Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    599s
  • max time network
    637s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    11/06/2021, 08:16 UTC

General

  • Target

    https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/

  • Sample

    210611-7ve91pm4me

Malware Config

Extracted

Path

C:\$Recycle.Bin\RyukReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk $password = '8x0nKKx5'; $torlink = 'http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion

Signatures

  • Modifies system executable filetype association 2 TTPs 8 IoCs
  • Registers COM server for autorun 1 TTPs
  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 12 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2888
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1888 /prefetch:8
    1⤵
      PID:2684
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=540 /prefetch:8
      1⤵
        PID:2676
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
        1⤵
          PID:2960
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
          1⤵
            PID:976
          • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
            "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
            1⤵
            • Suspicious use of WriteProcessMemory
            PID:292
            • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
              "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13fa3a890,0x13fa3a8a0,0x13fa3a8b0
              2⤵
                PID:1140
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
              1⤵
                PID:1848
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 /prefetch:8
                1⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:980
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4072 /prefetch:8
                1⤵
                  PID:2868
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3856 /prefetch:8
                  1⤵
                    PID:1636
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3776 /prefetch:8
                    1⤵
                      PID:1632
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3780 /prefetch:8
                      1⤵
                        PID:1752
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3776 /prefetch:8
                        1⤵
                          PID:1976
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3788 /prefetch:8
                          1⤵
                            PID:320
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3832 /prefetch:8
                            1⤵
                              PID:832
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3860 /prefetch:8
                              1⤵
                                PID:1560
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4112 /prefetch:8
                                1⤵
                                  PID:1604
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:8
                                  1⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2464
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4256 /prefetch:8
                                  1⤵
                                    PID:932
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3864 /prefetch:8
                                    1⤵
                                      PID:2388
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
                                      1⤵
                                        PID:2208
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
                                        1⤵
                                          PID:2172
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3788 /prefetch:8
                                          1⤵
                                            PID:1892
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3780 /prefetch:8
                                            1⤵
                                              PID:2012
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4268 /prefetch:8
                                              1⤵
                                                PID:2040
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4264 /prefetch:8
                                                1⤵
                                                  PID:1972
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 /prefetch:8
                                                  1⤵
                                                    PID:2896
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 /prefetch:8
                                                    1⤵
                                                      PID:2964
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3316 /prefetch:8
                                                      1⤵
                                                        PID:2088
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3160 /prefetch:8
                                                        1⤵
                                                          PID:3008
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4076 /prefetch:8
                                                          1⤵
                                                            PID:3012
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3828 /prefetch:8
                                                            1⤵
                                                              PID:3000
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3904 /prefetch:8
                                                              1⤵
                                                                PID:2988
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                                                                1⤵
                                                                  PID:2868
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 /prefetch:8
                                                                  1⤵
                                                                    PID:2104
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3528 /prefetch:8
                                                                    1⤵
                                                                      PID:2164
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3656 /prefetch:8
                                                                      1⤵
                                                                        PID:832
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3940 /prefetch:8
                                                                        1⤵
                                                                          PID:2184
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3644 /prefetch:8
                                                                          1⤵
                                                                            PID:2404
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3844 /prefetch:8
                                                                            1⤵
                                                                              PID:2180
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
                                                                              1⤵
                                                                                PID:1084
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3640 /prefetch:8
                                                                                1⤵
                                                                                  PID:2056
                                                                                • C:\Windows\system32\NOTEPAD.EXE
                                                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Russian_kb_reg.txt
                                                                                  1⤵
                                                                                  • Opens file in notepad (likely ransom note)
                                                                                  PID:464
                                                                                • C:\Windows\regedit.exe
                                                                                  "regedit.exe" "C:\Users\Admin\Desktop\Russian_kb.reg"
                                                                                  1⤵
                                                                                  • Modifies data under HKEY_USERS
                                                                                  • Runs .reg file with regedit
                                                                                  PID:1004
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4684 /prefetch:8
                                                                                  1⤵
                                                                                    PID:2436
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2544 /prefetch:1
                                                                                    1⤵
                                                                                      PID:2080
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                                                                                      1⤵
                                                                                        PID:2240
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
                                                                                        1⤵
                                                                                          PID:2704
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3252 /prefetch:8
                                                                                          1⤵
                                                                                            PID:940
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2208 /prefetch:8
                                                                                            1⤵
                                                                                              PID:2652
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:8
                                                                                              1⤵
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:1264
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2552 /prefetch:8
                                                                                              1⤵
                                                                                                PID:3064
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 /prefetch:8
                                                                                                1⤵
                                                                                                  PID:1628
                                                                                                • C:\Users\Admin\Downloads\winrar-x64-601.exe
                                                                                                  "C:\Users\Admin\Downloads\winrar-x64-601.exe"
                                                                                                  1⤵
                                                                                                  • Modifies Internet Explorer settings
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:1576
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
                                                                                                  1⤵
                                                                                                    PID:2392
                                                                                                  • C:\Users\Admin\Downloads\winrar-x64-601.exe
                                                                                                    "C:\Users\Admin\Downloads\winrar-x64-601.exe"
                                                                                                    1⤵
                                                                                                    • Loads dropped DLL
                                                                                                    • Drops file in Program Files directory
                                                                                                    • Modifies Internet Explorer settings
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    • Suspicious use of WriteProcessMemory
                                                                                                    PID:628
                                                                                                    • C:\Program Files\WinRAR\uninstall.exe
                                                                                                      "C:\Program Files\WinRAR\uninstall.exe" /setup
                                                                                                      2⤵
                                                                                                      • Modifies system executable filetype association
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Modifies registry class
                                                                                                      PID:2188
                                                                                                    • C:\Program Files\WinRAR\th.exe
                                                                                                      "C:\Program Files\WinRAR\th.exe" -lng English -src wrr -lp thankyou -ver 601 -arch 64 -dom notifier.win-rar.com
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Modifies Internet Explorer settings
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      • Suspicious use of WriteProcessMemory
                                                                                                      PID:2940
                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                        cmd /c ""C:\Users\Admin\AppData\Local\Temp\_uninsep.bat" "
                                                                                                        3⤵
                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                        PID:2588
                                                                                                        • C:\Windows\system32\PING.EXE
                                                                                                          ping -n 10 localhost
                                                                                                          4⤵
                                                                                                          • Runs ping.exe
                                                                                                          PID:996
                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                          TaskList
                                                                                                          4⤵
                                                                                                          • Enumerates processes with tasklist
                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                          PID:2372
                                                                                                        • C:\Windows\system32\find.exe
                                                                                                          Find "C:\Program Files\WinRAR\th.exe"
                                                                                                          4⤵
                                                                                                            PID:1304
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1012 /prefetch:1
                                                                                                      1⤵
                                                                                                        PID:2436
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
                                                                                                        1⤵
                                                                                                          PID:2052
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1688 /prefetch:8
                                                                                                          1⤵
                                                                                                            PID:2104
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,12628833329736241694,12663670754549899423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
                                                                                                            1⤵
                                                                                                              PID:1752
                                                                                                            • C:\Program Files\WinRAR\WinRAR.exe
                                                                                                              "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -imon1 -- "C:\Users\Admin\Desktop\PACO_60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df.zip" C:\Users\Admin\Desktop\PACO_60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df\
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                              PID:992
                                                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                                                              C:\Windows\system32\AUDIODG.EXE 0x55c
                                                                                                              1⤵
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:1016
                                                                                                            • C:\Program Files\WinRAR\WinRAR.exe
                                                                                                              "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -imon1 -- "C:\Users\Admin\Desktop\PACO_60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df\60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df.zip" C:\Users\Admin\Desktop\PACO_60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df\
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                              PID:832
                                                                                                            • C:\Windows\System32\taskmgr.exe
                                                                                                              "C:\Windows\System32\taskmgr.exe"
                                                                                                              1⤵
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                              • Suspicious use of SendNotifyMessage
                                                                                                              PID:980
                                                                                                            • C:\Users\Admin\Desktop\RYUK_JUNE_2021.exe
                                                                                                              "C:\Users\Admin\Desktop\RYUK_JUNE_2021.exe"
                                                                                                              1⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Enumerates connected drives
                                                                                                              • Drops file in Program Files directory
                                                                                                              • Suspicious use of WriteProcessMemory
                                                                                                              PID:2452
                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                icacls "C:\*" /grant Everyone:F /T /C /Q
                                                                                                                2⤵
                                                                                                                • Modifies file permissions
                                                                                                                PID:1380
                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                icacls "D:\*" /grant Everyone:F /T /C /Q
                                                                                                                2⤵
                                                                                                                • Modifies file permissions
                                                                                                                PID:2328

