Analysis
-
max time kernel
180s -
max time network
202s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2022, 13:21 UTC
Static task
static1
Behavioral task
behavioral1
Sample
XMouseButtonControlSetup.2.19.2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
XMouseButtonControlSetup.2.19.2.exe
Resource
win10v2004-20220812-en
General
-
Target
XMouseButtonControlSetup.2.19.2.exe
-
Size
2.6MB
-
MD5
1303890f3577db2f931323d10aad43d0
-
SHA1
782cd048deaad6b13da71fd2f4e3596e145bb188
-
SHA256
bc99080acc10eeb1c8379719c86c652221f3f6d1bff104a2ca32d6326154c636
-
SHA512
92db9b2d83c02337ff793c2ae2258bbd7c7a8c34e0f7149fd13c48310ac1637ffbe01dfc0d3b26c8b04877456bd6b168af94d4dbe5161dcc61e2a5580b559157
-
SSDEEP
49152:8W14xRLQGdJFJlAJLHo1Ztg0QRqUUyZOPb4R1onpLC70jQnh8zpZMzIJ/nJ1NM:8WsdJPlAdH8ZOsUUXT4oRh8hUpkIJ/n+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 756 XMouseButtonControl.exe -
Loads dropped DLL 12 IoCs
pid Process 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 4276 XMouseButtonControlSetup.2.19.2.exe 756 XMouseButtonControl.exe 756 XMouseButtonControl.exe -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 10 IoCs
description ioc Process File created C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt XMouseButtonControlSetup.2.19.2.exe File created C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt XMouseButtonControlSetup.2.19.2.exe File created C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf XMouseButtonControlSetup.2.19.2.exe File opened for modification C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt XMouseButtonControlSetup.2.19.2.exe File created C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe XMouseButtonControlSetup.2.19.2.exe File created C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe XMouseButtonControlSetup.2.19.2.exe File created C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll XMouseButtonControlSetup.2.19.2.exe File created C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll XMouseButtonControlSetup.2.19.2.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\24b17e88-3fcc-463f-8015-a2f8226c3ee7.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220913152306.pma setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies Control Panel 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\Desktop XMouseButtonControlSetup.2.19.2.exe -
Modifies registry class 34 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0" XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application Settings" XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings\ = "X-Mouse Button Control Application Settings" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\"" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile\ = "X-Mouse Button Control Profile" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile\DefaultIcon XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings\shell\ = "open" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings\DefaultIcon XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile\shell XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\"" XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile\shell\ = "open" XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile\shell\open\command XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile\shell\open XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\"" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings\shell\open XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Profile" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings\shell XMouseButtonControlSetup.2.19.2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0" XMouseButtonControlSetup.2.19.2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application Settings\shell\open\command XMouseButtonControlSetup.2.19.2.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4576 msedge.exe 4576 msedge.exe 8 msedge.exe 8 msedge.exe 4788 identity_helper.exe 4788 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
