Analysis

  • max time kernel
    180s
  • max time network
    202s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2022, 13:21 UTC

General

  • Target

    XMouseButtonControlSetup.2.19.2.exe

  • Size

    2.6MB

  • MD5

    1303890f3577db2f931323d10aad43d0

  • SHA1

    782cd048deaad6b13da71fd2f4e3596e145bb188

  • SHA256

    bc99080acc10eeb1c8379719c86c652221f3f6d1bff104a2ca32d6326154c636

  • SHA512

    92db9b2d83c02337ff793c2ae2258bbd7c7a8c34e0f7149fd13c48310ac1637ffbe01dfc0d3b26c8b04877456bd6b168af94d4dbe5161dcc61e2a5580b559157

  • SSDEEP

    49152:8W14xRLQGdJFJlAJLHo1Ztg0QRqUUyZOPb4R1onpLC70jQnh8zpZMzIJ/nJ1NM:8WsdJPlAdH8ZOsUUXT4oRh8hUpkIJ/n+

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 12 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 2 IoCs
  • Modifies registry class 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.19.2.exe
    "C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.19.2.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Modifies Control Panel
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4276
    • C:\Windows\SysWOW64\certutil.exe
      certutil -delstore root "82 53 30 f1 fa 00 53 f0 03 5a 19 83 63 cd f3 78 22 1d d7 7f"
      2⤵
        PID:5008
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64
      1⤵
      • Adds Run key to start application
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:8
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffa034d46f8,0x7ffa034d4708,0x7ffa034d4718
        2⤵
          PID:1612
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
          2⤵
            PID:980
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4576
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3048 /prefetch:8
            2⤵
              PID:4108
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
              2⤵
                PID:3188
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
                2⤵
                  PID:2248
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 /prefetch:8
                  2⤵
                    PID:4712
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
                    2⤵
                      PID:2256
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
                      2⤵
                        PID:4276
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                        2⤵
                          PID:1052
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
                          2⤵
                            PID:2732
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                            2⤵
                              PID:3620
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
                              2⤵
                                PID:3468
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6252 /prefetch:8
                                2⤵
                                  PID:3144
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
                                  2⤵
                                    PID:5032
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                    2⤵
                                    • Drops file in Program Files directory
                                    PID:1696
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf0,0xf4,0xfc,0x108,0xdc,0x7ff745485460,0x7ff745485470,0x7ff745485480
                                      3⤵
                                        PID:4536
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2564232263828853453,11095119237927515523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4788
                                  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
                                    "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
                                    1⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    • Suspicious use of SetWindowsHookEx
                                    PID:756
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4104