                                                                                                            Network

                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              accounts.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                              172.217.17.109
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              accounts.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              accounts.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              accounts.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              accounts.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              redirector.gvt1.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              redirector.gvt1.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              redirector.gvt1.com
                                                                                                              IN A
                                                                                                              172.217.17.78
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              redirector.gvt1.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              redirector.gvt1.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              redirector.gvt1.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              redirector.gvt1.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              redirector.gvt1.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              redirector.gvt1.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              redirector.gvt1.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              redirector.gvt1.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              clients2.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              clients2.google.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              clients2.google.com
                                                                                                              IN CNAME
                                                                                                              clients.l.google.com
                                                                                                              clients.l.google.com
                                                                                                              IN A
                                                                                                              172.217.20.78
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              clients2.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              clients2.google.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              clients2.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              clients2.google.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              clients2.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              clients2.google.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              clients2.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              clients2.google.com
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              Response
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.8.8
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.4.4
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              Response
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.8.8
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.4.4
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              Response
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.8.8
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.4.4
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.google.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.google.com
                                                                                                              IN A
                                                                                                              142.250.179.196
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              pki.goog
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              pki.goog
                                                                                                              IN A
                                                                                                              Response
                                                                                                              pki.goog
                                                                                                              IN A
                                                                                                              216.239.32.29
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://pki.goog/gsr1/gsr1.crt
                                                                                                              Remote address:
                                                                                                              216.239.32.29:80
                                                                                                              Request
                                                                                                              GET /gsr1/gsr1.crt HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              User-Agent: Microsoft-CryptoAPI/6.1
                                                                                                              Host: pki.goog
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Type: application/pkix-cert
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Content-Length: 889
                                                                                                              Date: Fri, 11 Jun 2021 08:06:52 GMT
                                                                                                              Expires: Fri, 11 Jun 2021 09:06:52 GMT
                                                                                                              Last-Modified: Wed, 20 May 2020 16:45:00 GMT
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Server: sffe
                                                                                                              X-XSS-Protection: 0
                                                                                                              Age: 633
                                                                                                              Cache-Control: public, max-age=3600
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://pki.goog/gsr1/gsr1.crt
                                                                                                              Remote address:
                                                                                                              216.239.32.29:80
                                                                                                              Request
                                                                                                              GET /gsr1/gsr1.crt HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              User-Agent: Microsoft-CryptoAPI/6.1
                                                                                                              Host: pki.goog
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Type: application/pkix-cert
                                                                                                              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Content-Length: 889
                                                                                                              Date: Fri, 11 Jun 2021 07:37:17 GMT
                                                                                                              Expires: Fri, 11 Jun 2021 08:37:17 GMT
                                                                                                              Last-Modified: Wed, 20 May 2020 16:45:00 GMT
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Server: sffe
                                                                                                              X-XSS-Protection: 0
                                                                                                              Age: 2408
                                                                                                              Cache-Control: public, max-age=3600
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://pki.goog/gsr1/gsr1.crt
                                                                                                              Remote address:
                                                                                                              216.239.32.29:80
                                                                                                              Request
                                                                                                              GET /gsr1/gsr1.crt HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              User-Agent: Microsoft-CryptoAPI/6.1
                                                                                                              Host: pki.goog
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Type: application/pkix-cert
                                                                                                              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Content-Length: 889
                                                                                                              Date: Fri, 11 Jun 2021 07:37:17 GMT
                                                                                                              Expires: Fri, 11 Jun 2021 08:37:17 GMT
                                                                                                              Last-Modified: Wed, 20 May 2020 16:45:00 GMT
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Server: sffe
                                                                                                              X-XSS-Protection: 0
                                                                                                              Age: 2408
                                                                                                              Cache-Control: public, max-age=3600
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://pki.goog/gsr1/gsr1.crt
                                                                                                              Remote address:
                                                                                                              216.239.32.29:80
                                                                                                              Request
                                                                                                              GET /gsr1/gsr1.crt HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              User-Agent: Microsoft-CryptoAPI/6.1
                                                                                                              Host: pki.goog
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Type: application/pkix-cert
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Content-Length: 889
                                                                                                              Date: Fri, 11 Jun 2021 08:06:52 GMT
                                                                                                              Expires: Fri, 11 Jun 2021 09:06:52 GMT
                                                                                                              Last-Modified: Wed, 20 May 2020 16:45:00 GMT
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Server: sffe
                                                                                                              X-XSS-Protection: 0
                                                                                                              Age: 633
                                                                                                              Cache-Control: public, max-age=3600
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.download.windowsupdate.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN CNAME
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              IN CNAME
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              IN CNAME
                                                                                                              fg.download.windowsupdate.com.c.footprint.net
                                                                                                              fg.download.windowsupdate.com.c.footprint.net
                                                                                                              IN A
                                                                                                              8.238.111.254
                                                                                                              fg.download.windowsupdate.com.c.footprint.net
                                                                                                              IN A
                                                                                                              67.24.35.254
                                                                                                              fg.download.windowsupdate.com.c.footprint.net
                                                                                                              IN A
                                                                                                              67.26.109.254
                                                                                                              fg.download.windowsupdate.com.c.footprint.net
                                                                                                              IN A
                                                                                                              8.253.208.112
                                                                                                              fg.download.windowsupdate.com.c.footprint.net
                                                                                                              IN A
                                                                                                              8.253.208.120
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.download.windowsupdate.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN CNAME
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              IN CNAME
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              IN CNAME
                                                                                                              download.windowsupdate.com.edgesuite.net
                                                                                                              download.windowsupdate.com.edgesuite.net
                                                                                                              IN CNAME
                                                                                                              a767.dspw65.akamai.net
                                                                                                              a767.dspw65.akamai.net
                                                                                                              IN A
                                                                                                              84.53.175.122
                                                                                                              a767.dspw65.akamai.net
                                                                                                              IN A
                                                                                                              84.53.175.34
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.download.windowsupdate.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN CNAME
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              IN CNAME
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              IN CNAME
                                                                                                              download.windowsupdate.com.edgesuite.net
                                                                                                              download.windowsupdate.com.edgesuite.net
                                                                                                              IN CNAME
                                                                                                              a767.dspw65.akamai.net
                                                                                                              a767.dspw65.akamai.net
                                                                                                              IN A
                                                                                                              84.53.175.122
                                                                                                              a767.dspw65.akamai.net
                                                                                                              IN A
                                                                                                              84.53.175.34
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.download.windowsupdate.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN CNAME
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              IN CNAME
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              IN CNAME
                                                                                                              download.windowsupdate.com.edgesuite.net
                                                                                                              download.windowsupdate.com.edgesuite.net
                                                                                                              IN CNAME
                                                                                                              a767.dspw65.akamai.net
                                                                                                              a767.dspw65.akamai.net
                                                                                                              IN A
                                                                                                              84.53.175.122
                                                                                                              a767.dspw65.akamai.net
                                                                                                              IN A
                                                                                                              84.53.175.34
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              clients2.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              clients2.google.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              clients2.google.com
                                                                                                              IN CNAME
                                                                                                              clients.l.google.com
                                                                                                              clients.l.google.com
                                                                                                              IN A
                                                                                                              172.217.20.78
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              redirector.gvt1.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              redirector.gvt1.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              redirector.gvt1.com
                                                                                                              IN A
                                                                                                              172.217.17.78
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              clientservices.googleapis.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              clientservices.googleapis.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              clientservices.googleapis.com
                                                                                                              IN A
                                                                                                              142.250.179.131
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              accounts.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                              172.217.17.109
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              ssl.gstatic.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              ssl.gstatic.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              ssl.gstatic.com
                                                                                                              IN A
                                                                                                              172.217.17.35
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              accounts.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              accounts.google.com
                                                                                                              IN A
                                                                                                              172.217.17.109
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              Response
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.8.8
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.4.4
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              dns.google
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              Response
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.8.8
                                                                                                              dns.google
                                                                                                              IN A
                                                                                                              8.8.4.4
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.gstatic.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.gstatic.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.gstatic.com
                                                                                                              IN A
                                                                                                              142.250.179.131
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              clients2.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              clients2.google.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              clients2.google.com
                                                                                                              IN CNAME
                                                                                                              clients.l.google.com
                                                                                                              clients.l.google.com
                                                                                                              IN A
                                                                                                              172.217.20.78
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.google.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.google.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.google.com
                                                                                                              IN A
                                                                                                              142.250.179.196
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              go.microsoft.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              go.microsoft.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              go.microsoft.com
                                                                                                              IN CNAME
                                                                                                              go.microsoft.com.edgekey.net
                                                                                                              go.microsoft.com.edgekey.net
                                                                                                              IN CNAME
                                                                                                              e11290.dspg.akamaiedge.net
                                                                                                              e11290.dspg.akamaiedge.net
                                                                                                              IN A
                                                                                                              95.101.206.92
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              bazaar.abuse.ch
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              bazaar.abuse.ch
                                                                                                              IN A
                                                                                                              Response
                                                                                                              bazaar.abuse.ch
                                                                                                              IN CNAME
                                                                                                              p2.shared.global.fastly.net
                                                                                                              p2.shared.global.fastly.net
                                                                                                              IN A
                                                                                                              151.101.2.49
                                                                                                              p2.shared.global.fastly.net
                                                                                                              IN A
                                                                                                              151.101.66.49
                                                                                                              p2.shared.global.fastly.net
                                                                                                              IN A
                                                                                                              151.101.130.49
                                                                                                              p2.shared.global.fastly.net
                                                                                                              IN A
                                                                                                              151.101.194.49
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                                                                                                              Remote address:
                                                                                                              172.217.17.78:80
                                                                                                              Request
                                                                                                              GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
                                                                                                              Host: redirector.gvt1.com
                                                                                                              Connection: keep-alive
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              Response
                                                                                                              HTTP/1.1 302 Found
                                                                                                              Date: Fri, 11 Jun 2021 08:17:33 GMT
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Location: http://r5---sn-aigzrne7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=154.61.71.13&mm=28&mn=sn-aigzrne7&ms=nvh&mt=1623399140&mv=m&mvi=5&pl=24&rmhost=r3---sn-aigzrne7.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7k.gvt1.com
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Server: ClientMapServer
                                                                                                              Content-Length: 592
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://r5---sn-aigzrne7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=154.61.71.13&mm=28&mn=sn-aigzrne7&ms=nvh&mt=1623399140&mv=m&mvi=5&pl=24&rmhost=r3---sn-aigzrne7.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7k.gvt1.com
                                                                                                              Remote address:
                                                                                                              74.125.4.170:80
                                                                                                              Request
                                                                                                              GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=154.61.71.13&mm=28&mn=sn-aigzrne7&ms=nvh&mt=1623399140&mv=m&mvi=5&pl=24&rmhost=r3---sn-aigzrne7.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7k.gvt1.com HTTP/1.1
                                                                                                              Host: r5---sn-aigzrne7.gvt1.com
                                                                                                              Connection: keep-alive
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Accept-Ranges: bytes
                                                                                                              Cache-Control: public,max-age=86400
                                                                                                              Content-Disposition: attachment
                                                                                                              Content-Length: 248531
                                                                                                              Content-Security-Policy: default-src 'none'
                                                                                                              Content-Type: application/x-chrome-extension
                                                                                                              Etag: "83cafb"
                                                                                                              Server: downloads
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Xss-Protection: 0
                                                                                                              Date: Fri, 11 Jun 2021 00:31:04 GMT
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                              Last-Modified: Fri, 29 Jan 2021 00:09:35 GMT
                                                                                                              Connection: keep-alive
