Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/01/2024, 23:26 UTC

General

  • Target

    https://r20.rs6.net/tn.jsp?f=001NYHt_gJAxl6JlMDvhDMDYms-PfvQ6xp_WHLpNFre5d7gIGfpNULiBbTKsqoqDJqKRj8uZU6uorjV78K24owm1WXSHJO-A-bd4CJz53ssCva61TJjUeLvRqRidWk4mh23LkS14QItGZuLDl36p0GwEQ==&c=&ch=&__=?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r20.rs6.net/tn.jsp?f=001NYHt_gJAxl6JlMDvhDMDYms-PfvQ6xp_WHLpNFre5d7gIGfpNULiBbTKsqoqDJqKRj8uZU6uorjV78K24owm1WXSHJO-A-bd4CJz53ssCva61TJjUeLvRqRidWk4mh23LkS14QItGZuLDl36p0GwEQ==&c=&ch=&__=?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:700
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffbb079758,0x7fffbb079768,0x7fffbb079778
      2⤵
        PID:4920
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:8
        2⤵
          PID:1412
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:2
          2⤵
            PID:2336
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:1
            2⤵
              PID:3924
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:1
              2⤵
                PID:2356
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:8
                2⤵
                  PID:1220
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3908 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:1
                  2⤵
                    PID:2388
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:1
                    2⤵
                      PID:4968
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3940 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:1
                      2⤵
                        PID:3160
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4604 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:1
                        2⤵
                          PID:4796
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5196 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:1
                          2⤵
                            PID:688
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:8
                            2⤵
                              PID:5012
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:8
                              2⤵
                                PID:4248
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5724 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:1
                                2⤵
                                  PID:4416
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3780 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1792
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                1⤵
                                  PID:4616