                                    Network

                                    • flag-us
                                      DNS
                                      nav.smartscreen.microsoft.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      nav.smartscreen.microsoft.com
                                      IN A
                                      Response
                                      nav.smartscreen.microsoft.com
                                      IN CNAME
                                      wd-prod-ss.trafficmanager.net
                                      wd-prod-ss.trafficmanager.net
                                      IN CNAME
                                      wd-prod-ss-eu-west-2-fe.westeurope.cloudapp.azure.com
                                      wd-prod-ss-eu-west-2-fe.westeurope.cloudapp.azure.com
                                      IN A
                                      20.86.249.62
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/actions
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/actions HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiVU0xeXJESFVaZ289Iiwia2V5IjoiM2NOTkZJdlZYK2JrSGZUZENtSGlFUT09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 1272
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 3820
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:07 GMT
                                      Connection: close
                                    • flag-us
                                      DNS
                                      www.highrez.co.uk
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      www.highrez.co.uk
                                      IN A
                                      Response
                                      www.highrez.co.uk
                                      IN A
                                      62.30.53.100
                                    • flag-gb
                                      GET
                                      http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64
                                      msedge.exe
                                      Remote address:
                                      62.30.53.100:80
                                      Request
                                      GET /scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64 HTTP/1.1
                                      Host: www.highrez.co.uk
                                      Connection: keep-alive
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 301 Moved Permanently
                                      Content-Type: text/html; charset=UTF-8
                                      Location: https://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64
                                      Server: Microsoft-IIS/10.0
                                      X-Clacks-Overhead: GNU Terry Pratchett
                                      X-Powered-By: ASP.NET
                                      Date: Tue, 13 Sep 2022 13:23:07 GMT
                                      Content-Length: 256
                                    • flag-us
                                      DNS
                                      smartscreen-prod.microsoft.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      smartscreen-prod.microsoft.com
                                      IN A
                                      Response
                                      smartscreen-prod.microsoft.com
                                      IN CNAME
                                      wd-prod-ss.trafficmanager.net
                                      wd-prod-ss.trafficmanager.net
                                      IN CNAME
                                      wd-prod-ss-eu-west-1-fe.westeurope.cloudapp.azure.com
                                      wd-prod-ss-eu-west-1-fe.westeurope.cloudapp.azure.com
                                      IN A
                                      20.73.130.64
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiT0pIUzdaZUNjRXc9Iiwia2V5IjoibU5FcDNuYjlRL0xZdXFEMkJucTAwdz09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 1743
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 4761
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:08 GMT
                                      Connection: close
                                    • flag-nl
                                      GET
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D
                                      msedge.exe
                                      Remote address:
                                      20.73.130.64:443
                                      Request
                                      GET /windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: application/x-patch-bsdiff, application/octet-stream
                                      Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
                                      If-None-Match: "170540185939602997400506234197983529371"
                                      User-Agent: SmartScreen/281479409565696
                                      Host: smartscreen-prod.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=86400
                                      Content-Length: 460976
                                      Content-Type: application/octet-stream
                                      ETag: "637811103879324684"
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:08 GMT
                                      Connection: close
                                    • flag-nl
                                      POST
                                      https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings
                                      msedge.exe
                                      Remote address:
                                      20.73.130.64:443
                                      Request
                                      POST /api/browser/edge/data/settings HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json; charset=utf-8
                                      Accept: application/x-patch-bsdiff, application/octet-stream
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiVU0xeXJESFVaZ289Iiwia2V5IjoiM2NOTkZJdlZYK2JrSGZUZENtSGlFUT09In0=
                                      If-None-Match: "2.0-0"
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 1272
                                      Host: smartscreen-prod.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Content-Length: 129085
                                      Content-Type: application/octet-stream
                                      ETag: "2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1"
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:07 GMT
                                      Connection: close
                                    • flag-nl
                                      GET
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release
                                      msedge.exe
                                      Remote address:
                                      20.73.130.64:443
                                      Request
                                      GET /windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: application/x-patch-bsdiff, application/octet-stream
                                      Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
                                      If-None-Match: "636976985063396749.rel.v2"
                                      User-Agent: SmartScreen/281479409565696
                                      Host: smartscreen-prod.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=86400
                                      Content-Length: 4349
                                      Content-Type: application/octet-stream
                                      ETag: "637986715261355369"
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:08 GMT
                                      Connection: close
                                    • flag-nl
                                      GET
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release
                                      msedge.exe
                                      Remote address:
                                      20.73.130.64:443
                                      Request
                                      GET /windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: application/x-patch-bsdiff, application/octet-stream
                                      Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
                                      If-None-Match: "637986715261355369"
                                      User-Agent: SmartScreen/281479409565696
                                      Host: smartscreen-prod.microsoft.com
                                      Response
                                      HTTP/1.1 304 Not Modified
                                      Cache-Control: max-age=86400
                                      Content-Length: 0
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:08 GMT
                                      Connection: close
                                    • flag-nl
                                      POST
                                      https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings
                                      msedge.exe
                                      Remote address:
                                      20.73.130.64:443
                                      Request
                                      POST /api/browser/edge/data/settings HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json; charset=utf-8
                                      Accept: application/x-patch-bsdiff, application/octet-stream
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiRmJ6dlpqdURYT0k9Iiwia2V5IjoiSC92c0ZQM3QxL0RzemlKZ01ETDJpQT09In0=
                                      If-None-Match: "2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1"
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 1314
                                      Host: smartscreen-prod.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Content-Length: 129085
                                      Content-Type: application/octet-stream
                                      ETag: "2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1"
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:08 GMT
                                      Connection: close
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiTUhaVllEWUFnRW89Iiwia2V5IjoiUitIeEJYMXJIT3J5Vi9OblladnA4dz09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 1941
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 2871
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:08 GMT
                                      Connection: close
                                    • flag-nl
                                      GET
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D
                                      msedge.exe
                                      Remote address:
                                      20.73.130.64:443
                                      Request
                                      GET /windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: application/x-patch-bsdiff, application/octet-stream
                                      Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
                                      If-None-Match: "637811103879324684"
                                      User-Agent: SmartScreen/281479409565696
                                      Host: smartscreen-prod.microsoft.com
                                      Response
                                      HTTP/1.1 304 Not Modified
                                      Cache-Control: max-age=86400
                                      Content-Length: 0
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:08 GMT
                                      Connection: close
                                    • flag-nl
                                      GET
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D
                                      msedge.exe
                                      Remote address:
                                      20.73.130.64:443
                                      Request
                                      GET /windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: application/x-patch-bsdiff, application/octet-stream
                                      Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
                                      If-None-Match: "637811103879324684"
                                      User-Agent: SmartScreen/281479409565696
                                      Host: smartscreen-prod.microsoft.com
                                      Response
                                      HTTP/1.1 304 Not Modified
                                      Cache-Control: max-age=86400
                                      Content-Length: 0
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:09 GMT
                                      Connection: close
                                    • flag-us
                                      DNS
                                      dvps.highrez.co.uk
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      dvps.highrez.co.uk
                                      IN A
                                      Response
                                      dvps.highrez.co.uk
                                      IN A
                                      149.255.97.140
                                      dvps.highrez.co.uk
                                      IN A
                                      208.87.103.217
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiTEFkemhBK1lkaVU9Iiwia2V5IjoickhZUitzS0VETEU5cmdrQVI2QnhhZz09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 2019
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 893
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:08 GMT
                                      Connection: close
                                    • flag-us
                                      DNS
                                      apps.identrust.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      apps.identrust.com
                                      IN A
                                      Response
                                      apps.identrust.com
                                      IN CNAME
                                      identrust.edgesuite.net
                                      identrust.edgesuite.net
                                      IN CNAME
                                      a1952.dscq.akamai.net