pid Process 756 XMouseButtonControl.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 756 XMouseButtonControl.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 756 XMouseButtonControl.exe 756 XMouseButtonControl.exe 756 XMouseButtonControl.exe 756 XMouseButtonControl.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4276 wrote to memory of 5008 4276 XMouseButtonControlSetup.2.19.2.exe 103 PID 4276 wrote to memory of 5008 4276 XMouseButtonControlSetup.2.19.2.exe 103 PID 4276 wrote to memory of 5008 4276 XMouseButtonControlSetup.2.19.2.exe 103 PID 8 wrote to memory of 1612 8 msedge.exe 108 PID 8 wrote to memory of 1612 8 msedge.exe 108 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 980 8 msedge.exe 112 PID 8 wrote to memory of 4576 8 msedge.exe 113 PID 8 wrote to memory of 4576 8 msedge.exe 113 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114 PID 8 wrote to memory of 4108 8 msedge.exe 114
Processes
-
C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.19.2.exe"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.19.2.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4276 -
C:\Windows\SysWOW64\certutil.execertutil -delstore root "82 53 30 f1 fa 00 53 f0 03 5a 19 83 63 cd f3 78 22 1d d7 7f"2⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x641⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:8 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffa034d46f8,0x7ffa034d4708,0x7ffa034d47182⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3048 /prefetch:82⤵PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:12⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:12⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 /prefetch:82⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:12⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:12⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6252 /prefetch:82⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:82⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
PID:1696 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf0,0xf4,0xfc,0x108,0xdc,0x7ff745485460,0x7ff745485470,0x7ff7454854803⤵PID:4536
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4104
Network
-
Remote address:8.8.8.8:53Requestnav.smartscreen.microsoft.comIN AResponsenav.smartscreen.microsoft.comIN CNAMEwd-prod-ss.trafficmanager.netwd-prod-ss.trafficmanager.netIN CNAMEwd-prod-ss-eu-west-2-fe.westeurope.cloudapp.azure.comwd-prod-ss-eu-west-2-fe.westeurope.cloudapp.azure.comIN A20.86.249.62
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/actions HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiVU0xeXJESFVaZ289Iiwia2V5IjoiM2NOTkZJdlZYK2JrSGZUZENtSGlFUT09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1272
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 3820
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:07 GMT
Connection: close
-
Remote address:8.8.8.8:53Requestwww.highrez.co.ukIN AResponsewww.highrez.co.ukIN A62.30.53.100
-
GEThttp://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64msedge.exeRemote address:62.30.53.100:80RequestGET /scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64 HTTP/1.1
Host: www.highrez.co.uk
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Location: https://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64
Server: Microsoft-IIS/10.0
X-Clacks-Overhead: GNU Terry Pratchett
X-Powered-By: ASP.NET
Date: Tue, 13 Sep 2022 13:23:07 GMT
Content-Length: 256
-
Remote address:8.8.8.8:53Requestsmartscreen-prod.microsoft.comIN AResponsesmartscreen-prod.microsoft.comIN CNAMEwd-prod-ss.trafficmanager.netwd-prod-ss.trafficmanager.netIN CNAMEwd-prod-ss-eu-west-1-fe.westeurope.cloudapp.azure.comwd-prod-ss-eu-west-1-fe.westeurope.cloudapp.azure.comIN A20.73.130.64
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiT0pIUzdaZUNjRXc9Iiwia2V5IjoibU5FcDNuYjlRL0xZdXFEMkJucTAwdz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1743
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 4761
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:08 GMT
Connection: close
-
GEThttps://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7Dmsedge.exeRemote address:20.73.130.64:443RequestGET /windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D HTTP/1.1
Connection: Keep-Alive
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
If-None-Match: "170540185939602997400506234197983529371"
User-Agent: SmartScreen/281479409565696
Host: smartscreen-prod.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 460976
Content-Type: application/octet-stream
ETag: "637811103879324684"
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:08 GMT
Connection: close
-
