IN A
                          142.250.187.234
                          ogads-pa.googleapis.com
                          IN A
                          216.58.212.202
                          ogads-pa.googleapis.com
                          IN A
                          142.250.200.10
                          ogads-pa.googleapis.com
                          IN A
                          142.250.200.42
                          ogads-pa.googleapis.com
                          IN A
                          142.250.187.202
                          ogads-pa.googleapis.com
                          IN A
                          142.250.180.10
                          ogads-pa.googleapis.com
                          IN A
                          172.217.16.234
                          ogads-pa.googleapis.com
                          IN A
                          142.250.178.10
                          ogads-pa.googleapis.com
                          IN A
                          216.58.204.74
                          ogads-pa.googleapis.com
                          IN A
                          142.250.179.234
                          ogads-pa.googleapis.com
                          IN A
                          216.58.212.234
                        • flag-gb
                          GET
                          https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
                          msedge.exe
                          Remote address:
                          142.250.200.46:443
                          Request
                          GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/2.0
                          host: apis.google.com
                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                          accept: */*
                          sec-fetch-site: same-site
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: script
                          referer: https://www.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: AEC=AVYB7crBqmPjbQgpxDQxyxws6mnV5rHJ1_U7qyr1oEuNW0r10NhH5ymVaT4
                          cookie: __Secure-ENID=23.SE=Lg3IrtMX5bB5U3Xj3s0ZzCWhFLnE0t-FPo5-Q-tZcTgEHdt_evalBjEyBEdIgSVHvgs6MHK2ahcW3cKObckQylHnSKRHzxznk3Nmo7JEP00eaT2d0x7EYyvish5gD7RXeXAsSN8_fcx6Vly_3qSRwDfXz8ovJKdbsF6yIlzRcahw5qOEgd3QnSzAfByQaFq3wk_afXnLjduyLaTmFoE45IfiR2-PDGg
                        • flag-gb
                          OPTIONS
                          https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
                          msedge.exe
                          Remote address:
                          216.58.201.106:443
                          Request
                          OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
                          host: ogads-pa.googleapis.com
                          accept: */*
                          access-control-request-method: POST
                          access-control-request-headers: content-type,x-goog-api-key,x-user-agent
                          origin: https://www.google.com
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                          sec-fetch-mode: cors
                          sec-fetch-site: cross-site
                          sec-fetch-dest: empty
                          referer: https://www.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-us
                          DNS
                          46.200.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          46.200.250.142.in-addr.arpa
                          IN PTR
                          Response
                          46.200.250.142.in-addr.arpa
                          IN PTR
                          lhr48s30-in-f141e100net
                        • flag-us
                          DNS
                          3.213.58.216.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          3.213.58.216.in-addr.arpa
                          IN PTR
                          Response
                          3.213.58.216.in-addr.arpa
                          IN PTR
                          lhr25s25-in-f31e100net
                          3.213.58.216.in-addr.arpa
                          IN PTR
                          ber01s14-in-f3�F
                        • flag-us
                          DNS
                          106.201.58.216.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          106.201.58.216.in-addr.arpa
                          IN PTR
                          Response
                          106.201.58.216.in-addr.arpa
                          IN PTR
                          lhr48s48-in-f101e100net
                          106.201.58.216.in-addr.arpa
                          IN PTR
                          prg03s02-in-f10�I
                          106.201.58.216.in-addr.arpa
                          IN PTR
                          prg03s02-in-f106�I
                        • flag-us
                          DNS
                          play.google.com
                          msedge.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          play.google.com
                          IN A
                          Response
                          play.google.com
                          IN A
                          142.250.187.206
                        • flag-gb
                          POST
                          https://play.google.com/log?format=json&hasfast=true
                          msedge.exe
                          Remote address:
                          142.250.187.206:443
                          Request
                          POST /log?format=json&hasfast=true HTTP/2.0
                          host: play.google.com
                          content-length: 1420
                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                          dnt: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                          content-type: application/x-www-form-urlencoded;charset=UTF-8
                          accept: */*
                          origin: https://www.google.com
                          sec-fetch-site: same-site
                          sec-fetch-mode: cors
                          sec-fetch-dest: empty
                          referer: https://www.google.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: AEC=AVYB7crBqmPjbQgpxDQxyxws6mnV5rHJ1_U7qyr1oEuNW0r10NhH5ymVaT4
                          cookie: __Secure-ENID=23.SE=Lg3IrtMX5bB5U3Xj3s0ZzCWhFLnE0t-FPo5-Q-tZcTgEHdt_evalBjEyBEdIgSVHvgs6MHK2ahcW3cKObckQylHnSKRHzxznk3Nmo7JEP00eaT2d0x7EYyvish5gD7RXeXAsSN8_fcx6Vly_3qSRwDfXz8ovJKdbsF6yIlzRcahw5qOEgd3QnSzAfByQaFq3wk_afXnLjduyLaTmFoE45IfiR2-PDGg
                        • flag-us
                          DNS
                          206.187.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          206.187.250.142.in-addr.arpa
                          IN PTR
                          Response
                          206.187.250.142.in-addr.arpa
                          IN PTR
                          lhr25s33-in-f141e100net
                        • flag-us
                          DNS
                          88.156.103.20.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          88.156.103.20.in-addr.arpa
                          IN PTR
                          Response
                        • 172.217.16.238:80
                          google.com
                          msedge.exe
                          98 B
                          52 B
                          2
                          1
                        • 172.217.16.238:80
                          http://google.com/
                          http
                          msedge.exe
                          626 B
                          1.1kB
                          4
                          3