                                      a1952.dscq.akamai.net
                                      IN A
                                      96.16.53.139
                                      a1952.dscq.akamai.net
                                      IN A
                                      96.16.53.134
                                    • flag-nl
                                      GET
                                      http://apps.identrust.com/roots/dstrootcax3.p7c
                                      msedge.exe
                                      Remote address:
                                      96.16.53.139:80
                                      Request
                                      GET /roots/dstrootcax3.p7c HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      User-Agent: Microsoft-CryptoAPI/10.0
                                      Host: apps.identrust.com
                                      Response
                                      HTTP/1.1 200 OK
                                      X-XSS-Protection: 1; mode=block
                                      Strict-Transport-Security: max-age=15768000
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Content-Security-Policy: default-src 'self' *.identrust.com
                                      Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
                                      ETag: "37d-5e1e6e25c9800"
                                      Accept-Ranges: bytes
                                      Content-Length: 893
                                      X-Content-Type-Options: nosniff
                                      X-Frame-Options: sameorigin
                                      Content-Type: application/pkcs7-mime
                                      Cache-Control: max-age=3600
                                      Expires: Tue, 13 Sep 2022 14:23:09 GMT
                                      Date: Tue, 13 Sep 2022 13:23:09 GMT
                                      Connection: keep-alive
                                    • flag-us
                                      DNS
                                      ajax.googleapis.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      ajax.googleapis.com
                                      IN A
                                      Response
                                      ajax.googleapis.com
                                      IN A
                                      142.250.179.170
                                    • flag-us
                                      DNS
                                      connect.facebook.net
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      connect.facebook.net
                                      IN A
                                      Response
                                      connect.facebook.net
                                      IN CNAME
                                      scontent.xx.fbcdn.net
                                      scontent.xx.fbcdn.net
                                      IN A
                                      157.240.247.8
                                    • flag-nl
                                      GET
                                      https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
                                      msedge.exe
                                      Remote address:
                                      142.250.179.170:443
                                      Request
                                      GET /ajax/libs/jquery/1.8.0/jquery.min.js HTTP/2.0
                                      host: ajax.googleapis.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://dvps.highrez.co.uk/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-us
                                      DNS
                                      www.paypalobjects.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      www.paypalobjects.com
                                      IN A
                                      Response
                                      www.paypalobjects.com
                                      IN CNAME
                                      ppo.glb.paypal.com
                                      ppo.glb.paypal.com
                                      IN CNAME
                                      paypal.map.fastly.net
                                      paypal.map.fastly.net
                                      IN A
                                      151.101.2.133
                                      paypal.map.fastly.net
                                      IN A
                                      151.101.66.133
                                      paypal.map.fastly.net
                                      IN A
                                      151.101.130.133
                                      paypal.map.fastly.net
                                      IN A
                                      151.101.194.133
                                    • flag-us
                                      DNS
                                      edge.microsoft.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      edge.microsoft.com
                                      IN A
                                      Response
                                      edge.microsoft.com
                                      IN CNAME
                                      edge-microsoft-com.dual-a-0036.a-msedge.net
                                      edge-microsoft-com.dual-a-0036.a-msedge.net
                                      IN CNAME
                                      dual-a-0036.a-msedge.net
                                      dual-a-0036.a-msedge.net
                                      IN A
                                      204.79.197.239
                                      dual-a-0036.a-msedge.net
                                      IN A
                                      13.107.21.239
                                    • flag-us
                                      DNS
                                      lab.subinsb.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      lab.subinsb.com
                                      IN A
                                      Response
                                      lab.subinsb.com
                                      IN CNAME
                                      subins2000.github.io
                                      subins2000.github.io
                                      IN A
                                      185.199.108.153
                                      subins2000.github.io
                                      IN A
                                      185.199.109.153
                                      subins2000.github.io
                                      IN A
                                      185.199.110.153
                                      subins2000.github.io
                                      IN A
                                      185.199.111.153
                                    • flag-us
                                      GET
                                      https://lab.subinsb.com/projects/francium/cryptodonate/img/icon_bitcoin.png
                                      msedge.exe
                                      Remote address:
                                      185.199.108.153:443
                                      Request
                                      GET /projects/francium/cryptodonate/img/icon_bitcoin.png HTTP/2.0
                                      host: lab.subinsb.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: image
                                      referer: https://dvps.highrez.co.uk/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: GitHub.com
                                      content-type: image/png
                                      x-origin-cache: HIT
                                      last-modified: Sun, 22 Aug 2021 16:46:27 GMT
                                      access-control-allow-origin: *
                                      etag: "61227f63-6fa"
                                      expires: Mon, 12 Sep 2022 21:40:30 GMT
                                      cache-control: max-age=600
                                      x-proxy-cache: MISS
                                      x-github-request-id: 292A:13D87:7A550A:7E711A:631FA4F6
                                      accept-ranges: bytes
                                      date: Tue, 13 Sep 2022 13:23:10 GMT
                                      via: 1.1 varnish
                                      age: 0
                                      x-served-by: cache-ams21025-AMS
                                      x-cache: HIT
                                      x-cache-hits: 1
                                      x-timer: S1663075390.175651,VS0,VE102
                                      vary: Accept-Encoding
                                      x-fastly-request-id: 287aebd751435de06aa6cc4e82b80018b23e6d1f
                                      content-length: 1786
                                    • flag-us
                                      GET
                                      https://lab.subinsb.com/projects/francium/cryptodonate/img/wallet.png
                                      msedge.exe
                                      Remote address:
                                      185.199.108.153:443
                                      Request
                                      GET /projects/francium/cryptodonate/img/wallet.png HTTP/2.0
                                      host: lab.subinsb.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: image
                                      referer: https://dvps.highrez.co.uk/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: GitHub.com
                                      content-type: image/png
                                      last-modified: Sun, 22 Aug 2021 16:46:27 GMT
                                      access-control-allow-origin: *
                                      etag: "61227f63-95b"
                                      expires: Fri, 09 Sep 2022 01:23:19 GMT
                                      cache-control: max-age=600
                                      x-proxy-cache: MISS
                                      x-github-request-id: B888:43B0:45F13C:4849E0:631A932F
                                      accept-ranges: bytes
                                      date: Tue, 13 Sep 2022 13:23:10 GMT
                                      via: 1.1 varnish
                                      age: 0
                                      x-served-by: cache-ams21025-AMS
                                      x-cache: HIT
                                      x-cache-hits: 1
                                      x-timer: S1663075390.175634,VS0,VE112
                                      vary: Accept-Encoding
                                      x-fastly-request-id: 8aa8ed721f638f9261406d8e2d5a6bc4d4b46d92
                                      content-length: 2395
                                    • flag-us
                                      DNS
                                      googleads.g.doubleclick.net
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      googleads.g.doubleclick.net
                                      IN A
                                      Response
                                      googleads.g.doubleclick.net
                                      IN A
                                      142.251.36.34
                                    • flag-nl
                                      GET
                                      https://googleads.g.doubleclick.net/pagead/html/r20220908/r20190131/zrt_lookup.html
                                      msedge.exe
                                      Remote address:
                                      142.251.36.34:443
                                      Request
                                      GET /pagead/html/r20220908/r20190131/zrt_lookup.html HTTP/2.0
                                      host: googleads.g.doubleclick.net
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      upgrade-insecure-requests: 1
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: navigate
                                      sec-fetch-dest: iframe
                                      referer: https://dvps.highrez.co.uk/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiQlBIdmM0VGZGQ1k9Iiwia2V5IjoiVk9Sck9qOWsxaTQxSUZ2VnhqSE1wZz09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 1807
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 960
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:09 GMT
                                      Connection: close
                                    • flag-us
                                      DNS
                                      partner.googleadservices.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      partner.googleadservices.com
                                      IN A
                                      Response
                                      partner.googleadservices.com
                                      IN CNAME
                                      partnerad.l.doubleclick.net
                                      partnerad.l.doubleclick.net
                                      IN A
                                      142.251.39.98
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiU2lORWIwcEdOWG89Iiwia2V5IjoiQXp4TzRGekI3alNqelBGMkNNdnJuZz09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 2784
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 3230
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:09 GMT
                                      Connection: close
                                    • flag-us
                                      DNS
                                      adservice.google.nl
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      adservice.google.nl
                                      IN A
                                      Response
                                      adservice.google.nl
                                      IN CNAME
                                      pagead46.l.doubleclick.net
                                      pagead46.l.doubleclick.net
                                      IN A
                                      172.217.168.226
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiU0tiR1dBSlFGVkE9Iiwia2V5IjoicmZEWVllcVRydDNJL3dFZHgxYXV2Zz09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 2810
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 3284