Remote address:20.73.130.64:443RequestPOST /api/browser/edge/data/settings HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiVU0xeXJESFVaZ289Iiwia2V5IjoiM2NOTkZJdlZYK2JrSGZUZENtSGlFUT09In0=
If-None-Match: "2.0-0"
User-Agent: SmartScreen/281479409565696
Content-Length: 1272
Host: smartscreen-prod.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
ETag: "2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1"
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:07 GMT
Connection: close
-
GEThttps://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_releasemsedge.exeRemote address:20.73.130.64:443RequestGET /windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release HTTP/1.1
Connection: Keep-Alive
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
If-None-Match: "636976985063396749.rel.v2"
User-Agent: SmartScreen/281479409565696
Host: smartscreen-prod.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 4349
Content-Type: application/octet-stream
ETag: "637986715261355369"
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:08 GMT
Connection: close
-
GEThttps://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_releasemsedge.exeRemote address:20.73.130.64:443RequestGET /windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release HTTP/1.1
Connection: Keep-Alive
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
If-None-Match: "637986715261355369"
User-Agent: SmartScreen/281479409565696
Host: smartscreen-prod.microsoft.com
ResponseHTTP/1.1 304 Not Modified
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:08 GMT
Connection: close
-
Remote address:20.73.130.64:443RequestPOST /api/browser/edge/data/settings HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiRmJ6dlpqdURYT0k9Iiwia2V5IjoiSC92c0ZQM3QxL0RzemlKZ01ETDJpQT09In0=
If-None-Match: "2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1"
User-Agent: SmartScreen/281479409565696
Content-Length: 1314
Host: smartscreen-prod.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
ETag: "2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1"
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:08 GMT
Connection: close
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiTUhaVllEWUFnRW89Iiwia2V5IjoiUitIeEJYMXJIT3J5Vi9OblladnA4dz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1941
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 2871
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:08 GMT
Connection: close
-
GEThttps://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7Dmsedge.exeRemote address:20.73.130.64:443RequestGET /windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D HTTP/1.1
Connection: Keep-Alive
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
If-None-Match: "637811103879324684"
User-Agent: SmartScreen/281479409565696
Host: smartscreen-prod.microsoft.com
ResponseHTTP/1.1 304 Not Modified
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:08 GMT
Connection: close
-
GEThttps://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7Dmsedge.exeRemote address:20.73.130.64:443RequestGET /windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D HTTP/1.1
Connection: Keep-Alive
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
If-None-Match: "637811103879324684"
User-Agent: SmartScreen/281479409565696
Host: smartscreen-prod.microsoft.com
ResponseHTTP/1.1 304 Not Modified
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:09 GMT
Connection: close
-
Remote address:8.8.8.8:53Requestdvps.highrez.co.ukIN AResponsedvps.highrez.co.ukIN A149.255.97.140dvps.highrez.co.ukIN A208.87.103.217
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiTEFkemhBK1lkaVU9Iiwia2V5IjoickhZUitzS0VETEU5cmdrQVI2QnhhZz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 2019
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 893
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:08 GMT
Connection: close
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A96.16.53.139a1952.dscq.akamai.netIN A96.16.53.134
-
Remote address:96.16.53.139:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 13 Sep 2022 14:23:09 GMT
Date: Tue, 13 Sep 2022 13:23:09 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestajax.googleapis.comIN AResponseajax.googleapis.comIN A142.250.179.170
-
Remote address:8.8.8.8:53Requestconnect.facebook.netIN AResponseconnect.facebook.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN A157.240.247.8