                                Network

                                • flag-us
                                  DNS
                                  r20.rs6.net
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  r20.rs6.net
                                  IN A
                                  Response
                                  r20.rs6.net
                                  IN CNAME
                                  rs6.net
                                  rs6.net
                                  IN A
                                  208.75.122.11
                                • flag-us
                                  DNS
                                  tics.atacilli.com.tr
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  tics.atacilli.com.tr
                                  IN A
                                  Response
                                  tics.atacilli.com.tr
                                  IN A
                                  213.238.183.121
                                • flag-us
                                  DNS
                                  196.249.167.52.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  196.249.167.52.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  210.178.17.96.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  210.178.17.96.in-addr.arpa
                                  IN PTR
                                  Response
                                  210.178.17.96.in-addr.arpa
                                  IN PTR
                                  a96-17-178-210deploystaticakamaitechnologiescom
                                • flag-us
                                  DNS
                                  106.201.58.216.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  106.201.58.216.in-addr.arpa
                                  IN PTR
                                  Response
                                  106.201.58.216.in-addr.arpa
                                  IN PTR
                                  lhr48s48-in-f101e100net
                                  106.201.58.216.in-addr.arpa
                                  IN PTR
                                  prg03s02-in-f10�I
                                  106.201.58.216.in-addr.arpa
                                  IN PTR
                                  prg03s02-in-f106�I
                                • flag-us
                                  DNS
                                  11.122.75.208.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  11.122.75.208.in-addr.arpa
                                  IN PTR
                                  Response
                                  11.122.75.208.in-addr.arpa
                                  IN PTR
                                  rs6net
                                • flag-tr
                                  GET
                                  https://tics.atacilli.com.tr/?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=
                                  chrome.exe
                                  Remote address:
                                  213.238.183.121:443
                                  Request
                                  GET /?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20= HTTP/2.0
                                  host: tics.atacilli.com.tr
                                  upgrade-insecure-requests: 1
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                  sec-fetch-site: none
                                  sec-fetch-mode: navigate
                                  sec-fetch-user: ?1
                                  sec-fetch-dest: document
                                  sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  x-powered-by: PHP/7.4.29
                                  content-type: text/html; charset=UTF-8
                                  content-length: 461
                                  content-encoding: br
                                  vary: Accept-Encoding
                                  date: Tue, 23 Jan 2024 23:26:37 GMT
                                  server: LiteSpeed
                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                • flag-us
                                  DNS
                                  code.jquery.com
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  code.jquery.com
                                  IN A
                                  Response
                                  code.jquery.com
                                  IN A
                                  151.101.2.137
                                  code.jquery.com
                                  IN A
                                  151.101.130.137
                                  code.jquery.com
                                  IN A
                                  151.101.194.137
                                  code.jquery.com
                                  IN A
                                  151.101.66.137
                                • flag-us
                                  GET
                                  https://code.jquery.com/jquery-3.6.0.min.js
                                  chrome.exe
                                  Remote address:
                                  151.101.2.137:443
                                  Request
                                  GET /jquery-3.6.0.min.js HTTP/2.0
                                  host: code.jquery.com
                                  sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                  origin: https://tics.atacilli.com.tr
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  accept: */*
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: cors
                                  sec-fetch-dest: script
                                  referer: https://tics.atacilli.com.tr/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  server: nginx
                                  content-type: application/javascript; charset=utf-8
                                  last-modified: Fri, 18 Oct 1991 12:00:00 GMT
                                  etag: W/"28feccc0-15d9d"
                                  cache-control: public, max-age=31536000, stale-while-revalidate=604800
                                  access-control-allow-origin: *
                                  content-encoding: gzip
                                  via: 1.1 varnish, 1.1 varnish
                                  accept-ranges: bytes
                                  date: Tue, 23 Jan 2024 23:26:37 GMT
                                  age: 5449781
                                  x-served-by: cache-lga21931-LGA, cache-lcy-eglc8600040-LCY
                                  x-cache: HIT, HIT
                                  x-cache-hits: 5, 1027386
                                  x-timer: S1706052398.670157,VS0,VE0
                                  vary: Accept-Encoding
                                  content-length: 30875
                                • flag-us
                                  DNS
                                  shareonlinefilemcrosoftnline.ru
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  shareonlinefilemcrosoftnline.ru
                                  IN A
                                  Response
                                  shareonlinefilemcrosoftnline.ru
                                  IN A
                                  104.21.68.177
                                  shareonlinefilemcrosoftnline.ru
                                  IN A
                                  172.67.197.137
                                • flag-us
                                  DNS
                                  22.160.190.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  22.160.190.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  121.183.238.213.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  121.183.238.213.in-addr.arpa
                                  IN PTR
                                  Response
                                  121.183.238.213.in-addr.arpa
                                  IN PTR
                                  121183238213staticcenutacom
                                • flag-us
                                  DNS