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:10 GMT
                                      Connection: close
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiTUl2SWxxWmg4Qkk9Iiwia2V5IjoiaFltcFk2dEN4WUtpZWhEZHgrUCs1Zz09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 2941
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 3559
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:10 GMT
                                      Connection: close
                                    • flag-nl
                                      GET
                                      https://adservice.google.nl/adsid/integrator.js?domain=dvps.highrez.co.uk
                                      msedge.exe
                                      Remote address:
                                      172.217.168.226:443
                                      Request
                                      GET /adsid/integrator.js?domain=dvps.highrez.co.uk HTTP/2.0
                                      host: adservice.google.nl
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://dvps.highrez.co.uk/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-us
                                      DNS
                                      tpc.googlesyndication.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      tpc.googlesyndication.com
                                      IN A
                                      Response
                                      tpc.googlesyndication.com
                                      IN A
                                      142.251.36.1
                                    • flag-us
                                      DNS
                                      www.googletagservices.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      www.googletagservices.com
                                      IN A
                                      Response
                                      www.googletagservices.com
                                      IN A
                                      142.250.179.130
                                    • flag-nl
                                      GET
                                      https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/abg_lite.js
                                      msedge.exe
                                      Remote address:
                                      142.251.36.1:443
                                      Request
                                      GET /pagead/js/r20220908/r20110914/abg_lite.js HTTP/2.0
                                      host: tpc.googlesyndication.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://googleads.g.doubleclick.net/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      GET
                                      https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/qs_click_protection.js
                                      msedge.exe
                                      Remote address:
                                      142.251.36.1:443
                                      Request
                                      GET /pagead/js/r20220908/r20110914/client/qs_click_protection.js HTTP/2.0
                                      host: tpc.googlesyndication.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://googleads.g.doubleclick.net/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      GET
                                      https://tpc.googlesyndication.com/simgad/3193981500160841632/downsize_200k_v1?w=400&h=209
                                      msedge.exe
                                      Remote address:
                                      142.251.36.1:443
                                      Request
                                      GET /simgad/3193981500160841632/downsize_200k_v1?w=400&h=209 HTTP/2.0
                                      host: tpc.googlesyndication.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: image
                                      referer: https://googleads.g.doubleclick.net/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      GET
                                      https://tpc.googlesyndication.com/simgad/10227063155656290870?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmVmZzCbwAvpSlEZANz1qd92HOncw
                                      msedge.exe
                                      Remote address:
                                      142.251.36.1:443
                                      Request
                                      GET /simgad/10227063155656290870?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmVmZzCbwAvpSlEZANz1qd92HOncw HTTP/2.0
                                      host: tpc.googlesyndication.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: image
                                      referer: https://googleads.g.doubleclick.net/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      GET
                                      https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/load_preloaded_resource.js
                                      msedge.exe
                                      Remote address:
                                      142.251.36.1:443
                                      Request
                                      GET /pagead/js/r20220908/r20110914/client/load_preloaded_resource.js HTTP/2.0
                                      host: tpc.googlesyndication.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://googleads.g.doubleclick.net/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      GET
                                      https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/window_focus.js
                                      msedge.exe
                                      Remote address:
                                      142.251.36.1:443
                                      Request
                                      GET /pagead/js/r20220908/r20110914/client/window_focus.js HTTP/2.0
                                      host: tpc.googlesyndication.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://googleads.g.doubleclick.net/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      GET
                                      https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/one_click_handler_one_afma.js
                                      msedge.exe
                                      Remote address:
                                      142.251.36.1:443
                                      Request
                                      GET /pagead/js/r20220908/r20110914/client/one_click_handler_one_afma.js HTTP/2.0
                                      host: tpc.googlesyndication.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://googleads.g.doubleclick.net/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      GET
                                      https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
                                      msedge.exe
                                      Remote address:
                                      142.250.179.130:443
                                      Request
                                      GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/2.0
                                      host: www.googletagservices.com
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: cross-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://googleads.g.doubleclick.net/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoidFd2THQ0TjlXams9Iiwia2V5IjoiVVB5QnVlNzR0OFJ3QlFxOVFnSlJtQT09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 2816
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 2309
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:10 GMT
                                      Connection: close
                                    • flag-us
                                      DNS
                                      www.facebook.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      www.facebook.com
                                      IN A
                                      Response
                                      www.facebook.com
                                      IN CNAME
                                      star-mini.c10r.facebook.com
                                      star-mini.c10r.facebook.com
                                      IN A
                                      31.13.83.36
                                    • flag-nl
                                      POST
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      msedge.exe
                                      Remote address:
                                      20.86.249.62:443
                                      Request
                                      POST /api/browser/edge/navigate/2 HTTP/1.1
                                      Connection: Keep-Alive
                                      Content-Type: application/json
                                      Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiZmlXbFBQUnVZNHM9Iiwia2V5IjoiR3pYYmlDOUVqWFJGdCt0MHFIVEVxUT09In0=
                                      User-Agent: SmartScreen/281479409565696
                                      Content-Length: 1785
                                      Host: nav.smartscreen.microsoft.com
                                      Response
                                      HTTP/1.1 200 OK
                                      Cache-Control: max-age=0, private
                                      Content-Length: 923
                                      Content-Type: application/json; charset=utf-8
                                      Server: Microsoft-HTTPAPI/2.0
                                      X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
                                      Date: Tue, 13 Sep 2022 13:23:12 GMT
                                      Connection: close
                                    • flag-us
                                      DNS
                                      dns.google
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      dns.google
                                      IN A
                                      Response
                                      dns.google
                                      IN A
                                      8.8.8.8
                                      dns.google
                                      IN A
                                      8.8.4.4
                                    • flag-us
                                      GET
                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:443
                                      Request
                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                      host: dns.google
                                      accept: application/dns-message
                                      accept-language: *
                                      user-agent: Chrome
                                      accept-encoding: identity
                                    • flag-us
                                      GET
                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABBGVkZ2UJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAFEADABNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:443
                                      Request
                                      GET /dns-query?dns=AAABAAABAAAAAAABBGVkZ2UJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAFEADABNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                      host: dns.google
                                      accept: application/dns-message
                                      accept-language: *
                                      user-agent: Chrome
                                      accept-encoding: identity
                                    • flag-us
                                      GET
                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:443
                                      Request
                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                      host: dns.google
                                      accept: application/dns-message
                                      accept-language: *
                                      user-agent: Chrome
                                      accept-encoding: identity
                                    • flag-us
                                      DNS
                                      xmbc.highrez.co.uk
                                      XMouseButtonControl.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      xmbc.highrez.co.uk
                                      IN TXT
                                      Response
                                      xmbc.highrez.co.uk
                                      IN TXT
                                      02190200
                                    • flag-us
                                      DNS
                                      xmbc.highrez.co.uk
                                      XMouseButtonControl.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      xmbc.highrez.co.uk
                                      IN TXT
                                      Response
                                      xmbc.highrez.co.uk
                                      IN TXT
                                      02190200
                                    • 8.238.21.126:80
                                      322 B
                                      7
                                    • 20.42.65.90:443
                                      322 B
                                      7
                                    • 93.184.221.240:80
                                      322 B
                                      7
                                    • 93.184.221.240:80
                                      322 B
                                      7
                                    • 93.184.221.240:80
                                      322 B
                                      7
                                    • 204.79.197.200:443
                                      www.bing.com
                                      tls, https
                                      2.7kB
                                      8.4kB
                                      19
                                      16
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/actions
                                      tls, http
                                      msedge.exe
                                      2.7kB
                                      12.2kB
                                      14
                                      14