                                                                                                              Vary: Origin
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              secure.globalsign.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              secure.globalsign.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              secure.globalsign.com
                                                                                                              IN CNAME
                                                                                                              global.prd.cdn.globalsign.com
                                                                                                              global.prd.cdn.globalsign.com
                                                                                                              IN CNAME
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              IN A
                                                                                                              151.101.2.133
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              IN A
                                                                                                              151.101.66.133
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              IN A
                                                                                                              151.101.130.133
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              IN A
                                                                                                              151.101.194.133
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              secure.globalsign.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              secure.globalsign.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              secure.globalsign.com
                                                                                                              IN CNAME
                                                                                                              global.prd.cdn.globalsign.com
                                                                                                              global.prd.cdn.globalsign.com
                                                                                                              IN CNAME
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              IN A
                                                                                                              151.101.2.133
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              IN A
                                                                                                              151.101.66.133
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              IN A
                                                                                                              151.101.130.133
                                                                                                              prod.globalsign.map.fastly.net
                                                                                                              IN A
                                                                                                              151.101.194.133
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.download.windowsupdate.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN CNAME
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              IN CNAME
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              IN CNAME
                                                                                                              cds.d2s7q6s2.hwcdn.net
                                                                                                              cds.d2s7q6s2.hwcdn.net
                                                                                                              IN A
                                                                                                              205.185.216.10
                                                                                                              cds.d2s7q6s2.hwcdn.net
                                                                                                              IN A
                                                                                                              205.185.216.42
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.download.windowsupdate.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN CNAME
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              IN CNAME
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              IN CNAME
                                                                                                              cds.d2s7q6s2.hwcdn.net
                                                                                                              cds.d2s7q6s2.hwcdn.net
                                                                                                              IN A
                                                                                                              205.185.216.10
                                                                                                              cds.d2s7q6s2.hwcdn.net
                                                                                                              IN A
                                                                                                              205.185.216.42
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              cacerts.digicert.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              cacerts.digicert.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              cacerts.digicert.com
                                                                                                              IN CNAME
                                                                                                              cdn.digicertcdn.com
                                                                                                              cdn.digicertcdn.com
                                                                                                              IN A
                                                                                                              104.18.11.39
                                                                                                              cdn.digicertcdn.com
                                                                                                              IN A
                                                                                                              104.18.10.39
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              edgedl.me.gvt1.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              edgedl.me.gvt1.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              edgedl.me.gvt1.com
                                                                                                              IN A
                                                                                                              34.104.35.123
                                                                                                            • flag-unknown
                                                                                                              HEAD
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              Remote address:
                                                                                                              34.104.35.123:80
                                                                                                              Request
                                                                                                              HEAD /edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: identity
                                                                                                              User-Agent: Microsoft BITS/7.5
                                                                                                              Host: edgedl.me.gvt1.com
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              accept-ranges: bytes
                                                                                                              content-disposition: attachment
                                                                                                              content-length: 47502
                                                                                                              content-security-policy: default-src 'none'
                                                                                                              content-type: application/octet-stream
                                                                                                              etag: "a1249b"
                                                                                                              last-modified: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              server: Google-Edge-Cache
                                                                                                              x-content-type-options: nosniff
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-xss-protection: 0
                                                                                                              date: Thu, 10 Jun 2021 16:44:25 GMT
                                                                                                              age: 56006
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                              cache-control: public,max-age=86400
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              Remote address:
                                                                                                              34.104.35.123:80
                                                                                                              Request
                                                                                                              GET /edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: identity
                                                                                                              If-Unmodified-Since: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              Range: bytes=0-5354
                                                                                                              User-Agent: Microsoft BITS/7.5
                                                                                                              Host: edgedl.me.gvt1.com
                                                                                                              Response
                                                                                                              HTTP/1.1 206 Partial Content
                                                                                                              accept-ranges: bytes
                                                                                                              content-disposition: attachment
                                                                                                              content-length: 5355
                                                                                                              content-security-policy: default-src 'none'
                                                                                                              content-type: application/octet-stream
                                                                                                              etag: "a1249b"
                                                                                                              last-modified: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              server: Google-Edge-Cache
                                                                                                              x-content-type-options: nosniff
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-xss-protection: 0
                                                                                                              date: Thu, 10 Jun 2021 16:44:25 GMT
                                                                                                              age: 56044
                                                                                                              content-range: bytes 0-5354/47502
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                              cache-control: public,max-age=86400
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              ieonline.microsoft.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              ieonline.microsoft.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              ieonline.microsoft.com
                                                                                                              IN CNAME
                                                                                                              any.edge.bing.com
                                                                                                              any.edge.bing.com
                                                                                                              IN A
                                                                                                              204.79.197.200
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              ocsp.digicert.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              ocsp.digicert.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              ocsp.digicert.com
                                                                                                              IN CNAME
                                                                                                              cs9.wac.phicdn.net
                                                                                                              cs9.wac.phicdn.net
                                                                                                              IN A
                                                                                                              93.184.220.29
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              crl.verisign.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              crl.verisign.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              crl.verisign.com
                                                                                                              IN CNAME
                                                                                                              crl-symcprod.digicert.com
                                                                                                              crl-symcprod.digicert.com
                                                                                                              IN CNAME
                                                                                                              cs9.wac.phicdn.net
                                                                                                              cs9.wac.phicdn.net
                                                                                                              IN A
                                                                                                              72.21.91.29
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.microsoft.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.microsoft.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.microsoft.com
                                                                                                              IN CNAME
                                                                                                              www.microsoft.com-c-3.edgekey.net
                                                                                                              www.microsoft.com-c-3.edgekey.net
                                                                                                              IN CNAME
                                                                                                              www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                                                              www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                                                              IN CNAME
                                                                                                              e13678.dscb.akamaiedge.net
                                                                                                              e13678.dscb.akamaiedge.net
                                                                                                              IN A
                                                                                                              2.21.41.70
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              www.download.windowsupdate.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              www.download.windowsupdate.com
                                                                                                              IN CNAME
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              wu-fg-shim.trafficmanager.net
                                                                                                              IN CNAME
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              2-01-3cf7-0009.cdx.cedexis.net
                                                                                                              IN CNAME
                                                                                                              download.windowsupdate.com.edgesuite.net
                                                                                                              download.windowsupdate.com.edgesuite.net
                                                                                                              IN CNAME
                                                                                                              a767.dspw65.akamai.net
                                                                                                              a767.dspw65.akamai.net
                                                                                                              IN A
                                                                                                              84.53.175.122
                                                                                                              a767.dspw65.akamai.net
                                                                                                              IN A
                                                                                                              84.53.175.99
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/ HTTP/1.1
                                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 6210
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                              Set-Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08; path=/
                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                              Pragma: no-cache
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:28 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: MISS
                                                                                                              X-Cache-Hits: 0
                                                                                                              X-Timer: S1623399628.961118,VS0,VE935
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/css/bootstrap.min.css
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /css/bootstrap.min.css HTTP/1.1
                                                                                                              Accept: text/css, */*
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 23238
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Tue, 31 Mar 2020 10:58:16 GMT
                                                                                                              ETag: "2606e-5a22471e07c28-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Sun, 05 Dec 2021 23:52:19 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: text/css
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:28 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 203290
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399629.943839,VS0,VE1
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/css/jumbotron.css
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /css/jumbotron.css HTTP/1.1
                                                                                                              Accept: text/css, */*
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 114
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Tue, 31 Mar 2020 10:58:18 GMT
                                                                                                              ETag: "6b-5a22471fee1ff-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Sun, 05 Dec 2021 23:52:19 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: text/css
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:28 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 203290
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399629.951978,VS0,VE1
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/js/jquery-3.5.1.min.js
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /js/jquery-3.5.1.min.js HTTP/1.1
                                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 30910
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Sun, 11 Oct 2020 08:47:56 GMT
                                                                                                              ETag: "15d84-5b1613cf494c6-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Mon, 06 Dec 2021 01:09:51 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/javascript
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:29 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 198637
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399629.080407,VS0,VE1
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/js/popper.min.js
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /js/popper.min.js HTTP/1.1
                                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 7313
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Tue, 31 Mar 2020 10:56:39 GMT
                                                                                                              ETag: "5083-5a2246c1372cb-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Tue, 07 Dec 2021 01:26:34 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/javascript
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:29 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 111235
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399629.149871,VS0,VE1
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/js/bootstrap.min.js
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /js/bootstrap.min.js HTTP/1.1
                                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 15921
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Tue, 31 Mar 2020 10:56:36 GMT
                                                                                                              ETag: "ea6a-5a2246be52e25-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Mon, 06 Dec 2021 01:09:51 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/javascript
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:29 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 198638
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399629.153728,VS0,VE0
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/js/clipboard.min.js
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /js/clipboard.min.js HTTP/1.1
                                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 3356
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Tue, 31 Mar 2020 10:56:37 GMT
                                                                                                              ETag: "2a02-5a2246bfa7baf-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Tue, 07 Dec 2021 01:43:19 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/javascript
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:29 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 110230
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399629.158246,VS0,VE0
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/js/bazaar_functions.js
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /js/bazaar_functions.js HTTP/1.1
                                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 4030
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Sat, 29 May 2021 07:02:35 GMT
                                                                                                              ETag: "7337-5c37293b6c57d-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Tue, 07 Dec 2021 01:43:19 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/javascript
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:29 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 110230
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399629.208404,VS0,VE0
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/js/svg-pan-zoom.min.js
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /js/svg-pan-zoom.min.js HTTP/1.1
                                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 8236
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Mon, 20 Jul 2020 12:51:44 GMT
                                                                                                              ETag: "7448-5aadef80a8e54-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Mon, 06 Dec 2021 23:23:06 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/javascript
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:29 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 118643
                                                                                                              X-Served-By: cache-ams21052-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399629.291482,VS0,VE0
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://www.gstatic.com/generate_204
                                                                                                              Remote address:
                                                                                                              142.250.179.131:80
                                                                                                              Request
                                                                                                              GET /generate_204 HTTP/1.1
                                                                                                              Host: www.gstatic.com
                                                                                                              Connection: keep-alive
                                                                                                              Pragma: no-cache
                                                                                                              Cache-Control: no-cache
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              Response
                                                                                                              HTTP/1.1 204 No Content
                                                                                                              Content-Length: 0
                                                                                                              Date: Fri, 11 Jun 2021 08:20:19 GMT
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/css/all.min.css
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /css/all.min.css HTTP/1.1
                                                                                                              Accept: text/css, */*
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 12674
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Tue, 31 Mar 2020 10:58:13 GMT
                                                                                                              ETag: "e4d2-5a22471b39eea-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Mon, 06 Dec 2021 00:02:18 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: text/css
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:57 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 202719
                                                                                                              X-Served-By: cache-ams21025-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399657.087562,VS0,VE0
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/webfonts/fa-solid-900.eot?
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /webfonts/fa-solid-900.eot? HTTP/1.1
                                                                                                              Accept: */*
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Origin: https://bazaar.abuse.ch
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 104371
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Cache-Control: max-age=2628000, public
                                                                                                              Last-Modified: Tue, 31 Mar 2020 10:33:20 GMT
                                                                                                              ETag: "31896-5a22418b4a5ee"
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/vnd.ms-fontobject
                                                                                                              Content-Encoding: gzip
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:57 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 194263
                                                                                                              X-Served-By: cache-ams21025-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399657.445015,VS0,VE1
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/favicon.ico
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /favicon.ico HTTP/1.1
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 543
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Tue, 17 Mar 2020 13:15:06 GMT
                                                                                                              ETag: "208-5a10cb977cbc9"
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: image/vnd.microsoft.icon
                                                                                                              Content-Encoding: gzip
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:21:04 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 520
                                                                                                              X-Served-By: cache-ams21025-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399664.055789,VS0,VE0
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/download/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /download/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/ HTTP/1.1
                                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 1553
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                              Pragma: no-cache
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:21:25 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 0
                                                                                                              X-Served-By: cache-ams21025-AMS
                                                                                                              X-Cache: MISS
                                                                                                              X-Cache-Hits: 0