                                  95.221.229.192.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  95.221.229.192.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  137.2.101.151.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  137.2.101.151.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  GET
                                  https://shareonlinefilemcrosoftnline.ru/McmxlbnRlbGxAbWFudWxpZmVhbS5jb20=
                                  chrome.exe
                                  Remote address:
                                  104.21.68.177:443
                                  Request
                                  GET /McmxlbnRlbGxAbWFudWxpZmVhbS5jb20= HTTP/2.0
                                  host: shareonlinefilemcrosoftnline.ru
                                  sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  upgrade-insecure-requests: 1
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: navigate
                                  sec-fetch-dest: document
                                  referer: https://tics.atacilli.com.tr/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 403
                                  date: Tue, 23 Jan 2024 23:26:38 GMT
                                  content-type: text/html; charset=UTF-8
                                  accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                  cross-origin-embedder-policy: require-corp
                                  cross-origin-opener-policy: same-origin
                                  cross-origin-resource-policy: same-origin
                                  origin-agent-cluster: ?1
                                  permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                  referrer-policy: same-origin
                                  x-frame-options: SAMEORIGIN
                                  cf-mitigated: challenge
                                  cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                  expires: Thu, 01 Jan 1970 00:00:01 GMT
                                  report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6E"}],"group":"cf-nel","max_age":604800}
                                  nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  vary: Accept-Encoding
                                  server: cloudflare
                                  cf-ray: 84a3cd81ae8f7777-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  DNS
                                  a.nel.cloudflare.com
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  a.nel.cloudflare.com
                                  IN A
                                  Response
                                  a.nel.cloudflare.com
                                  IN A
                                  35.190.80.1
                                • flag-us
                                  OPTIONS
                                  https://a.nel.cloudflare.com/report/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6E
                                  chrome.exe
                                  Remote address:
                                  35.190.80.1:443
                                  Request
                                  OPTIONS /report/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6E HTTP/2.0
                                  host: a.nel.cloudflare.com
                                  origin: https://shareonlinefilemcrosoftnline.ru
                                  access-control-request-method: POST
                                  access-control-request-headers: content-type
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                • flag-us
                                  DNS
                                  apps.identrust.com
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  apps.identrust.com
                                  IN A
                                  Response
                                  apps.identrust.com
                                  IN CNAME
                                  identrust.edgesuite.net
                                  identrust.edgesuite.net
                                  IN CNAME
                                  a1952.dscq.akamai.net
                                  a1952.dscq.akamai.net
                                  IN A
                                  96.17.179.205
                                  a1952.dscq.akamai.net
                                  IN A
                                  96.17.179.184
                                • flag-gb
                                  GET
                                  http://apps.identrust.com/roots/dstrootcax3.p7c
                                  chrome.exe
                                  Remote address:
                                  96.17.179.205:80
                                  Request
                                  GET /roots/dstrootcax3.p7c HTTP/1.1
                                  Connection: Keep-Alive
                                  Accept: */*
                                  User-Agent: Microsoft-CryptoAPI/10.0
                                  Host: apps.identrust.com
                                  Response
                                  HTTP/1.1 200 OK
                                  X-XSS-Protection: 1; mode=block
                                  X-Frame-Options: SAMEORIGIN
                                  X-Content-Type-Options: nosniff
                                  X-Robots-Tag: noindex
                                  Referrer-Policy: same-origin
                                  Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
                                  ETag: "37d-6079b8c0929c0"
                                  Accept-Ranges: bytes
                                  Content-Length: 893
                                  X-Content-Type-Options: nosniff
                                  X-Frame-Options: sameorigin
                                  Content-Type: application/pkcs7-mime
                                  Cache-Control: max-age=3600
                                  Expires: Wed, 24 Jan 2024 00:26:38 GMT
                                  Date: Tue, 23 Jan 2024 23:26:38 GMT
                                  Connection: keep-alive
                                • flag-us
                                  DNS
                                  challenges.cloudflare.com
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  challenges.cloudflare.com
                                  IN A
                                  Response
                                  challenges.cloudflare.com
                                  IN A
                                  104.17.3.184
                                  challenges.cloudflare.com
                                  IN A
                                  104.17.2.184
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=xZNcr9&render=explicit
                                  chrome.exe
                                  Remote address:
                                  104.17.3.184:443
                                  Request
                                  GET /turnstile/v0/g/ea25f566/api.js?onload=xZNcr9&render=explicit HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                  origin: https://shareonlinefilemcrosoftnline.ru
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  accept: */*
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: cors
                                  sec-fetch-dest: script
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Tue, 23 Jan 2024 23:26:38 GMT
                                  content-type: application/javascript; charset=UTF-8
                                  access-control-allow-origin: *
                                  cache-control: max-age=31536000
                                  vary: Accept-Encoding
                                  server: cloudflare
                                  cf-ray: 84a3cd84d8c388c1-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  DNS
                                  177.68.21.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  177.68.21.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  1.80.190.35.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  1.80.190.35.in-addr.arpa
                                  IN PTR
                                  Response
                                  1.80.190.35.in-addr.arpa
                                  IN PTR
                                  18019035bcgoogleusercontentcom
                                • flag-us
                                  DNS