-
Remote address:142.250.179.170:443RequestGET /ajax/libs/jquery/1.8.0/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://dvps.highrez.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestwww.paypalobjects.comIN AResponsewww.paypalobjects.comIN CNAMEppo.glb.paypal.comppo.glb.paypal.comIN CNAMEpaypal.map.fastly.netpaypal.map.fastly.netIN A151.101.2.133paypal.map.fastly.netIN A151.101.66.133paypal.map.fastly.netIN A151.101.130.133paypal.map.fastly.netIN A151.101.194.133
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN AResponseedge.microsoft.comIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.netedge-microsoft-com.dual-a-0036.a-msedge.netIN CNAMEdual-a-0036.a-msedge.netdual-a-0036.a-msedge.netIN A204.79.197.239dual-a-0036.a-msedge.netIN A13.107.21.239
-
Remote address:8.8.8.8:53Requestlab.subinsb.comIN AResponselab.subinsb.comIN CNAMEsubins2000.github.iosubins2000.github.ioIN A185.199.108.153subins2000.github.ioIN A185.199.109.153subins2000.github.ioIN A185.199.110.153subins2000.github.ioIN A185.199.111.153
-
Remote address:185.199.108.153:443RequestGET /projects/francium/cryptodonate/img/icon_bitcoin.png HTTP/2.0
host: lab.subinsb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://dvps.highrez.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
x-origin-cache: HIT
last-modified: Sun, 22 Aug 2021 16:46:27 GMT
access-control-allow-origin: *
etag: "61227f63-6fa"
expires: Mon, 12 Sep 2022 21:40:30 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 292A:13D87:7A550A:7E711A:631FA4F6
accept-ranges: bytes
date: Tue, 13 Sep 2022 13:23:10 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-ams21025-AMS
x-cache: HIT
x-cache-hits: 1
x-timer: S1663075390.175651,VS0,VE102
vary: Accept-Encoding
x-fastly-request-id: 287aebd751435de06aa6cc4e82b80018b23e6d1f
content-length: 1786
-
Remote address:185.199.108.153:443RequestGET /projects/francium/cryptodonate/img/wallet.png HTTP/2.0
host: lab.subinsb.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://dvps.highrez.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
last-modified: Sun, 22 Aug 2021 16:46:27 GMT
access-control-allow-origin: *
etag: "61227f63-95b"
expires: Fri, 09 Sep 2022 01:23:19 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: B888:43B0:45F13C:4849E0:631A932F
accept-ranges: bytes
date: Tue, 13 Sep 2022 13:23:10 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-ams21025-AMS
x-cache: HIT
x-cache-hits: 1
x-timer: S1663075390.175634,VS0,VE112
vary: Accept-Encoding
x-fastly-request-id: 8aa8ed721f638f9261406d8e2d5a6bc4d4b46d92
content-length: 2395
-
Remote address:8.8.8.8:53Requestgoogleads.g.doubleclick.netIN AResponsegoogleads.g.doubleclick.netIN A142.251.36.34
-
Remote address:142.251.36.34:443RequestGET /pagead/html/r20220908/r20190131/zrt_lookup.html HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://dvps.highrez.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiQlBIdmM0VGZGQ1k9Iiwia2V5IjoiVk9Sck9qOWsxaTQxSUZ2VnhqSE1wZz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1807
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 960
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:09 GMT
Connection: close
-
Remote address:8.8.8.8:53Requestpartner.googleadservices.comIN AResponsepartner.googleadservices.comIN CNAMEpartnerad.l.doubleclick.netpartnerad.l.doubleclick.netIN A142.251.39.98
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiU2lORWIwcEdOWG89Iiwia2V5IjoiQXp4TzRGekI3alNqelBGMkNNdnJuZz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 2784
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 3230
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:09 GMT
Connection: close
-
Remote address:8.8.8.8:53Requestadservice.google.nlIN AResponseadservice.google.nlIN CNAMEpagead46.l.doubleclick.netpagead46.l.doubleclick.netIN A172.217.168.226
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiU0tiR1dBSlFGVkE9Iiwia2V5IjoicmZEWVllcVRydDNJL3dFZHgxYXV2Zz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 2810
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 3284
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:10 GMT
Connection: close
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiTUl2SWxxWmg4Qkk9Iiwia2V5IjoiaFltcFk2dEN4WUtpZWhEZHgrUCs1Zz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 2941
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 3559