                                                                                                              X-Timer: S1623399686.555171,VS0,VE126
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/download/e5838a957f097ff8/
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /download/e5838a957f097ff8/ HTTP/1.1
                                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                                              Referer: https://bazaar.abuse.ch/download/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 69966
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                              Pragma: no-cache
                                                                                                              Content-Disposition: attachment; filename=60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df.zip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/zip
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:21:31 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 0
                                                                                                              X-Served-By: cache-ams21025-AMS
                                                                                                              X-Cache: MISS
                                                                                                              X-Cache-Hits: 0
                                                                                                              X-Timer: S1623399691.878281,VS0,VE185
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/css/custom.css
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /css/custom.css HTTP/1.1
                                                                                                              Accept: text/css, */*
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 1711
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Wed, 07 Apr 2021 16:12:03 GMT
                                                                                                              ETag: "15b4-5bf6431001ea7-gzip"
                                                                                                              Cache-Control: max-age=15552000
                                                                                                              Expires: Mon, 06 Dec 2021 00:25:05 GMT
                                                                                                              Content-Encoding: gzip
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: text/css
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:51 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 201346
                                                                                                              X-Served-By: cache-ams21054-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399651.407116,VS0,VE0
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/images/malwarebazaar_logo.png
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /images/malwarebazaar_logo.png HTTP/1.1
                                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 4866
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Sun, 11 Oct 2020 09:36:52 GMT
                                                                                                              ETag: "1302-5b161ebf5e105"
                                                                                                              Cache-Control: max-age=31104000
                                                                                                              Expires: Sun, 05 Jun 2022 03:52:24 GMT
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: image/png
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:57 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 102513
                                                                                                              X-Served-By: cache-ams21072-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399657.220352,VS0,VE0
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/webfonts/fa-regular-400.eot?
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /webfonts/fa-regular-400.eot? HTTP/1.1
                                                                                                              Accept: */*
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Origin: https://bazaar.abuse.ch
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 16841
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Cache-Control: max-age=2628000, public
                                                                                                              Last-Modified: Tue, 31 Mar 2020 10:33:19 GMT
                                                                                                              ETag: "8656-5a22418a3cd1a"
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: application/vnd.ms-fontobject
                                                                                                              Content-Encoding: gzip
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:57 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 104463
                                                                                                              X-Served-By: cache-ams21072-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399657.442676,VS0,VE1
                                                                                                              Vary: Accept-Encoding
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/images/avatar/1014590600652447744.jpg
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /images/avatar/1014590600652447744.jpg HTTP/1.1
                                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 1959
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Tue, 25 May 2021 19:22:28 GMT
                                                                                                              ETag: "7a7-5c32c725c9501"
                                                                                                              Cache-Control: max-age=31104000
                                                                                                              Expires: Sat, 04 Jun 2022 00:37:48 GMT
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: image/jpeg
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:57 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 200588
                                                                                                              X-Served-By: cache-ams21043-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399657.087866,VS0,VE0
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              https://bazaar.abuse.ch/images/flags/us.png
                                                                                                              IEXPLORE.EXE
                                                                                                              Remote address:
                                                                                                              151.101.2.49:443
                                                                                                              Request
                                                                                                              GET /images/flags/us.png HTTP/1.1
                                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                                              Referer: https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: bazaar.abuse.ch
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: BAZAAR=st0s0o8mj6frr784g7t150hp08
                                                                                                              Response
                                                                                                              HTTP/1.1 200 OK
                                                                                                              Connection: keep-alive
                                                                                                              Content-Length: 609
                                                                                                              Server: Apache/2
                                                                                                              Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                                                                                                              Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                              Expect-CT: enforce, max-age=86400
                                                                                                              Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="default"
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Last-Modified: Mon, 23 Dec 2019 12:33:13 GMT
                                                                                                              ETag: "261-59a5e3b2b19f4"
                                                                                                              Cache-Control: max-age=31104000
                                                                                                              Expires: Sun, 05 Jun 2022 00:32:42 GMT
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: sameorigin
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Content-Type: image/png
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Fri, 11 Jun 2021 08:20:56 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              Age: 114494
                                                                                                              X-Served-By: cache-ams21056-AMS
                                                                                                              X-Cache: HIT
                                                                                                              X-Cache-Hits: 1
                                                                                                              X-Timer: S1623399657.801319,VS0,VE0
                                                                                                            • flag-unknown
                                                                                                              DNS
                                                                                                              notifier.win-rar.com
                                                                                                              Remote address:
                                                                                                              8.8.8.8:53
                                                                                                              Request
                                                                                                              notifier.win-rar.com
                                                                                                              IN A
                                                                                                              Response
                                                                                                              notifier.win-rar.com
                                                                                                              IN A
                                                                                                              51.195.68.173
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              Remote address:
                                                                                                              34.104.35.123:80
                                                                                                              Request
                                                                                                              GET /edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: identity
                                                                                                              If-Unmodified-Since: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              Range: bytes=5355-12438
                                                                                                              User-Agent: Microsoft BITS/7.5
                                                                                                              Host: edgedl.me.gvt1.com
                                                                                                              Response
                                                                                                              HTTP/1.1 206 Partial Content
                                                                                                              accept-ranges: bytes
                                                                                                              content-disposition: attachment
                                                                                                              content-length: 7084
                                                                                                              content-security-policy: default-src 'none'
                                                                                                              content-type: application/octet-stream
                                                                                                              etag: "a1249b"
                                                                                                              last-modified: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              server: Google-Edge-Cache
                                                                                                              x-content-type-options: nosniff
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-xss-protection: 0
                                                                                                              date: Thu, 10 Jun 2021 16:44:25 GMT
                                                                                                              age: 56235
                                                                                                              content-range: bytes 5355-12438/47502
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                              cache-control: public,max-age=86400
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              Remote address:
                                                                                                              34.104.35.123:80
                                                                                                              Request
                                                                                                              GET /edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: identity
                                                                                                              If-Unmodified-Since: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              Range: bytes=12439-19381
                                                                                                              User-Agent: Microsoft BITS/7.5
                                                                                                              Host: edgedl.me.gvt1.com
                                                                                                              Response
                                                                                                              HTTP/1.1 206 Partial Content
                                                                                                              accept-ranges: bytes
                                                                                                              content-disposition: attachment
                                                                                                              content-length: 6943
                                                                                                              content-security-policy: default-src 'none'
                                                                                                              content-type: application/octet-stream
                                                                                                              etag: "a1249b"
                                                                                                              last-modified: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              server: Google-Edge-Cache
                                                                                                              x-content-type-options: nosniff
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-xss-protection: 0
                                                                                                              date: Thu, 10 Jun 2021 16:44:25 GMT
                                                                                                              age: 56385
                                                                                                              content-range: bytes 12439-19381/47502
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                              cache-control: public,max-age=86400
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              Remote address:
                                                                                                              34.104.35.123:80
                                                                                                              Request
                                                                                                              GET /edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: identity
                                                                                                              If-Unmodified-Since: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              Range: bytes=19382-26876
                                                                                                              User-Agent: Microsoft BITS/7.5
                                                                                                              Host: edgedl.me.gvt1.com
                                                                                                              Response
                                                                                                              HTTP/1.1 206 Partial Content
                                                                                                              accept-ranges: bytes
                                                                                                              content-disposition: attachment
                                                                                                              content-length: 7495
                                                                                                              content-security-policy: default-src 'none'
                                                                                                              content-type: application/octet-stream
                                                                                                              etag: "a1249b"
                                                                                                              last-modified: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              server: Google-Edge-Cache
                                                                                                              x-content-type-options: nosniff
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-xss-protection: 0
                                                                                                              date: Thu, 10 Jun 2021 16:44:25 GMT
                                                                                                              age: 56521
                                                                                                              content-range: bytes 19382-26876/47502
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                              cache-control: public,max-age=86400
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              Remote address:
                                                                                                              34.104.35.123:80
                                                                                                              Request
                                                                                                              GET /edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: identity
                                                                                                              If-Unmodified-Since: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              Range: bytes=26877-35050
                                                                                                              User-Agent: Microsoft BITS/7.5
                                                                                                              Host: edgedl.me.gvt1.com
                                                                                                              Response
                                                                                                              HTTP/1.1 206 Partial Content
                                                                                                              accept-ranges: bytes
                                                                                                              content-disposition: attachment
                                                                                                              content-length: 8174
                                                                                                              content-security-policy: default-src 'none'
                                                                                                              content-type: application/octet-stream
                                                                                                              etag: "a1249b"
                                                                                                              last-modified: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              server: Google-Edge-Cache
                                                                                                              x-content-type-options: nosniff
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-xss-protection: 0
                                                                                                              date: Thu, 10 Jun 2021 16:44:25 GMT
                                                                                                              age: 56531
                                                                                                              content-range: bytes 26877-35050/47502
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                              cache-control: public,max-age=86400
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              Remote address:
                                                                                                              34.104.35.123:80
                                                                                                              Request
                                                                                                              GET /edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: identity
                                                                                                              If-Unmodified-Since: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              Range: bytes=35051-42880
                                                                                                              User-Agent: Microsoft BITS/7.5
                                                                                                              Host: edgedl.me.gvt1.com
                                                                                                              Response
                                                                                                              HTTP/1.1 206 Partial Content
                                                                                                              accept-ranges: bytes
                                                                                                              content-disposition: attachment
                                                                                                              content-length: 7830
                                                                                                              content-security-policy: default-src 'none'
                                                                                                              content-type: application/octet-stream
                                                                                                              etag: "a1249b"
                                                                                                              last-modified: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              server: Google-Edge-Cache
                                                                                                              x-content-type-options: nosniff
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-xss-protection: 0
                                                                                                              date: Thu, 10 Jun 2021 16:44:25 GMT
                                                                                                              age: 56539
                                                                                                              content-range: bytes 35051-42880/47502
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                              cache-control: public,max-age=86400
                                                                                                            • flag-unknown
                                                                                                              GET
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              Remote address:
                                                                                                              34.104.35.123:80
                                                                                                              Request
                                                                                                              GET /edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              Accept-Encoding: identity
                                                                                                              If-Unmodified-Since: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              Range: bytes=42881-47501
                                                                                                              User-Agent: Microsoft BITS/7.5
                                                                                                              Host: edgedl.me.gvt1.com
                                                                                                              Response
                                                                                                              HTTP/1.1 206 Partial Content
                                                                                                              accept-ranges: bytes
                                                                                                              content-disposition: attachment
                                                                                                              content-length: 4621
                                                                                                              content-security-policy: default-src 'none'
                                                                                                              content-type: application/octet-stream
                                                                                                              etag: "a1249b"
                                                                                                              last-modified: Fri, 07 May 2021 17:49:07 GMT
                                                                                                              server: Google-Edge-Cache
                                                                                                              x-content-type-options: nosniff
                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                              x-xss-protection: 0
                                                                                                              date: Thu, 10 Jun 2021 16:44:25 GMT
                                                                                                              age: 56546
                                                                                                              content-range: bytes 42881-47501/47502
                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                              cache-control: public,max-age=86400
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              909 B
                                                                                                              5.2kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              909 B
                                                                                                              5.2kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              863 B
                                                                                                              3.5kB
                                                                                                              7
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              909 B
                                                                                                              5.2kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              909 B
                                                                                                              5.2kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              863 B
                                                                                                              3.5kB
                                                                                                              7
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              863 B
                                                                                                              3.5kB
                                                                                                              7
                                                                                                              7
                                                                                                            • 216.239.32.29:80
                                                                                                              http://pki.goog/gsr1/gsr1.crt
                                                                                                              http
                                                                                                              357 B
                                                                                                              2.8kB
                                                                                                              5
                                                                                                              5