                                  205.179.17.96.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  205.179.17.96.in-addr.arpa
                                  IN PTR
                                  Response
                                  205.179.17.96.in-addr.arpa
                                  IN PTR
                                  a96-17-179-205deploystaticakamaitechnologiescom
                                • flag-us
                                  DNS
                                  184.3.17.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  184.3.17.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  unpkg.com
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  unpkg.com
                                  IN A
                                  Response
                                  unpkg.com
                                  IN A
                                  104.16.125.175
                                  unpkg.com
                                  IN A
                                  104.16.122.175
                                  unpkg.com
                                  IN A
                                  104.16.124.175
                                  unpkg.com
                                  IN A
                                  104.16.123.175
                                  unpkg.com
                                  IN A
                                  104.16.126.175
                                • flag-us
                                  GET
                                  https://unpkg.com/axios/dist/axios.min.js
                                  chrome.exe
                                  Remote address:
                                  104.16.125.175:443
                                  Request
                                  GET /axios/dist/axios.min.js HTTP/2.0
                                  host: unpkg.com
                                  sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  accept: */*
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: script
                                  referer: https://shareonlinefilemcrosoftnline.ru/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 302
                                  date: Tue, 23 Jan 2024 23:26:50 GMT
                                  content-type: text/plain; charset=utf-8
                                  access-control-allow-origin: *
                                  cache-control: public, s-maxage=600, max-age=60
                                  location: /axios@1.6.5/dist/axios.min.js
                                  vary: Accept, Accept-Encoding
                                  via: 1.1 fly.io
                                  fly-request-id: 01HMWA4D2DXKTDQZXWM60V8GBH-lhr
                                  cf-cache-status: HIT
                                  age: 239
                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                  x-content-type-options: nosniff
                                  server: cloudflare
                                  cf-ray: 84a3cdcfca1463a6-LHR
                                • flag-us
                                  GET
                                  https://unpkg.com/axios@1.6.5/dist/axios.min.js
                                  chrome.exe
                                  Remote address:
                                  104.16.125.175:443
                                  Request
                                  GET /axios@1.6.5/dist/axios.min.js HTTP/2.0
                                  host: unpkg.com
                                  sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  accept: */*
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: script
                                  referer: https://shareonlinefilemcrosoftnline.ru/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Tue, 23 Jan 2024 23:26:50 GMT
                                  content-type: application/javascript; charset=utf-8
                                  access-control-allow-origin: *
                                  cache-control: public, max-age=31536000
                                  last-modified: Sat, 26 Oct 1985 08:15:00 GMT
                                  etag: W/"8377-sJR9VQcibeO0sE4OfGCP6SP7nGs"
                                  via: 1.1 fly.io
                                  fly-request-id: 01HKDK2F0W32P3WEPEGJ8V7KV2-lhr
                                  cf-cache-status: HIT
                                  age: 1567924
                                  vary: Accept-Encoding
                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                  x-content-type-options: nosniff
                                  server: cloudflare
                                  cf-ray: 84a3cdd01a8d63a6-LHR
                                  content-encoding: br
                                • flag-us
                                  DNS
                                  175.125.16.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  175.125.16.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  content-autofill.googleapis.com
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  content-autofill.googleapis.com
                                  IN A
                                  Response
                                  content-autofill.googleapis.com
                                  IN A
                                  142.250.179.234
                                  content-autofill.googleapis.com
                                  IN A
                                  142.250.180.10
                                  content-autofill.googleapis.com
                                  IN A
                                  142.250.187.202
                                  content-autofill.googleapis.com
                                  IN A
                                  142.250.187.234
                                  content-autofill.googleapis.com
                                  IN A
                                  172.217.16.234
                                  content-autofill.googleapis.com
                                  IN A
                                  142.250.200.42
                                  content-autofill.googleapis.com
                                  IN A
                                  142.250.200.10
                                  content-autofill.googleapis.com
                                  IN A
                                  142.250.178.10
                                  content-autofill.googleapis.com
                                  IN A
                                  216.58.201.106
                                  content-autofill.googleapis.com
                                  IN A
                                  216.58.204.74
                                  content-autofill.googleapis.com
                                  IN A
                                  216.58.213.10
                                  content-autofill.googleapis.com
                                  IN A
                                  172.217.169.10
                                  content-autofill.googleapis.com
                                  IN A
                                  216.58.212.202
                                  content-autofill.googleapis.com
                                  IN A
                                  216.58.212.234
                                • flag-gb
                                  GET
                                  https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAkOYS4cppjp3hIFDVd69_0=?alt=proto
                                  chrome.exe
                                  Remote address:
                                  142.250.179.234:443
                                  Request
                                  GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAkOYS4cppjp3hIFDVd69_0=?alt=proto HTTP/2.0
                                  host: content-autofill.googleapis.com
                                  x-goog-encode-response-if-executable: base64
                                  x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                  x-client-data: CM3cygE=
                                  sec-fetch-site: none
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: empty
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                • flag-us
                                  DNS