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/actions

                                      HTTP Response

                                      200
                                    • 62.30.53.100:80
                                      www.highrez.co.uk
                                      msedge.exe
                                      144 B
                                      92 B
                                      3
                                      2
                                    • 62.30.53.100:80
                                      http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64
                                      http
                                      msedge.exe
                                      804 B
                                      736 B
                                      6
                                      3

                                      HTTP Request

                                      GET http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=19&build=2&revision=0&platform=x64

                                      HTTP Response

                                      301
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      5.0kB
                                      13.2kB
                                      16
                                      16

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 20.73.130.64:443
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D
                                      tls, http
                                      msedge.exe
                                      12.8kB
                                      483.7kB
                                      183
                                      352

                                      HTTP Request

                                      GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D

                                      HTTP Response

                                      200
                                    • 20.73.130.64:443
                                      https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings
                                      tls, http
                                      msedge.exe
                                      4.9kB
                                      141.4kB
                                      59
                                      106

                                      HTTP Request

                                      POST https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings

                                      HTTP Response

                                      200
                                    • 20.73.130.64:443
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release
                                      tls, http
                                      msedge.exe
                                      3.0kB
                                      12.7kB
                                      13
                                      14

                                      HTTP Request

                                      GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release

                                      HTTP Response

                                      200
                                    • 20.73.130.64:443
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release
                                      tls, http
                                      msedge.exe
                                      2.9kB
                                      8.2kB
                                      12
                                      11

                                      HTTP Request

                                      GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release

                                      HTTP Response

                                      304
                                    • 204.79.197.200:443
                                      www.bing.com
                                      tls
                                      msedge.exe
                                      3.7kB
                                      97.6kB
                                      51
                                      89
                                    • 20.73.130.64:443
                                      https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings
                                      tls, http
                                      msedge.exe
                                      5.0kB
                                      141.4kB
                                      59
                                      106

                                      HTTP Request

                                      POST https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings

                                      HTTP Response

                                      200
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      3.4kB
                                      11.2kB
                                      14
                                      13

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 62.30.53.100:443
                                      www.highrez.co.uk
                                      tls
                                      msedge.exe
                                      1.8kB
                                      4.7kB
                                      9
                                      7
                                    • 20.73.130.64:443
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D
                                      tls, http
                                      msedge.exe
                                      2.9kB
                                      8.2kB
                                      12
                                      11

                                      HTTP Request

                                      GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D

                                      HTTP Response

                                      304
                                    • 20.73.130.64:443
                                      https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D
                                      tls, http
                                      msedge.exe
                                      2.9kB
                                      8.2kB
                                      12
                                      11

                                      HTTP Request

                                      GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22qm71OlKUSRZjCO0gWktyjTTJ0HwboTGlow9DAfvOC%2FQ%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D

                                      HTTP Response

                                      304
                                    • 149.255.97.140:443
                                      dvps.highrez.co.uk
                                      tls
                                      msedge.exe
                                      5.8kB
                                      20.9kB
                                      24
                                      24
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      3.4kB
                                      9.2kB
                                      13
                                      12

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 96.16.53.139:80
                                      http://apps.identrust.com/roots/dstrootcax3.p7c
                                      http
                                      msedge.exe
                                      370 B
                                      1.6kB
                                      5
                                      4

                                      HTTP Request

                                      GET http://apps.identrust.com/roots/dstrootcax3.p7c

                                      HTTP Response

                                      200
                                    • 149.255.97.140:443
                                      dvps.highrez.co.uk
                                      tls
                                      msedge.exe
                                      2.4kB
                                      5.3kB
                                      12
                                      11
                                    • 149.255.97.140:443
                                      dvps.highrez.co.uk
                                      tls
                                      msedge.exe
                                      1.7kB
                                      1.1kB
                                      10
                                      8
                                    • 149.255.97.140:443
                                      dvps.highrez.co.uk
                                      tls
                                      msedge.exe
                                      884 B
                                      435 B
                                      7
                                      6
                                    • 149.255.97.140:443
                                      dvps.highrez.co.uk
                                      tls
                                      msedge.exe
                                      3.1kB
                                      6.1kB
                                      14
                                      13
                                    • 149.255.97.140:443
                                      dvps.highrez.co.uk
                                      tls
                                      msedge.exe
                                      1.7kB
                                      1.0kB
                                      10
                                      8
                                    • 157.240.247.8:443
                                      connect.facebook.net
                                      tls
                                      msedge.exe
                                      3.5kB
                                      97.1kB
                                      50
                                      86
                                    • 142.250.179.170:443
                                      https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
                                      tls, http2
                                      msedge.exe
                                      2.3kB
                                      41.8kB
                                      25
                                      36