                                                                                                              HTTP Request

                                                                                                              GET http://pki.goog/gsr1/gsr1.crt

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 216.239.32.29:80
                                                                                                              http://pki.goog/gsr1/gsr1.crt
                                                                                                              http
                                                                                                              357 B
                                                                                                              3.0kB
                                                                                                              5
                                                                                                              5

                                                                                                              HTTP Request

                                                                                                              GET http://pki.goog/gsr1/gsr1.crt

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 216.239.32.29:80
                                                                                                              http://pki.goog/gsr1/gsr1.crt
                                                                                                              http
                                                                                                              357 B
                                                                                                              3.0kB
                                                                                                              5
                                                                                                              5

                                                                                                              HTTP Request

                                                                                                              GET http://pki.goog/gsr1/gsr1.crt

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 216.239.32.29:80
                                                                                                              http://pki.goog/gsr1/gsr1.crt
                                                                                                              http
                                                                                                              351 B
                                                                                                              1.5kB
                                                                                                              5
                                                                                                              4

                                                                                                              HTTP Request

                                                                                                              GET http://pki.goog/gsr1/gsr1.crt

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              863 B
                                                                                                              3.5kB
                                                                                                              7
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              909 B
                                                                                                              5.2kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 172.217.17.78:443
                                                                                                              redirector.gvt1.com
                                                                                                              tls
                                                                                                              863 B
                                                                                                              4.2kB
                                                                                                              7
                                                                                                              7
                                                                                                            • 172.217.20.78:443
                                                                                                              clients2.google.com
                                                                                                              tls
                                                                                                              909 B
                                                                                                              6.8kB
                                                                                                              8
                                                                                                              9
                                                                                                            • 172.217.17.109:443
                                                                                                              accounts.google.com
                                                                                                              tls
                                                                                                              909 B
                                                                                                              4.7kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 172.217.17.109:443
                                                                                                              accounts.google.com
                                                                                                              tls
                                                                                                              909 B
                                                                                                              4.7kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              909 B
                                                                                                              5.2kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              863 B
                                                                                                              3.5kB
                                                                                                              7
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              909 B
                                                                                                              5.2kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 172.217.20.78:443
                                                                                                              clients2.google.com
                                                                                                              tls
                                                                                                              909 B
                                                                                                              6.8kB
                                                                                                              8
                                                                                                              9
                                                                                                            • 172.217.17.35:443
                                                                                                              ssl.gstatic.com
                                                                                                              tls
                                                                                                              909 B
                                                                                                              4.7kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              3.0kB
                                                                                                              10.1kB
                                                                                                              31
                                                                                                              40
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              2.2kB
                                                                                                              8.3kB
                                                                                                              23
                                                                                                              27
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              2.2kB
                                                                                                              6.7kB
                                                                                                              23
                                                                                                              28
                                                                                                            • 172.217.17.109:443
                                                                                                              accounts.google.com
                                                                                                              tls
                                                                                                              2.0kB
                                                                                                              7.7kB
                                                                                                              20
                                                                                                              23
                                                                                                            • 172.217.20.78:443
                                                                                                              clients2.google.com
                                                                                                              tls
                                                                                                              3.0kB
                                                                                                              11.5kB
                                                                                                              19
                                                                                                              23
                                                                                                            • 172.217.168.225:443
                                                                                                              clients2.googleusercontent.com
                                                                                                              tls
                                                                                                              2.4kB
                                                                                                              32.4kB
                                                                                                              28
                                                                                                              34
                                                                                                            • 172.217.17.78:80
                                                                                                              http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                                                                                                              http
                                                                                                              953 B
                                                                                                              3.1kB
                                                                                                              12
                                                                                                              12