                                  234.179.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  234.179.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  234.179.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s31-in-f101e100net
                                • flag-us
                                  DNS
                                  aadcdn.msauthimages.net
                                  chrome.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  aadcdn.msauthimages.net
                                  IN A
                                  Response
                                  aadcdn.msauthimages.net
                                  IN CNAME
                                  aadcdn.azureedge.net
                                  aadcdn.azureedge.net
                                  IN CNAME
                                  aadcdn.ec.azureedge.net
                                  aadcdn.ec.azureedge.net
                                  IN CNAME
                                  scdn3514c.wpc.9e730.upsiloncdn.net
                                  scdn3514c.wpc.9e730.upsiloncdn.net
                                  IN CNAME
                                  sni1gl.wpc.upsiloncdn.net
                                  sni1gl.wpc.upsiloncdn.net
                                  IN A
                                  152.199.21.175
                                • flag-us
                                  GET
                                  https://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/bannerlogo?ts=638309305563109890
                                  chrome.exe
                                  Remote address:
                                  152.199.21.175:443
                                  Request
                                  GET /dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/bannerlogo?ts=638309305563109890 HTTP/2.0
                                  host: aadcdn.msauthimages.net
                                  sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: image
                                  referer: https://shareonlinefilemcrosoftnline.ru/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  accept-ranges: bytes
                                  access-control-allow-origin: *
                                  access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
                                  cache-control: public, max-age=86400
                                  content-md5: TbUn5S2v3F/BAwOWcGhwUA==
                                  content-type: image/*
                                  date: Tue, 23 Jan 2024 23:26:57 GMT
                                  etag: 0x8DBBAEE7748D3A8
                                  last-modified: Thu, 21 Sep 2023 22:02:36 GMT
                                  server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                  x-ms-blob-type: BlockBlob
                                  x-ms-lease-status: unlocked
                                  x-ms-request-id: 092a97ab-c01e-0003-5f53-4ea286000000
                                  x-ms-version: 2009-09-19
                                  content-length: 5764
                                • flag-us
                                  GET
                                  https://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/illustration?ts=638333436176338024
                                  chrome.exe
                                  Remote address:
                                  152.199.21.175:443
                                  Request
                                  GET /dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/illustration?ts=638333436176338024 HTTP/2.0
                                  host: aadcdn.msauthimages.net
                                  sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: image
                                  referer: https://shareonlinefilemcrosoftnline.ru/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  access-control-allow-origin: *
                                  access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  cache-control: public, max-age=86400
                                  content-md5: ANRK7X96PRp0W1D2M5ZRMA==
                                  content-type: image/*
                                  date: Tue, 23 Jan 2024 23:27:02 GMT
                                  etag: 0x8DBD0E0D021A4D5
                                  last-modified: Thu, 19 Oct 2023 20:20:18 GMT
                                  server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                  x-ms-blob-type: BlockBlob
                                  x-ms-lease-status: unlocked
                                  x-ms-request-id: 3ecb21f8-901e-000e-1453-4e6a52000000
                                  x-ms-version: 2009-09-19
                                  content-length: 286720
                                • flag-us
                                  DNS
                                  175.21.199.152.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  175.21.199.152.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  57.110.18.2.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  57.110.18.2.in-addr.arpa
                                  IN PTR
                                  Response
                                  57.110.18.2.in-addr.arpa
                                  IN PTR
                                  a2-18-110-57deploystaticakamaitechnologiescom
                                • flag-us
                                  DNS
                                  103.169.127.40.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  103.169.127.40.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  206.23.85.13.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  206.23.85.13.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  240.221.184.93.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  240.221.184.93.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  240.221.184.93.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  240.221.184.93.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  0.205.248.87.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  0.205.248.87.in-addr.arpa
                                  IN PTR
                                  Response
                                  0.205.248.87.in-addr.arpa
                                  IN PTR
                                  https-87-248-205-0lgwllnwnet
                                • flag-us
                                  DNS
                                  0.205.248.87.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  0.205.248.87.in-addr.arpa
                                  IN PTR
                                  Response
                                  0.205.248.87.in-addr.arpa
                                  IN PTR
                                  https-87-248-205-0lgwllnwnet
                                • flag-us
                                  DNS
                                  178.223.142.52.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  178.223.142.52.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  178.223.142.52.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  178.223.142.52.in-addr.arpa
                                  IN PTR
                                  Response
                                • 208.75.122.11:443
                                  r20.rs6.net
                                  tls
                                  chrome.exe
                                  1.9kB
                                  4.2kB
                                  9
                                  11
                                • 208.75.122.11:443
                                  r20.rs6.net
                                  tls
                                  chrome.exe
                                  1.1kB
                                  3.7kB
                                  11
                                  11
                                • 213.238.183.121:443
                                  https://tics.atacilli.com.tr/?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=
                                  tls, http2
                                  chrome.exe
                                  1.8kB
                                  5.0kB
                                  13
                                  14