                          HTTP Request

                          GET http://google.com/

                          HTTP Response

                          301
                        • 172.217.169.36:80
                          http://www.google.com/
                          http
                          msedge.exe
                          630 B
                          1.3kB
                          4
                          3

                          HTTP Request

                          GET http://www.google.com/

                          HTTP Response

                          302
                        • 172.217.169.36:443
                          https://www.google.com/xjs/_/js/k=xjs.hd.en.Kd-Hj1F9wUU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAACAgAAJAAAAAIACAAAAAAAAAAAAAAAAAAAgQCAAACQAAAgAAACABQAgAgEAEAAAACAQAAAQIAHgUTYAAEQAkAAABAAAIAAACICCAAAACAAAwAAAACAIAAAAAIACAAAAAAAAAAAAAAAAAAAAAQQIAAAAAAAAAAAAABAAAAAAoAcAAAAAAAAAAAgAAEAQAAAYIAMQAAAAAAAAoA8AggfgkMICAAAAAAAAAAAAAAAIYIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB/d=1/ed=1/dg=3/rs=ACT90oE3CwS2V9XDYEHyXb7b_8CVdyef5g/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi
                          tls, http2
                          msedge.exe
                          15.1kB
                          506.1kB
                          236
                          379

                          HTTP Request

                          GET https://www.google.com/?gws_rd=ssl

                          HTTP Request

                          GET https://www.google.com/xjs/_/ss/k=xjs.hd.PXLohcdDHcw.L.W.O/am=JFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAAAAoAAQkAAAAIwAAGwAgAAAAAAAEAAAGAAAAAAAACQAAAAgAAIABQAAAAAAQAAACAASBAAAFAEAABCAAEKAAAACLID3KwAJCICCIB6FAAAAwAAAACEIDGAYgKACAKMAAQAAAAAAAAhACAAAAEQAIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACAABACAmAAYIAMQAAAAAAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAIIAAIACgAAAAAAAAAAAAAAAAAAAAAAg/d=1/ed=1/rs=ACT90oEFPCbyTncYquDeksBfhNI4AhtjIA/m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi

                          HTTP Request

                          GET https://www.google.com/xjs/_/js/k=xjs.hd.en.Kd-Hj1F9wUU.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAACAgAAJAAAAAIACAAAAAAAAAAAAAAAAAAAgQCAAACQAAAgAAACABQAgAgEAEAAAACAQAAAQIAHgUTYAAEQAkAAABAAAIAAACICCAAAACAAAwAAAACAIAAAAAIACAAAAAAAAAAAAAAAAAAAAAQQIAAAAAAAAAAAAABAAAAAAoAcAAAAAAAAAAAgAAEAQAAAYIAMQAAAAAAAAoA8AggfgkMICAAAAAAAAAAAAAAAIYIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB/d=1/ed=1/dg=3/rs=ACT90oE3CwS2V9XDYEHyXb7b_8CVdyef5g/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi
                        • 142.250.200.46:443
                          https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
                          tls, http2
                          msedge.exe
                          3.1kB
                          48.2kB
                          36
                          42

                          HTTP Request

                          GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
                        • 216.58.201.106:443
                          https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
                          tls, http2
                          msedge.exe
                          1.8kB
                          6.7kB
                          13
                          13

                          HTTP Request

                          OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
                        • 142.250.187.206:443
                          https://play.google.com/log?format=json&hasfast=true
                          tls, http2
                          msedge.exe
                          3.5kB
                          8.6kB
                          15
                          18

                          HTTP Request

                          POST https://play.google.com/log?format=json&hasfast=true
                        • 8.8.8.8:53
                          8.8.8.8.in-addr.arpa
                          dns
                          66 B
                          90 B
                          1
                          1

                          DNS Request

                          8.8.8.8.in-addr.arpa

                        • 8.8.8.8:53
                          149.220.183.52.in-addr.arpa
                          dns
                          73 B
                          147 B
                          1
                          1

                          DNS Request

                          149.220.183.52.in-addr.arpa

                        • 8.8.8.8:53
                          google.com
                          dns
                          msedge.exe
                          56 B
                          72 B
                          1
                          1

                          DNS Request

                          google.com

                          DNS Response

                          172.217.16.238

                        • 8.8.8.8:53
                          www.google.com
                          dns
                          msedge.exe
                          60 B
                          76 B
                          1
                          1