                                                                                                              HTTP Request

                                                                                                              GET http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

                                                                                                              HTTP Response

                                                                                                              302
                                                                                                            • 74.125.4.170:80
                                                                                                              http://r5---sn-aigzrne7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=154.61.71.13&mm=28&mn=sn-aigzrne7&ms=nvh&mt=1623399140&mv=m&mvi=5&pl=24&rmhost=r3---sn-aigzrne7.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7k.gvt1.com
                                                                                                              http
                                                                                                              5.4kB
                                                                                                              256.7kB
                                                                                                              105
                                                                                                              187

                                                                                                              HTTP Request

                                                                                                              GET http://r5---sn-aigzrne7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=154.61.71.13&mm=28&mn=sn-aigzrne7&ms=nvh&mt=1623399140&mv=m&mvi=5&pl=24&rmhost=r3---sn-aigzrne7.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7k.gvt1.com

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 172.217.17.42:443
                                                                                                              translate.googleapis.com
                                                                                                              tls
                                                                                                              1.9kB
                                                                                                              6.7kB
                                                                                                              19
                                                                                                              21
                                                                                                            • 151.101.2.49:443
                                                                                                              bazaar.abuse.ch
                                                                                                              tls
                                                                                                              IEXPLORE.EXE
                                                                                                              786 B
                                                                                                              5.3kB
                                                                                                              10
                                                                                                              9
                                                                                                            • 151.101.2.49:443
                                                                                                              bazaar.abuse.ch
                                                                                                              tls
                                                                                                              IEXPLORE.EXE
                                                                                                              786 B
                                                                                                              5.4kB
                                                                                                              10
                                                                                                              11
                                                                                                            • 172.217.17.42:443
                                                                                                              translate.googleapis.com
                                                                                                              tls
                                                                                                              2.0kB
                                                                                                              8.3kB
                                                                                                              19
                                                                                                              20
                                                                                                            • 172.217.17.42:443
                                                                                                              translate.googleapis.com
                                                                                                              tls
                                                                                                              2.1kB
                                                                                                              7.3kB
                                                                                                              19
                                                                                                              19
                                                                                                            • 216.58.208.110:443
                                                                                                              translate.google.com
                                                                                                              tls
                                                                                                              3.8kB
                                                                                                              45.6kB
                                                                                                              42
                                                                                                              57
                                                                                                            • 151.101.2.49:443
                                                                                                              bazaar.abuse.ch
                                                                                                              tls
                                                                                                              IEXPLORE.EXE
                                                                                                              605 B
                                                                                                              498 B
                                                                                                              7
                                                                                                              6
                                                                                                            • 172.217.17.78:443
                                                                                                              consent.google.com
                                                                                                              tls
                                                                                                              2.4kB
                                                                                                              6.6kB
                                                                                                              18
                                                                                                              19
                                                                                                            • 172.217.20.78:443
                                                                                                              consent.google.nl
                                                                                                              tls
                                                                                                              2.2kB
                                                                                                              7.3kB
                                                                                                              19
                                                                                                              20
                                                                                                            • 216.58.211.110:443
                                                                                                              consent.youtube.com
                                                                                                              tls
                                                                                                              2.2kB
                                                                                                              9.2kB
                                                                                                              19
                                                                                                              21
                                                                                                            • 172.217.17.46:443
                                                                                                              apis.google.com
                                                                                                              tls
                                                                                                              3.0kB
                                                                                                              43.7kB
                                                                                                              33
                                                                                                              44
                                                                                                            • 140.82.114.4:443
                                                                                                              github.com
                                                                                                              tls
                                                                                                              5.6kB
                                                                                                              92.6kB
                                                                                                              66
                                                                                                              97
                                                                                                            • 140.82.114.4:443
                                                                                                              github.com
                                                                                                              tls
                                                                                                              989 B
                                                                                                              3.1kB
                                                                                                              9
                                                                                                              6
                                                                                                            • 185.199.108.154:443
                                                                                                              github.githubassets.com
                                                                                                              tls
                                                                                                              9.5kB
                                                                                                              326.6kB
                                                                                                              155
                                                                                                              261
                                                                                                            • 185.199.108.154:443
                                                                                                              github.githubassets.com
                                                                                                              tls
                                                                                                              943 B
                                                                                                              4.5kB
                                                                                                              8
                                                                                                              9
                                                                                                            • 185.199.108.154:443
                                                                                                              github.githubassets.com
                                                                                                              tls
                                                                                                              943 B
                                                                                                              4.4kB
                                                                                                              8
                                                                                                              7
                                                                                                            • 185.199.108.154:443
                                                                                                              github.githubassets.com
                                                                                                              tls
                                                                                                              943 B
                                                                                                              4.4kB
                                                                                                              8
                                                                                                              7
                                                                                                            • 185.199.108.154:443
                                                                                                              github.githubassets.com
                                                                                                              tls
                                                                                                              943 B
                                                                                                              4.5kB
                                                                                                              8
                                                                                                              9
                                                                                                            • 185.199.108.154:443
                                                                                                              github.githubassets.com
                                                                                                              tls
                                                                                                              943 B
                                                                                                              4.4kB
                                                                                                              8
                                                                                                              8
                                                                                                            • 185.199.110.133:443
                                                                                                              avatars.githubusercontent.com
                                                                                                              tls
                                                                                                              3.2kB
                                                                                                              25.2kB
                                                                                                              34
                                                                                                              38
                                                                                                            • 185.199.110.133:443
                                                                                                              avatars.githubusercontent.com
                                                                                                              tls
                                                                                                              943 B
                                                                                                              4.6kB
                                                                                                              8
                                                                                                              7
                                                                                                            • 185.199.110.133:443
                                                                                                              avatars.githubusercontent.com
                                                                                                              tls
                                                                                                              943 B
                                                                                                              4.7kB
                                                                                                              8
                                                                                                              9
                                                                                                            • 185.199.108.154:443
                                                                                                              github.githubassets.com
                                                                                                              tls
                                                                                                              2.6kB
                                                                                                              25.1kB
                                                                                                              27
                                                                                                              37
                                                                                                            • 216.58.208.106:443
                                                                                                              content-autofill.googleapis.com
                                                                                                              tls
                                                                                                              2.0kB
                                                                                                              5.1kB
                                                                                                              18
                                                                                                              19
                                                                                                            • 52.54.72.115:443
                                                                                                              collector.githubapp.com
                                                                                                              tls
                                                                                                              5.3kB
                                                                                                              7.0kB
                                                                                                              20
                                                                                                              17
                                                                                                            • 140.82.114.6:443
                                                                                                              api.github.com
                                                                                                              tls
                                                                                                              18.8kB
                                                                                                              8.3kB
                                                                                                              37
                                                                                                              39
                                                                                                            • 216.58.214.3:443
                                                                                                              update.googleapis.com
                                                                                                              tls
                                                                                                              5.6kB
                                                                                                              9.5kB
                                                                                                              22
                                                                                                              23
                                                                                                            • 34.104.35.123:80
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              http
                                                                                                              509 B
                                                                                                              1.3kB
                                                                                                              6
                                                                                                              6

                                                                                                              HTTP Request

                                                                                                              HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              2.2kB
                                                                                                              6.6kB
                                                                                                              23
                                                                                                              26
                                                                                                            • 142.250.179.138:443
                                                                                                              safebrowsing.googleapis.com
                                                                                                              tls
                                                                                                              122.1kB
                                                                                                              7.1MB
                                                                                                              2626
                                                                                                              5051
                                                                                                            • 34.104.35.123:80
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              http
                                                                                                              673 B
                                                                                                              6.5kB
                                                                                                              8
                                                                                                              10