                                  HTTP Request

                                  GET https://tics.atacilli.com.tr/?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=

                                  HTTP Response

                                  200
                                • 151.101.2.137:443
                                  https://code.jquery.com/jquery-3.6.0.min.js
                                  tls, http2
                                  chrome.exe
                                  2.7kB
                                  39.2kB
                                  36
                                  39

                                  HTTP Request

                                  GET https://code.jquery.com/jquery-3.6.0.min.js

                                  HTTP Response

                                  200
                                • 104.21.68.177:443
                                  shareonlinefilemcrosoftnline.ru
                                  tls
                                  chrome.exe
                                  943 B
                                  4.9kB
                                  8
                                  7
                                • 104.21.68.177:443
                                  https://shareonlinefilemcrosoftnline.ru/McmxlbnRlbGxAbWFudWxpZmVhbS5jb20=
                                  tls, http2
                                  chrome.exe
                                  2.1kB
                                  13.8kB
                                  20
                                  20

                                  HTTP Request

                                  GET https://shareonlinefilemcrosoftnline.ru/McmxlbnRlbGxAbWFudWxpZmVhbS5jb20=

                                  HTTP Response

                                  403
                                • 35.190.80.1:443
                                  https://a.nel.cloudflare.com/report/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6E
                                  tls, http2
                                  chrome.exe
                                  1.9kB
                                  6.0kB
                                  15
                                  16

                                  HTTP Request

                                  OPTIONS https://a.nel.cloudflare.com/report/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6E
                                • 96.17.179.205:80
                                  http://apps.identrust.com/roots/dstrootcax3.p7c
                                  http
                                  chrome.exe
                                  468 B
                                  1.7kB
                                  7
                                  6

                                  HTTP Request

                                  GET http://apps.identrust.com/roots/dstrootcax3.p7c

                                  HTTP Response

                                  200
                                • 104.17.3.184:443
                                  https://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=xZNcr9&render=explicit
                                  tls, http2
                                  chrome.exe
                                  2.2kB
                                  17.2kB
                                  24
                                  26

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=xZNcr9&render=explicit

                                  HTTP Response

                                  200
                                • 104.16.125.175:443
                                  https://unpkg.com/axios@1.6.5/dist/axios.min.js
                                  tls, http2
                                  chrome.exe
                                  2.0kB
                                  17.5kB
                                  19
                                  24

                                  HTTP Request

                                  GET https://unpkg.com/axios/dist/axios.min.js

                                  HTTP Response

                                  302

                                  HTTP Request

                                  GET https://unpkg.com/axios@1.6.5/dist/axios.min.js

                                  HTTP Response

                                  200
                                • 142.250.179.234:443
                                  https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAkOYS4cppjp3hIFDVd69_0=?alt=proto
                                  tls, http2
                                  chrome.exe
                                  1.8kB
                                  7.0kB
                                  15
                                  16

                                  HTTP Request

                                  GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAkOYS4cppjp3hIFDVd69_0=?alt=proto
                                • 152.199.21.175:443
                                  https://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/illustration?ts=638333436176338024
                                  tls, http2
                                  chrome.exe
                                  7.7kB
                                  311.0kB
                                  131
                                  241

                                  HTTP Request

                                  GET https://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/bannerlogo?ts=638309305563109890

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/illustration?ts=638333436176338024

                                  HTTP Response

                                  200
                                • 8.8.8.8:53
                                  r20.rs6.net
                                  dns
                                  chrome.exe
                                  57 B
                                  87 B
                                  1
                                  1

                                  DNS Request

                                  r20.rs6.net

                                  DNS Response

                                  208.75.122.11

                                • 8.8.8.8:53
                                  tics.atacilli.com.tr
                                  dns
                                  chrome.exe
                                  66 B
                                  82 B
                                  1
                                  1