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:10 GMT
Connection: close
-
Remote address:172.217.168.226:443RequestGET /adsid/integrator.js?domain=dvps.highrez.co.uk HTTP/2.0
host: adservice.google.nl
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://dvps.highrez.co.uk/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requesttpc.googlesyndication.comIN AResponsetpc.googlesyndication.comIN A142.251.36.1
-
Remote address:8.8.8.8:53Requestwww.googletagservices.comIN AResponsewww.googletagservices.comIN A142.250.179.130
-
Remote address:142.251.36.1:443RequestGET /pagead/js/r20220908/r20110914/abg_lite.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/qs_click_protection.jsmsedge.exeRemote address:142.251.36.1:443RequestGET /pagead/js/r20220908/r20110914/client/qs_click_protection.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://tpc.googlesyndication.com/simgad/3193981500160841632/downsize_200k_v1?w=400&h=209msedge.exeRemote address:142.251.36.1:443RequestGET /simgad/3193981500160841632/downsize_200k_v1?w=400&h=209 HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://tpc.googlesyndication.com/simgad/10227063155656290870?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmVmZzCbwAvpSlEZANz1qd92HOncwmsedge.exeRemote address:142.251.36.1:443RequestGET /simgad/10227063155656290870?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmVmZzCbwAvpSlEZANz1qd92HOncw HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/load_preloaded_resource.jsmsedge.exeRemote address:142.251.36.1:443RequestGET /pagead/js/r20220908/r20110914/client/load_preloaded_resource.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/window_focus.jsmsedge.exeRemote address:142.251.36.1:443RequestGET /pagead/js/r20220908/r20110914/client/window_focus.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/one_click_handler_one_afma.jsmsedge.exeRemote address:142.251.36.1:443RequestGET /pagead/js/r20220908/r20110914/client/one_click_handler_one_afma.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:142.250.179.130:443RequestGET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/2.0
host: www.googletagservices.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoidFd2THQ0TjlXams9Iiwia2V5IjoiVVB5QnVlNzR0OFJ3QlFxOVFnSlJtQT09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 2816
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 2309
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:10 GMT
Connection: close
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A31.13.83.36
-
Remote address:20.86.249.62:443RequestPOST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiZmlXbFBQUnVZNHM9Iiwia2V5IjoiR3pYYmlDOUVqWFJGdCt0MHFIVEVxUT09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1785
Host: nav.smartscreen.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 923
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Tue, 13 Sep 2022 13:23:12 GMT
Connection: close
-
Remote address:8.8.8.8:53Requestdns.googleIN AResponsedns.googleIN A8.8.8.8dns.googleIN A8.8.4.4
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmsedge.exeRemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABBGVkZ2UJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAFEADABNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmsedge.exeRemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABBGVkZ2UJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAFEADABNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmsedge.exeRemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
Remote address:8.8.8.8:53Requestxmbc.highrez.co.ukIN TXTResponsexmbc.highrez.co.ukIN TXT02190200
-
Remote address:8.8.8.8:53Requestxmbc.highrez.co.ukIN TXTResponsexmbc.highrez.co.ukIN TXT02190200
-
322 B 7
-
322 B 7
-
322 B 7
-
322 B 7
-
322 B 7
-
2.7kB 8.4kB 19 16
-
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/actionstls, httpmsedge.exe2.7kB 12.2kB 14 14
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/actionsHTTP Response
200 -
144 B 92 B 3 2
-
62.30.53.100:80http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64httpmsedge.exe804 B 736 B 6 3
HTTP Request
GET http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64HTTP Response
301 -
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe5.0kB 13.2kB 16 16
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