                                                                                                              HTTP Request

                                                                                                              GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo

                                                                                                              HTTP Response

                                                                                                              206
                                                                                                            • 204.79.197.200:443
                                                                                                              ieonline.microsoft.com
                                                                                                              tls
                                                                                                              iexplore.exe
                                                                                                              707 B
                                                                                                              7.5kB
                                                                                                              8
                                                                                                              12
                                                                                                            • 140.82.112.5:443
                                                                                                              api.github.com
                                                                                                              tls
                                                                                                              3.6kB
                                                                                                              6.5kB
                                                                                                              21
                                                                                                              19
                                                                                                            • 140.82.112.5:443
                                                                                                              98 B
                                                                                                              52 B
                                                                                                              2
                                                                                                              1
                                                                                                            • 140.82.112.5:443
                                                                                                              98 B
                                                                                                              52 B
                                                                                                              2
                                                                                                              1
                                                                                                            • 151.101.2.49:443
                                                                                                              bazaar.abuse.ch
                                                                                                              tls
                                                                                                              IEXPLORE.EXE
                                                                                                              605 B
                                                                                                              538 B
                                                                                                              7
                                                                                                              7
                                                                                                            • 172.217.168.238:443
                                                                                                              encrypted-tbn0.gstatic.com
                                                                                                              tls
                                                                                                              1.8kB
                                                                                                              5.4kB
                                                                                                              17
                                                                                                              15
                                                                                                            • 185.10.99.20:443
                                                                                                              www.winrar.nl
                                                                                                              tls
                                                                                                              1.9kB
                                                                                                              10.7kB
                                                                                                              13
                                                                                                              16
                                                                                                            • 216.58.208.99:443
                                                                                                              id.google.com
                                                                                                              tls
                                                                                                              2.3kB
                                                                                                              8.8kB
                                                                                                              18
                                                                                                              20
                                                                                                            • 51.195.68.163:443
                                                                                                              www.win-rar.com
                                                                                                              tls
                                                                                                              87.5kB
                                                                                                              5.0MB
                                                                                                              1789
                                                                                                              3400
                                                                                                            • 51.195.68.163:443
                                                                                                              www.win-rar.com
                                                                                                              tls
                                                                                                              943 B
                                                                                                              3.3kB
                                                                                                              8
                                                                                                              9
                                                                                                            • 151.101.2.49:443
                                                                                                              bazaar.abuse.ch
                                                                                                              tls
                                                                                                              IEXPLORE.EXE
                                                                                                              605 B
                                                                                                              498 B
                                                                                                              7
                                                                                                              6
                                                                                                            • 151.101.2.49:443
                                                                                                              https://bazaar.abuse.ch/js/svg-pan-zoom.min.js
                                                                                                              tls, http
                                                                                                              IEXPLORE.EXE
                                                                                                              7.1kB
                                                                                                              122.8kB
                                                                                                              58
                                                                                                              102

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/sample/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/css/bootstrap.min.css

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/css/jumbotron.css

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/js/jquery-3.5.1.min.js

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/js/popper.min.js

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/js/bootstrap.min.js

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/js/clipboard.min.js

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/js/bazaar_functions.js

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/js/svg-pan-zoom.min.js

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 142.250.179.131:80
                                                                                                              http://www.gstatic.com/generate_204
                                                                                                              http
                                                                                                              733 B
                                                                                                              534 B
                                                                                                              9
                                                                                                              8

                                                                                                              HTTP Request

                                                                                                              GET http://www.gstatic.com/generate_204

                                                                                                              HTTP Response

                                                                                                              204
                                                                                                            • 216.58.208.110:443
                                                                                                              sb-ssl.google.com
                                                                                                              tls
                                                                                                              7.3kB
                                                                                                              8.7kB
                                                                                                              22
                                                                                                              22
                                                                                                            • 151.101.2.49:443
                                                                                                              https://bazaar.abuse.ch/download/e5838a957f097ff8/
                                                                                                              tls, http
                                                                                                              IEXPLORE.EXE
                                                                                                              6.6kB
                                                                                                              213.3kB
                                                                                                              88
                                                                                                              159

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/css/all.min.css

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/webfonts/fa-solid-900.eot?

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/favicon.ico

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/download/60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df/

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/download/e5838a957f097ff8/

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 151.101.2.49:443
                                                                                                              https://bazaar.abuse.ch/css/custom.css
                                                                                                              tls, http
                                                                                                              IEXPLORE.EXE
                                                                                                              1.1kB
                                                                                                              4.0kB
                                                                                                              8
                                                                                                              8

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/css/custom.css

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 151.101.2.49:443
                                                                                                              https://bazaar.abuse.ch/webfonts/fa-regular-400.eot?
                                                                                                              tls, http
                                                                                                              IEXPLORE.EXE
                                                                                                              2.0kB
                                                                                                              28.0kB
                                                                                                              17
                                                                                                              26

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/images/malwarebazaar_logo.png

                                                                                                              HTTP Response

                                                                                                              200

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/webfonts/fa-regular-400.eot?

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 151.101.2.49:443
                                                                                                              https://bazaar.abuse.ch/images/avatar/1014590600652447744.jpg
                                                                                                              tls, http
                                                                                                              IEXPLORE.EXE
                                                                                                              1.2kB
                                                                                                              4.9kB
                                                                                                              8
                                                                                                              9

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/images/avatar/1014590600652447744.jpg

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 151.101.2.49:443
                                                                                                              https://bazaar.abuse.ch/images/flags/us.png
                                                                                                              tls, http
                                                                                                              IEXPLORE.EXE
                                                                                                              1.1kB
                                                                                                              2.7kB
                                                                                                              7
                                                                                                              7

                                                                                                              HTTP Request

                                                                                                              GET https://bazaar.abuse.ch/images/flags/us.png

                                                                                                              HTTP Response

                                                                                                              200
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              tls
                                                                                                              2.1kB
                                                                                                              8.1kB
                                                                                                              20
                                                                                                              24
                                                                                                            • 51.195.68.173:443
                                                                                                              notifier.win-rar.com
                                                                                                              tls
                                                                                                              th.exe
                                                                                                              619 B
                                                                                                              3.0kB
                                                                                                              7
                                                                                                              7
                                                                                                            • 34.104.35.123:80
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              http
                                                                                                              671 B
                                                                                                              8.1kB
                                                                                                              8
                                                                                                              10

                                                                                                              HTTP Request

                                                                                                              GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo

                                                                                                              HTTP Response

                                                                                                              206
                                                                                                            • 34.104.35.123:80
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              http
                                                                                                              672 B
                                                                                                              7.9kB
                                                                                                              8
                                                                                                              10

                                                                                                              HTTP Request

                                                                                                              GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo

                                                                                                              HTTP Response

                                                                                                              206
                                                                                                            • 34.104.35.123:80
                                                                                                              http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo
                                                                                                              http
                                                                                                              2.1kB
                                                                                                              31.7kB
                                                                                                              20
                                                                                                              28

                                                                                                              HTTP Request

                                                                                                              GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo

                                                                                                              HTTP Response

                                                                                                              206

                                                                                                              HTTP Request

                                                                                                              GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo

                                                                                                              HTTP Response

                                                                                                              206

                                                                                                              HTTP Request

                                                                                                              GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo

                                                                                                              HTTP Response

                                                                                                              206

                                                                                                              HTTP Request

                                                                                                              GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xNWfWeoqykUYSZo

                                                                                                              HTTP Response

                                                                                                              206
                                                                                                            • 8.8.8.8:53
                                                                                                              accounts.google.com
                                                                                                              dns
                                                                                                              325 B
                                                                                                              81 B
                                                                                                              5
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              accounts.google.com

                                                                                                              DNS Request

                                                                                                              accounts.google.com

                                                                                                              DNS Request

                                                                                                              accounts.google.com

                                                                                                              DNS Request

                                                                                                              accounts.google.com

                                                                                                              DNS Request

                                                                                                              accounts.google.com

                                                                                                              DNS Response

                                                                                                              172.217.17.109

                                                                                                            • 8.8.8.8:53
                                                                                                              redirector.gvt1.com
                                                                                                              dns
                                                                                                              325 B
                                                                                                              81 B
                                                                                                              5
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              redirector.gvt1.com

                                                                                                              DNS Request

                                                                                                              redirector.gvt1.com

                                                                                                              DNS Request

                                                                                                              redirector.gvt1.com

                                                                                                              DNS Request

                                                                                                              redirector.gvt1.com

                                                                                                              DNS Request

                                                                                                              redirector.gvt1.com

                                                                                                              DNS Response

                                                                                                              172.217.17.78

                                                                                                            • 8.8.8.8:53
                                                                                                              clients2.google.com
                                                                                                              dns
                                                                                                              325 B
                                                                                                              105 B
                                                                                                              5
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              clients2.google.com

                                                                                                              DNS Request

                                                                                                              clients2.google.com

                                                                                                              DNS Request

                                                                                                              clients2.google.com

                                                                                                              DNS Request

                                                                                                              clients2.google.com

                                                                                                              DNS Request

                                                                                                              clients2.google.com

                                                                                                              DNS Response

                                                                                                              172.217.20.78

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              168 B
                                                                                                              88 B
                                                                                                              3
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Response

                                                                                                              8.8.8.8
                                                                                                              8.8.4.4

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              168 B
                                                                                                              88 B
                                                                                                              3
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Response

                                                                                                              8.8.8.8
                                                                                                              8.8.4.4

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              168 B
                                                                                                              88 B
                                                                                                              3
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Response

                                                                                                              8.8.8.8
                                                                                                              8.8.4.4

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              60 B
                                                                                                              76 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.google.com

                                                                                                              DNS Response

                                                                                                              142.250.179.196

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              54 B
                                                                                                              70 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              pki.goog

                                                                                                              DNS Response

                                                                                                              216.239.32.29

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              76 B
                                                                                                              296 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.download.windowsupdate.com