                          DNS Request

                          www.google.com

                          DNS Response

                          172.217.169.36

                        • 8.8.8.8:53
                          79.190.18.2.in-addr.arpa
                          dns
                          70 B
                          133 B
                          1
                          1

                          DNS Request

                          79.190.18.2.in-addr.arpa

                        • 8.8.8.8:53
                          238.16.217.172.in-addr.arpa
                          dns
                          73 B
                          142 B
                          1
                          1

                          DNS Request

                          238.16.217.172.in-addr.arpa

                        • 172.217.169.36:443
                          www.google.com
                          https
                          msedge.exe
                          19.5kB
                          228.3kB
                          113
                          219
                        • 8.8.8.8:53
                          36.169.217.172.in-addr.arpa
                          dns
                          73 B
                          111 B
                          1
                          1

                          DNS Request

                          36.169.217.172.in-addr.arpa

                        • 8.8.8.8:53
                          68.32.126.40.in-addr.arpa
                          dns
                          71 B
                          157 B
                          1
                          1

                          DNS Request

                          68.32.126.40.in-addr.arpa

                        • 8.8.8.8:53
                          95.221.229.192.in-addr.arpa
                          dns
                          73 B
                          144 B
                          1
                          1

                          DNS Request

                          95.221.229.192.in-addr.arpa

                        • 8.8.8.8:53
                          227.187.250.142.in-addr.arpa
                          dns
                          74 B
                          112 B
                          1
                          1

                          DNS Request

                          227.187.250.142.in-addr.arpa

                        • 8.8.8.8:53
                          apis.google.com
                          dns
                          msedge.exe
                          61 B
                          98 B
                          1
                          1

                          DNS Request

                          apis.google.com

                          DNS Response

                          142.250.200.46

                        • 8.8.8.8:53
                          ogads-pa.googleapis.com
                          dns
                          msedge.exe
                          69 B
                          309 B
                          1
                          1

                          DNS Request

                          ogads-pa.googleapis.com

                          DNS Response

                          216.58.201.106
                          172.217.169.42
                          172.217.169.10
                          172.217.169.74
                          142.250.187.234
                          216.58.212.202
                          142.250.200.10
                          142.250.200.42
                          142.250.187.202
                          142.250.180.10
                          172.217.16.234
                          142.250.178.10
                          216.58.204.74
                          142.250.179.234
                          216.58.212.234

                        • 216.58.201.106:443
                          ogads-pa.googleapis.com
                          https
                          msedge.exe
                          4.1kB
                          8.4kB
                          11
                          11
                        • 8.8.8.8:53
                          46.200.250.142.in-addr.arpa
                          dns
                          73 B
                          112 B
                          1
                          1

                          DNS Request

                          46.200.250.142.in-addr.arpa

                        • 8.8.8.8:53
                          3.213.58.216.in-addr.arpa
                          dns
                          71 B
                          138 B
                          1
                          1

                          DNS Request

                          3.213.58.216.in-addr.arpa

                        • 8.8.8.8:53
                          106.201.58.216.in-addr.arpa
                          dns
                          73 B
                          173 B
                          1
                          1

                          DNS Request

                          106.201.58.216.in-addr.arpa

                        • 8.8.8.8:53
                          play.google.com
                          dns
                          msedge.exe
                          61 B
                          77 B
                          1
                          1

                          DNS Request

                          play.google.com

                          DNS Response

                          142.250.187.206

                        • 8.8.8.8:53
                          206.187.250.142.in-addr.arpa
                          dns
                          74 B
                          113 B
                          1
                          1

                          DNS Request

                          206.187.250.142.in-addr.arpa

                        • 8.8.8.8:53
                          88.156.103.20.in-addr.arpa
                          dns
                          72 B
                          158 B
                          1
                          1

                          DNS Request

                          88.156.103.20.in-addr.arpa

                        • 224.0.0.251:5353
                          msedge.exe
                          136 B
                          2

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          fab8d8d865e33fe195732aa7dcb91c30

                          SHA1

                          2637e832f38acc70af3e511f5eba80fbd7461f2c

                          SHA256

                          1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                          SHA512

                          39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          36988ca14952e1848e81a959880ea217

                          SHA1

                          a0482ef725657760502c2d1a5abe0bb37aebaadb

                          SHA256

                          d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                          SHA512

                          d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          5KB

                          MD5

                          9e1be9dbff567442b851243cda3f42a1

                          SHA1

                          50e28d8ef5e933d5f7fcd4dfa49e8bd0c6bda401

                          SHA256

                          bd8350691bf7c9eeeb5a23b15e8e1c666f5146bdeec1cc1dd571155ae5fc9db8

                          SHA512

                          9b21b3be7110ecc85b832360848e9858a774fe631bf07f468922676d122ad2311fe9a56614f51a8c899f2483601d869599d2072b9c7e2d69b6c5487f76cf72b3

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                          Filesize

                          16B

                          MD5

                          6752a1d65b201c13b62ea44016eb221f

                          SHA1

                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                          SHA256

                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                          SHA512

                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.