                                      HTTP Request

                                      GET https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
                                    • 151.101.2.133:443
                                      www.paypalobjects.com
                                      tls
                                      msedge.exe
                                      2.0kB
                                      9.8kB
                                      18
                                      20
                                    • 204.79.197.239:443
                                      edge.microsoft.com
                                      tls
                                      msedge.exe
                                      1.9kB
                                      7.4kB
                                      13
                                      17
                                    • 151.101.2.133:443
                                      www.paypalobjects.com
                                      msedge.exe
                                      98 B
                                      52 B
                                      2
                                      1
                                    • 185.199.108.153:443
                                      lab.subinsb.com
                                      tls
                                      msedge.exe
                                      989 B
                                      5.7kB
                                      9
                                      10
                                    • 185.199.108.153:443
                                      https://lab.subinsb.com/projects/francium/cryptodonate/img/wallet.png
                                      tls, http2
                                      msedge.exe
                                      1.9kB
                                      10.9kB
                                      15
                                      19

                                      HTTP Request

                                      GET https://lab.subinsb.com/projects/francium/cryptodonate/img/icon_bitcoin.png

                                      HTTP Request

                                      GET https://lab.subinsb.com/projects/francium/cryptodonate/img/wallet.png

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200
                                    • 142.251.36.34:443
                                      https://googleads.g.doubleclick.net/pagead/html/r20220908/r20190131/zrt_lookup.html
                                      tls, http2
                                      msedge.exe
                                      1.9kB
                                      11.2kB
                                      14
                                      15

                                      HTTP Request

                                      GET https://googleads.g.doubleclick.net/pagead/html/r20220908/r20190131/zrt_lookup.html
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      3.2kB
                                      9.2kB
                                      13
                                      12

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      4.3kB
                                      11.5kB
                                      15
                                      14

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      4.3kB
                                      11.6kB
                                      15
                                      13

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      4.4kB
                                      11.9kB
                                      15
                                      14

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 172.217.168.226:443
                                      https://adservice.google.nl/adsid/integrator.js?domain=dvps.highrez.co.uk
                                      tls, http2
                                      msedge.exe
                                      1.8kB
                                      6.8kB
                                      15
                                      14

                                      HTTP Request

                                      GET https://adservice.google.nl/adsid/integrator.js?domain=dvps.highrez.co.uk
                                    • 142.251.36.1:443
                                      tpc.googlesyndication.com
                                      tls, https
                                      msedge.exe
                                      999 B
                                      5.6kB
                                      9
                                      8
                                    • 142.251.36.1:443
                                      tpc.googlesyndication.com
                                      tls, https
                                      msedge.exe
                                      999 B
                                      5.6kB
                                      9
                                      8
                                    • 142.251.36.1:443
                                      tpc.googlesyndication.com
                                      tls, https
                                      msedge.exe
                                      999 B
                                      5.6kB
                                      9
                                      8
                                    • 142.251.36.1:443
                                      tpc.googlesyndication.com
                                      tls, https
                                      msedge.exe
                                      999 B
                                      5.6kB
                                      9
                                      8
                                    • 142.251.36.1:443
                                      https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/one_click_handler_one_afma.js
                                      tls, http2
                                      msedge.exe
                                      4.2kB
                                      72.2kB
                                      54
                                      60

                                      HTTP Request

                                      GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/abg_lite.js

                                      HTTP Request

                                      GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/qs_click_protection.js

                                      HTTP Request

                                      GET https://tpc.googlesyndication.com/simgad/3193981500160841632/downsize_200k_v1?w=400&h=209

                                      HTTP Request

                                      GET https://tpc.googlesyndication.com/simgad/10227063155656290870?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmVmZzCbwAvpSlEZANz1qd92HOncw

                                      HTTP Request

                                      GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/load_preloaded_resource.js

                                      HTTP Request

                                      GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/window_focus.js

                                      HTTP Request

                                      GET https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/one_click_handler_one_afma.js
                                    • 142.251.36.1:443
                                      tpc.googlesyndication.com
                                      tls, https
                                      msedge.exe
                                      999 B
                                      5.6kB
                                      9
                                      8
                                    • 142.250.179.130:443
                                      https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
                                      tls, http2
                                      msedge.exe
                                      2.5kB
                                      54.6kB
                                      30
                                      47

                                      HTTP Request

                                      GET https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      4.3kB
                                      10.6kB
                                      15
                                      13

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 31.13.83.36:443
                                      www.facebook.com
                                      tls
                                      msedge.exe
                                      2.1kB
                                      6.0kB
                                      13
                                      14
                                    • 20.86.249.62:443
                                      https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2
                                      tls, http
                                      msedge.exe
                                      3.2kB
                                      9.2kB
                                      13
                                      12

                                      HTTP Request

                                      POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

                                      HTTP Response

                                      200
                                    • 8.8.8.8:443
                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABBGVkZ2UJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAFEADABNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                      tls, http2
                                      msedge.exe
                                      2.0kB
                                      8.3kB
                                      19
                                      22

                                      HTTP Request

                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                      HTTP Request

                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBGVkZ2UJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAFEADABNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                    • 8.8.8.8:443
                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                      tls, http2
                                      msedge.exe
                                      1.6kB
                                      7.4kB
                                      15
                                      15

                                      HTTP Request

                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                    • 204.79.197.239:443
                                      edge.microsoft.com
                                      tls
                                      msedge.exe
                                      3.6kB
                                      86.7kB
                                      53
                                      74
                                    • 23.206.114.72:443
                                      tls
                                      92 B
                                      111 B
                                      2
                                      2
                                    • 23.206.114.72:443
                                      tls
                                      92 B
                                      111 B
                                      2
                                      2
                                    • 8.8.8.8:53
                                      nav.smartscreen.microsoft.com
                                      dns
                                      msedge.exe
                                      75 B
                                      198 B
                                      1
                                      1