20.73.130.64:443https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7Dtls, httpmsedge.exe12.8kB 483.7kB 183 352
HTTP Request
GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7DHTTP Response
200 -
20.73.130.64:443https://smartscreen-prod.microsoft.com/api/browser/edge/data/settingstls, httpmsedge.exe4.9kB 141.4kB 59 106
HTTP Request
POST https://smartscreen-prod.microsoft.com/api/browser/edge/data/settingsHTTP Response
200 -
20.73.130.64:443https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_releasetls, httpmsedge.exe3.0kB 12.7kB 13 14
HTTP Request
GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_releaseHTTP Response
200 -
20.73.130.64:443https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_releasetls, httpmsedge.exe2.9kB 8.2kB 12 11
HTTP Request
GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_releaseHTTP Response
304 -
3.7kB 97.6kB 51 89
-
20.73.130.64:443https://smartscreen-prod.microsoft.com/api/browser/edge/data/settingstls, httpmsedge.exe5.0kB 141.4kB 59 106
HTTP Request
POST https://smartscreen-prod.microsoft.com/api/browser/edge/data/settingsHTTP Response
200 -
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe3.4kB 11.2kB 14 13
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
1.8kB 4.7kB 9 7
-
20.73.130.64:443https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7Dtls, httpmsedge.exe2.9kB 8.2kB 12 11
HTTP Request
GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7DHTTP Response
304 -
20.73.130.64:443https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7Dtls, httpmsedge.exe2.9kB 8.2kB 12 11
HTTP Request
GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7DHTTP Response
304 -
5.8kB 20.9kB 24 24
-
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe3.4kB 9.2kB 13 12
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
370 B 1.6kB 5 4
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
2.4kB 5.3kB 12 11
-
1.7kB 1.1kB 10 8
-
884 B 435 B 7 6
-
3.1kB 6.1kB 14 13
-
1.7kB 1.0kB 10 8
-
3.5kB 97.1kB 50 86
-
142.250.179.170:443https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.jstls, http2msedge.exe2.3kB 41.8kB 25 36
HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js -
2.0kB 9.8kB 18 20
-
1.9kB 7.4kB 13 17
-
98 B 52 B 2 1
-
989 B 5.7kB 9 10
-
185.199.108.153:443https://lab.subinsb.com/projects/francium/cryptodonate/img/wallet.pngtls, http2msedge.exe1.9kB 10.9kB 15 19
HTTP Request
GET https://lab.subinsb.com/projects/francium/cryptodonate/img/icon_bitcoin.pngHTTP Request
GET https://lab.subinsb.com/projects/francium/cryptodonate/img/wallet.pngHTTP Response
200HTTP Response
200 -
142.251.36.34:443https://googleads.g.doubleclick.net/pagead/html/r20220908/r20190131/zrt_lookup.htmltls, http2msedge.exe1.9kB 11.2kB 14 15
HTTP Request
GET https://googleads.g.doubleclick.net/pagead/html/r20220908/r20190131/zrt_lookup.html -
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe3.2kB 9.2kB 13 12
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe4.3kB 11.5kB 15 14
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe4.3kB 11.6kB 15 13
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe4.4kB 11.9kB 15 14
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
172.217.168.226:443https://adservice.google.nl/adsid/integrator.js?domain=dvps.highrez.co.uktls, http2msedge.exe1.8kB 6.8kB 15 14
HTTP Request
GET https://adservice.google.nl/adsid/integrator.js?domain=dvps.highrez.co.uk -
999 B 5.6kB 9 8
-
999 B 5.6kB 9 8
-
999 B 5.6kB 9 8
-
999 B 5.6kB 9 8
-
142.251.36.1:443https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/one_click_handler_one_afma.jstls, http2msedge.exe4.2kB 72.2kB 54 60
HTTP Request
GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/abg_lite.jsHTTP Request
GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/qs_click_protection.jsHTTP Request
GET https://tpc.googlesyndication.com/simgad/3193981500160841632/downsize_200k_v1?w=400&h=209HTTP Request
GET https://tpc.googlesyndication.com/simgad/10227063155656290870?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmVmZzCbwAvpSlEZANz1qd92HOncwHTTP Request
GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/load_preloaded_resource.jsHTTP Request
GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/window_focus.jsHTTP Request
GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/one_click_handler_one_afma.js -
999 B 5.6kB 9 8
-