                                                                                                              DNS Response

                                                                                                              8.238.111.254
                                                                                                              67.24.35.254
                                                                                                              67.26.109.254
                                                                                                              8.253.208.112
                                                                                                              8.253.208.120

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              76 B
                                                                                                              276 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.download.windowsupdate.com

                                                                                                              DNS Response

                                                                                                              84.53.175.122
                                                                                                              84.53.175.34

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              76 B
                                                                                                              276 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.download.windowsupdate.com

                                                                                                              DNS Response

                                                                                                              84.53.175.122
                                                                                                              84.53.175.34

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              76 B
                                                                                                              276 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.download.windowsupdate.com

                                                                                                              DNS Response

                                                                                                              84.53.175.122
                                                                                                              84.53.175.34

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              65 B
                                                                                                              105 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              clients2.google.com

                                                                                                              DNS Response

                                                                                                              172.217.20.78

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              65 B
                                                                                                              81 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              redirector.gvt1.com

                                                                                                              DNS Response

                                                                                                              172.217.17.78

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              75 B
                                                                                                              91 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              clientservices.googleapis.com

                                                                                                              DNS Response

                                                                                                              142.250.179.131

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              65 B
                                                                                                              81 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              accounts.google.com

                                                                                                              DNS Response

                                                                                                              172.217.17.109

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              61 B
                                                                                                              77 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              ssl.gstatic.com

                                                                                                              DNS Response

                                                                                                              172.217.17.35

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              65 B
                                                                                                              81 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              accounts.google.com

                                                                                                              DNS Response

                                                                                                              172.217.17.109

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              56 B
                                                                                                              88 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Response

                                                                                                              8.8.8.8
                                                                                                              8.8.4.4

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              56 B
                                                                                                              88 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              dns.google

                                                                                                              DNS Response

                                                                                                              8.8.8.8
                                                                                                              8.8.4.4

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              61 B
                                                                                                              77 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.gstatic.com

                                                                                                              DNS Response

                                                                                                              142.250.179.131

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              65 B
                                                                                                              105 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              clients2.google.com

                                                                                                              DNS Response

                                                                                                              172.217.20.78

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              60 B
                                                                                                              76 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.google.com

                                                                                                              DNS Response

                                                                                                              142.250.179.196

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              62 B
                                                                                                              157 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              go.microsoft.com

                                                                                                              DNS Response

                                                                                                              95.101.206.92

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              61 B
                                                                                                              166 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              bazaar.abuse.ch

                                                                                                              DNS Response

                                                                                                              151.101.2.49
                                                                                                              151.101.66.49
                                                                                                              151.101.130.49
                                                                                                              151.101.194.49

                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              11.7kB
                                                                                                              24.6kB
                                                                                                              85
                                                                                                              107
                                                                                                            • 172.217.168.225:443
                                                                                                              https
                                                                                                              11.8kB
                                                                                                              1.1MB
                                                                                                              145
                                                                                                              787
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              4.2kB
                                                                                                              8.1kB
                                                                                                              18
                                                                                                              18
                                                                                                            • 172.217.17.42:443
                                                                                                              https
                                                                                                              2.4kB
                                                                                                              10.1kB
                                                                                                              8
                                                                                                              13
                                                                                                            • 172.217.17.42:443
                                                                                                              https
                                                                                                              17.6kB
                                                                                                              109.3kB
                                                                                                              70
                                                                                                              109
                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              67 B
                                                                                                              204 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              secure.globalsign.com

                                                                                                              DNS Response

                                                                                                              151.101.2.133
                                                                                                              151.101.66.133
                                                                                                              151.101.130.133
                                                                                                              151.101.194.133

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              67 B
                                                                                                              204 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              secure.globalsign.com

                                                                                                              DNS Response

                                                                                                              151.101.2.133
                                                                                                              151.101.66.133
                                                                                                              151.101.130.133
                                                                                                              151.101.194.133

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              76 B
                                                                                                              225 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.download.windowsupdate.com

                                                                                                              DNS Response

                                                                                                              205.185.216.10
                                                                                                              205.185.216.42

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              76 B
                                                                                                              225 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.download.windowsupdate.com

                                                                                                              DNS Response

                                                                                                              205.185.216.10
                                                                                                              205.185.216.42

                                                                                                            • 216.58.208.110:443
                                                                                                              https
                                                                                                              3.8kB
                                                                                                              9.5kB
                                                                                                              9
                                                                                                              12
                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              66 B
                                                                                                              128 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              cacerts.digicert.com

                                                                                                              DNS Response

                                                                                                              104.18.11.39
                                                                                                              104.18.10.39

                                                                                                            • 224.0.0.251:5353
                                                                                                              204 B
                                                                                                              3
                                                                                                            • 216.58.208.106:443
                                                                                                              https
                                                                                                              2.3kB
                                                                                                              6.0kB
                                                                                                              7
                                                                                                              10
                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              64 B
                                                                                                              80 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              edgedl.me.gvt1.com

                                                                                                              DNS Response

                                                                                                              34.104.35.123

                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              2.2kB
                                                                                                              8.4kB
                                                                                                              10
                                                                                                              13
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              3.2kB
                                                                                                              7.4kB
                                                                                                              8
                                                                                                              9
                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              68 B
                                                                                                              112 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              ieonline.microsoft.com

                                                                                                              DNS Response

                                                                                                              204.79.197.200

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              63 B
                                                                                                              111 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              ocsp.digicert.com

                                                                                                              DNS Response

                                                                                                              93.184.220.29

                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              3.2kB
                                                                                                              3.1kB
                                                                                                              6
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              2.4kB
                                                                                                              3.9kB
                                                                                                              9
                                                                                                              11
                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              62 B
                                                                                                              146 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              crl.verisign.com

                                                                                                              DNS Response

                                                                                                              72.21.91.29

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              63 B
                                                                                                              230 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.microsoft.com

                                                                                                              DNS Response

                                                                                                              2.21.41.70

                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              76 B
                                                                                                              276 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              www.download.windowsupdate.com

                                                                                                              DNS Response

                                                                                                              84.53.175.122
                                                                                                              84.53.175.99

                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              4.9kB
                                                                                                              9.0kB
                                                                                                              31
                                                                                                              39
                                                                                                            • 172.217.19.202:443
                                                                                                              https
                                                                                                              2.7kB
                                                                                                              3.3kB
                                                                                                              12
                                                                                                              15
                                                                                                            • 216.58.208.110:443
                                                                                                              https
                                                                                                              2.4kB
                                                                                                              7.6kB
                                                                                                              11
                                                                                                              13
                                                                                                            • 142.250.179.168:443
                                                                                                              https
                                                                                                              3.8kB
                                                                                                              7.9kB
                                                                                                              11
                                                                                                              15
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              2.0kB
                                                                                                              3.1kB
                                                                                                              6
                                                                                                              7
                                                                                                            • 142.250.179.138:443
                                                                                                              https
                                                                                                              2.7kB
                                                                                                              7.4kB
                                                                                                              10
                                                                                                              14
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              3.3kB
                                                                                                              3.2kB
                                                                                                              7
                                                                                                              8
                                                                                                            • 172.217.20.78:443
                                                                                                              clients2.google.com
                                                                                                              https
                                                                                                              4.0kB
                                                                                                              11.5kB
                                                                                                              15
                                                                                                              17
                                                                                                            • 172.217.168.225:443
                                                                                                              https
                                                                                                              3.7kB
                                                                                                              21.9kB
                                                                                                              12
                                                                                                              19
                                                                                                            • 8.8.8.8:53
                                                                                                              dns.google
                                                                                                              dns
                                                                                                              66 B
                                                                                                              82 B
                                                                                                              1
                                                                                                              1

                                                                                                              DNS Request

                                                                                                              notifier.win-rar.com

                                                                                                              DNS Response

                                                                                                              51.195.68.173

                                                                                                            • 142.250.179.138:443
                                                                                                              https
                                                                                                              2.3kB
                                                                                                              4.6kB
                                                                                                              6
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              2.0kB
                                                                                                              3.1kB
                                                                                                              6
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              2.0kB
                                                                                                              3.1kB
                                                                                                              6
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              2.0kB
                                                                                                              3.1kB
                                                                                                              6
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              2.0kB
                                                                                                              3.1kB
                                                                                                              6
                                                                                                              7
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              1.7kB
                                                                                                              7.3kB
                                                                                                              5
                                                                                                              8
                                                                                                            • 8.8.8.8:443
                                                                                                              dns.google
                                                                                                              https
                                                                                                              2.1kB
                                                                                                              4.5kB
                                                                                                              7
                                                                                                              8
                                                                                                            • 142.250.179.138:443
                                                                                                              https
                                                                                                              2.4kB
                                                                                                              4.6kB
                                                                                                              8
                                                                                                              9

                                                                                                            MITRE ATT&CK Enterprise v6

                                                                                                            Replay Monitor

                                                                                                            Loading Replay Monitor...

                                                                                                            Downloads

                                                                                                            • memory/464-105-0x0000000001D50000-0x0000000001D51000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                            • memory/1004-107-0x0000000000300000-0x0000000000301000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                            • memory/2452-166-0x0000000075801000-0x0000000075803000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/2512-149-0x0000000002F10000-0x0000000002F11000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                            • memory/2512-62-0x000007FEFBD61000-0x000007FEFBD63000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/2676-60-0x0000000077690000-0x0000000077691000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                            We care about your privacy.

                                                                                                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.