                                      DNS Request

                                      nav.smartscreen.microsoft.com

                                      DNS Response

                                      20.86.249.62

                                    • 8.8.8.8:53
                                      www.highrez.co.uk
                                      dns
                                      msedge.exe
                                      63 B
                                      79 B
                                      1
                                      1

                                      DNS Request

                                      www.highrez.co.uk

                                      DNS Response

                                      62.30.53.100

                                    • 8.8.8.8:53
                                      smartscreen-prod.microsoft.com
                                      dns
                                      msedge.exe
                                      76 B
                                      199 B
                                      1
                                      1

                                      DNS Request

                                      smartscreen-prod.microsoft.com

                                      DNS Response

                                      20.73.130.64

                                    • 8.8.8.8:53
                                      dvps.highrez.co.uk
                                      dns
                                      msedge.exe
                                      64 B
                                      96 B
                                      1
                                      1

                                      DNS Request

                                      dvps.highrez.co.uk

                                      DNS Response

                                      149.255.97.140
                                      208.87.103.217

                                    • 8.8.8.8:53
                                      apps.identrust.com
                                      dns
                                      msedge.exe
                                      64 B
                                      165 B
                                      1
                                      1

                                      DNS Request

                                      apps.identrust.com

                                      DNS Response

                                      96.16.53.139
                                      96.16.53.134

                                    • 8.8.8.8:53
                                      ajax.googleapis.com
                                      dns
                                      msedge.exe
                                      65 B
                                      81 B
                                      1
                                      1

                                      DNS Request

                                      ajax.googleapis.com

                                      DNS Response

                                      142.250.179.170

                                    • 8.8.8.8:53
                                      connect.facebook.net
                                      dns
                                      msedge.exe
                                      66 B
                                      114 B
                                      1
                                      1

                                      DNS Request

                                      connect.facebook.net

                                      DNS Response

                                      157.240.247.8

                                    • 157.240.247.8:443
                                      connect.facebook.net
                                      https
                                      msedge.exe
                                      3.0kB
                                      5.7kB
                                      5
                                      9
                                    • 8.8.8.8:53
                                      www.paypalobjects.com
                                      dns
                                      msedge.exe
                                      67 B
                                      195 B
                                      1
                                      1

                                      DNS Request

                                      www.paypalobjects.com

                                      DNS Response

                                      151.101.2.133
                                      151.101.66.133
                                      151.101.130.133
                                      151.101.194.133

                                    • 8.8.8.8:53
                                      edge.microsoft.com
                                      dns
                                      msedge.exe
                                      64 B
                                      167 B
                                      1
                                      1

                                      DNS Request

                                      edge.microsoft.com

                                      DNS Response

                                      204.79.197.239
                                      13.107.21.239

                                    • 8.8.8.8:53
                                      lab.subinsb.com
                                      dns
                                      msedge.exe
                                      61 B
                                      159 B
                                      1
                                      1

                                      DNS Request

                                      lab.subinsb.com

                                      DNS Response

                                      185.199.108.153
                                      185.199.109.153
                                      185.199.110.153
                                      185.199.111.153

                                    • 8.8.8.8:53
                                      googleads.g.doubleclick.net
                                      dns
                                      msedge.exe
                                      73 B
                                      89 B
                                      1
                                      1

                                      DNS Request

                                      googleads.g.doubleclick.net

                                      DNS Response

                                      142.251.36.34

                                    • 142.251.36.34:443
                                      googleads.g.doubleclick.net
                                      https
                                      msedge.exe
                                      11.9kB
                                      76.1kB
                                      52
                                      80
                                    • 8.8.8.8:53
                                      partner.googleadservices.com
                                      dns
                                      msedge.exe
                                      74 B
                                      131 B
                                      1
                                      1

                                      DNS Request

                                      partner.googleadservices.com

                                      DNS Response

                                      142.251.39.98

                                    • 8.8.8.8:53
                                      adservice.google.nl
                                      dns
                                      msedge.exe
                                      65 B
                                      121 B
                                      1
                                      1

                                      DNS Request

                                      adservice.google.nl

                                      DNS Response

                                      172.217.168.226

                                    • 8.8.8.8:53
                                      tpc.googlesyndication.com
                                      dns
                                      msedge.exe
                                      71 B
                                      87 B
                                      1
                                      1

                                      DNS Request

                                      tpc.googlesyndication.com

                                      DNS Response

                                      142.251.36.1

                                    • 8.8.8.8:53
                                      www.googletagservices.com
                                      dns
                                      msedge.exe
                                      71 B
                                      87 B
                                      1
                                      1

                                      DNS Request

                                      www.googletagservices.com

                                      DNS Response

                                      142.250.179.130

                                    • 142.250.179.130:443
                                      www.googletagservices.com
                                      https
                                      msedge.exe
                                      3.7kB
                                      6.8kB
                                      9
                                      10
                                    • 8.8.8.8:53
                                      www.facebook.com
                                      dns
                                      msedge.exe
                                      62 B
                                      107 B
                                      1
                                      1

                                      DNS Request

                                      www.facebook.com

                                      DNS Response

                                      31.13.83.36

                                    • 142.251.36.1:443
                                      tpc.googlesyndication.com
                                      https
                                      msedge.exe
                                      4.6kB
                                      19.5kB
                                      20
                                      23
                                    • 8.8.8.8:53
                                      dns.google
                                      dns
                                      msedge.exe
                                      56 B
                                      88 B
                                      1
                                      1

                                      DNS Request

                                      dns.google

                                      DNS Response

                                      8.8.8.8
                                      8.8.4.4

                                    • 8.8.8.8:443
                                      dns.google
                                      https
                                      msedge.exe
                                      3.4kB
                                      6.7kB
                                      10
                                      8
                                    • 224.0.0.251:5353
                                      450 B
                                      7
                                    • 8.8.8.8:53
                                      xmbc.highrez.co.uk
                                      dns
                                      XMouseButtonControl.exe
                                      128 B
                                      170 B
                                      2
                                      2