142.250.179.130:443https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914tls, http2msedge.exe2.5kB 54.6kB 30 47
HTTP Request
GET https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 -
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe4.3kB 10.6kB 15 13
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
2.1kB 6.0kB 13 14
-
20.86.249.62:443https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2tls, httpmsedge.exe3.2kB 9.2kB 13 12
HTTP Request
POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2HTTP Response
200 -
8.8.8.8:443https://dns.google/dns-query?dns=AAABAAABAAAAAAABBGVkZ2UJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAFEADABNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtls, http2msedge.exe2.0kB 8.3kB 19 22
HTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBGVkZ2UJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAFEADABNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -
8.8.8.8:443https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtls, http2msedge.exe1.6kB 7.4kB 15 15
HTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -
3.6kB 86.7kB 53 74
-
92 B 111 B 2 2
-
92 B 111 B 2 2
-
75 B 198 B 1 1
DNS Request
nav.smartscreen.microsoft.com
DNS Response
20.86.249.62
-
63 B 79 B 1 1
DNS Request
www.highrez.co.uk
DNS Response
62.30.53.100
-
76 B 199 B 1 1
DNS Request
smartscreen-prod.microsoft.com
DNS Response
20.73.130.64
-
64 B 96 B 1 1
DNS Request
dvps.highrez.co.uk
DNS Response
149.255.97.140208.87.103.217
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
96.16.53.13996.16.53.134
-
65 B 81 B 1 1
DNS Request
ajax.googleapis.com
DNS Response
142.250.179.170
-
66 B 114 B 1 1
DNS Request
connect.facebook.net
DNS Response
157.240.247.8
-
3.0kB 5.7kB 5 9
-
67 B 195 B 1 1
DNS Request
www.paypalobjects.com
DNS Response
151.101.2.133151.101.66.133151.101.130.133151.101.194.133
-
64 B 167 B 1 1
DNS Request
edge.microsoft.com
DNS Response
204.79.197.23913.107.21.239
-
61 B 159 B 1 1
DNS Request
lab.subinsb.com
DNS Response
185.199.108.153185.199.109.153185.199.110.153185.199.111.153
-
73 B 89 B 1 1
DNS Request
googleads.g.doubleclick.net
DNS Response
142.251.36.34
-
11.9kB 76.1kB 52 80
-
74 B 131 B 1 1
DNS Request
partner.googleadservices.com
DNS Response
142.251.39.98
-
65 B 121 B 1 1
DNS Request
adservice.google.nl
DNS Response
172.217.168.226
-
71 B 87 B 1 1
DNS Request
tpc.googlesyndication.com
DNS Response
142.251.36.1
-
71 B 87 B 1 1
DNS Request
www.googletagservices.com
DNS Response
142.250.179.130
-
3.7kB 6.8kB 9 10
-
62 B 107 B 1 1
DNS Request
www.facebook.com
DNS Response
31.13.83.36
-
4.6kB 19.5kB 20 23
-
56 B 88 B 1 1
DNS Request
dns.google
DNS Response
8.8.8.88.8.4.4
-
3.4kB 6.7kB 10 8
-
450 B 7
-
128 B 170 B 2 2
DNS Request
xmbc.highrez.co.uk
DNS Request
xmbc.highrez.co.uk
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.6MB
MD59350c5cf61a4d3d68177fad54acfd87c
SHA194efd3a9e28e1725613f6b8d833a111301ab5a16
SHA2566724f9cf0d51776930cd37ad14b51940697999e75454890fe71e4432bad78465
SHA51236a3be074b6c1f332aac081f6ca6ce9fd459fd8e21677f0755de612d2d9f2ec6bb4bd50425b6c151c4998116830d70bb117ec299fab47bdbde39d2235f25cda5
-
Filesize
976KB
MD5565a650cc52c3343e4de345bfc01463d
SHA1b0a81ce1daf0b3ee6bd165faaee758339f756ebd
SHA256bd843694f06d0e2766116eda600416ee3aa8ac4401951f1f2091d145d2d07d06
SHA5127e9eaf5e883de96ecc89a34714585e8de8a32565562107ff7f7e8feb7f1db0655fcc67a6c07202e2c3c4c9cc583915e9eb73402c625bf45e5903db92f6a1ece8
-
Filesize
976KB
MD5565a650cc52c3343e4de345bfc01463d
SHA1b0a81ce1daf0b3ee6bd165faaee758339f756ebd
SHA256bd843694f06d0e2766116eda600416ee3aa8ac4401951f1f2091d145d2d07d06
SHA5127e9eaf5e883de96ecc89a34714585e8de8a32565562107ff7f7e8feb7f1db0655fcc67a6c07202e2c3c4c9cc583915e9eb73402c625bf45e5903db92f6a1ece8
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
6KB
MD5428c3a07fba184367a5085e46e4a790b
SHA1f2de6cd4ec99ab784d18914a21de9d919a450089
SHA2563b15c6e4ca42036d7424f93ea0806a2d35220d65faaf2bd2479a54258f631b55
SHA512b34e1266e949d7cc5cdb7a809c3ca42652a1bb1ec72d83218604cb01b3118bbb42bfcaebc6134c4e6eb43fb566539414a49c1a0cd23a6c84da7c1c4b56ba2ab6
-
Filesize
6KB
MD5428c3a07fba184367a5085e46e4a790b
SHA1f2de6cd4ec99ab784d18914a21de9d919a450089
SHA2563b15c6e4ca42036d7424f93ea0806a2d35220d65faaf2bd2479a54258f631b55
SHA512b34e1266e949d7cc5cdb7a809c3ca42652a1bb1ec72d83218604cb01b3118bbb42bfcaebc6134c4e6eb43fb566539414a49c1a0cd23a6c84da7c1c4b56ba2ab6