                                      DNS Request

                                      xmbc.highrez.co.uk

                                      DNS Request

                                      xmbc.highrez.co.uk

                                    MITRE ATT&CK Enterprise v6

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

                                      Filesize

                                      364KB

                                      MD5

                                      80d5f32b3fc515402b9e1fe958dedf81

                                      SHA1

                                      a80ffd7907e0de2ee4e13c592b888fe00551b7e0

                                      SHA256

                                      0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

                                      SHA512

                                      1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

                                    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

                                      Filesize

                                      364KB

                                      MD5

                                      80d5f32b3fc515402b9e1fe958dedf81

                                      SHA1

                                      a80ffd7907e0de2ee4e13c592b888fe00551b7e0

                                      SHA256

                                      0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

                                      SHA512

                                      1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

                                    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

                                      Filesize

                                      1.6MB

                                      MD5

                                      9350c5cf61a4d3d68177fad54acfd87c

                                      SHA1

                                      94efd3a9e28e1725613f6b8d833a111301ab5a16

                                      SHA256

                                      6724f9cf0d51776930cd37ad14b51940697999e75454890fe71e4432bad78465

                                      SHA512

                                      36a3be074b6c1f332aac081f6ca6ce9fd459fd8e21677f0755de612d2d9f2ec6bb4bd50425b6c151c4998116830d70bb117ec299fab47bdbde39d2235f25cda5

                                    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

                                      Filesize

                                      976KB

                                      MD5

                                      565a650cc52c3343e4de345bfc01463d

                                      SHA1

                                      b0a81ce1daf0b3ee6bd165faaee758339f756ebd

                                      SHA256

                                      bd843694f06d0e2766116eda600416ee3aa8ac4401951f1f2091d145d2d07d06

                                      SHA512

                                      7e9eaf5e883de96ecc89a34714585e8de8a32565562107ff7f7e8feb7f1db0655fcc67a6c07202e2c3c4c9cc583915e9eb73402c625bf45e5903db92f6a1ece8

                                    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

                                      Filesize

                                      976KB

                                      MD5

                                      565a650cc52c3343e4de345bfc01463d

                                      SHA1

                                      b0a81ce1daf0b3ee6bd165faaee758339f756ebd

                                      SHA256

                                      bd843694f06d0e2766116eda600416ee3aa8ac4401951f1f2091d145d2d07d06

                                      SHA512

                                      7e9eaf5e883de96ecc89a34714585e8de8a32565562107ff7f7e8feb7f1db0655fcc67a6c07202e2c3c4c9cc583915e9eb73402c625bf45e5903db92f6a1ece8

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\InstallOptions.dll

                                      Filesize

                                      14KB

                                      MD5

                                      d753362649aecd60ff434adf171a4e7f

                                      SHA1

                                      3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

                                      SHA256

                                      8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

                                      SHA512

                                      41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\InstallOptions.dll

                                      Filesize

                                      14KB

                                      MD5

                                      d753362649aecd60ff434adf171a4e7f

                                      SHA1

                                      3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

                                      SHA256

                                      8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

                                      SHA512

                                      41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\ShellExecAsUser.dll

                                      Filesize

                                      7KB

                                      MD5

                                      86a81b9ab7de83aa01024593a03d1872

                                      SHA1

                                      8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

                                      SHA256

                                      27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

                                      SHA512

                                      cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\ShellExecAsUser.dll

                                      Filesize

                                      7KB

                                      MD5

                                      86a81b9ab7de83aa01024593a03d1872

                                      SHA1

                                      8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

                                      SHA256

                                      27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

                                      SHA512

                                      cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\System.dll

                                      Filesize

                                      10KB

                                      MD5

                                      56a321bd011112ec5d8a32b2f6fd3231

                                      SHA1

                                      df20e3a35a1636de64df5290ae5e4e7572447f78

                                      SHA256

                                      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

                                      SHA512

                                      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\System.dll

                                      Filesize

                                      10KB

                                      MD5

                                      56a321bd011112ec5d8a32b2f6fd3231

                                      SHA1

                                      df20e3a35a1636de64df5290ae5e4e7572447f78

                                      SHA256

                                      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

                                      SHA512

                                      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\nsDialogs.dll

                                      Filesize

                                      9KB

                                      MD5

                                      f832e4279c8ff9029b94027803e10e1b

                                      SHA1

                                      134ff09f9c70999da35e73f57b70522dc817e681

                                      SHA256

                                      4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

                                      SHA512

                                      bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\nsDialogs.dll

                                      Filesize

                                      9KB

                                      MD5

                                      f832e4279c8ff9029b94027803e10e1b

                                      SHA1

                                      134ff09f9c70999da35e73f57b70522dc817e681

                                      SHA256

                                      4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

                                      SHA512

                                      bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\nsExec.dll

                                      Filesize

                                      6KB

                                      MD5

                                      428c3a07fba184367a5085e46e4a790b

                                      SHA1

                                      f2de6cd4ec99ab784d18914a21de9d919a450089

                                      SHA256

                                      3b15c6e4ca42036d7424f93ea0806a2d35220d65faaf2bd2479a54258f631b55

                                      SHA512

                                      b34e1266e949d7cc5cdb7a809c3ca42652a1bb1ec72d83218604cb01b3118bbb42bfcaebc6134c4e6eb43fb566539414a49c1a0cd23a6c84da7c1c4b56ba2ab6

                                    • C:\Users\Admin\AppData\Local\Temp\nsf964B.tmp\nsExec.dll

                                      Filesize

                                      6KB

                                      MD5

                                      428c3a07fba184367a5085e46e4a790b

                                      SHA1

                                      f2de6cd4ec99ab784d18914a21de9d919a450089

                                      SHA256

                                      3b15c6e4ca42036d7424f93ea0806a2d35220d65faaf2bd2479a54258f631b55

                                      SHA512

                                      b34e1266e949d7cc5cdb7a809c3ca42652a1bb1ec72d83218604cb01b3118bbb42bfcaebc6134c4e6eb43fb566539414a49c1a0cd23a6c84da7c1c4b56ba2ab6

                                    • memory/4276-136-0x00000000069C1000-0x00000000069C3000-memory.dmp

                                      Filesize

                                      8KB

                                    • memory/4276-139-0x0000000006A91000-0x0000000006A93000-memory.dmp

                                      Filesize

                                      8KB

                                    We care about your privacy.

                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.