                                  DNS Request

                                  tics.atacilli.com.tr

                                  DNS Response

                                  213.238.183.121

                                • 8.8.8.8:53
                                  196.249.167.52.in-addr.arpa
                                  dns
                                  73 B
                                  147 B
                                  1
                                  1

                                  DNS Request

                                  196.249.167.52.in-addr.arpa

                                • 8.8.8.8:53
                                  210.178.17.96.in-addr.arpa
                                  dns
                                  72 B
                                  137 B
                                  1
                                  1

                                  DNS Request

                                  210.178.17.96.in-addr.arpa

                                • 8.8.8.8:53
                                  106.201.58.216.in-addr.arpa
                                  dns
                                  73 B
                                  173 B
                                  1
                                  1

                                  DNS Request

                                  106.201.58.216.in-addr.arpa

                                • 8.8.8.8:53
                                  11.122.75.208.in-addr.arpa
                                  dns
                                  72 B
                                  93 B
                                  1
                                  1

                                  DNS Request

                                  11.122.75.208.in-addr.arpa

                                • 8.8.8.8:53
                                  code.jquery.com
                                  dns
                                  chrome.exe
                                  61 B
                                  125 B
                                  1
                                  1

                                  DNS Request

                                  code.jquery.com

                                  DNS Response

                                  151.101.2.137
                                  151.101.130.137
                                  151.101.194.137
                                  151.101.66.137

                                • 213.238.183.121:443
                                  tics.atacilli.com.tr
                                  https
                                  chrome.exe
                                  4.2kB
                                  6.4kB
                                  12
                                  13
                                • 8.8.8.8:53
                                  shareonlinefilemcrosoftnline.ru
                                  dns
                                  chrome.exe
                                  77 B
                                  109 B
                                  1
                                  1

                                  DNS Request

                                  shareonlinefilemcrosoftnline.ru

                                  DNS Response

                                  104.21.68.177
                                  172.67.197.137

                                • 8.8.8.8:53
                                  22.160.190.20.in-addr.arpa
                                  dns
                                  72 B
                                  158 B
                                  1
                                  1

                                  DNS Request

                                  22.160.190.20.in-addr.arpa

                                • 8.8.8.8:53
                                  121.183.238.213.in-addr.arpa
                                  dns
                                  74 B
                                  121 B
                                  1
                                  1

                                  DNS Request

                                  121.183.238.213.in-addr.arpa

                                • 8.8.8.8:53
                                  95.221.229.192.in-addr.arpa
                                  dns
                                  73 B
                                  144 B
                                  1
                                  1

                                  DNS Request

                                  95.221.229.192.in-addr.arpa

                                • 8.8.8.8:53
                                  137.2.101.151.in-addr.arpa
                                  dns
                                  72 B
                                  132 B
                                  1
                                  1

                                  DNS Request

                                  137.2.101.151.in-addr.arpa

                                • 8.8.8.8:53
                                  a.nel.cloudflare.com
                                  dns
                                  chrome.exe
                                  66 B
                                  82 B
                                  1
                                  1

                                  DNS Request

                                  a.nel.cloudflare.com

                                  DNS Response

                                  35.190.80.1

                                • 104.21.68.177:443
                                  shareonlinefilemcrosoftnline.ru
                                  https
                                  chrome.exe
                                  33.6kB
                                  192.2kB
                                  107
                                  229
                                • 8.8.8.8:53
                                  apps.identrust.com
                                  dns
                                  chrome.exe
                                  64 B
                                  165 B
                                  1
                                  1

                                  DNS Request

                                  apps.identrust.com

                                  DNS Response

                                  96.17.179.205
                                  96.17.179.184

                                • 8.8.8.8:53
                                  challenges.cloudflare.com
                                  dns
                                  chrome.exe
                                  71 B
                                  103 B
                                  1
                                  1

                                  DNS Request

                                  challenges.cloudflare.com

                                  DNS Response

                                  104.17.3.184
                                  104.17.2.184

                                • 35.190.80.1:443
                                  a.nel.cloudflare.com
                                  https
                                  chrome.exe
                                  2.6kB
                                  5.2kB
                                  8
                                  9
                                • 104.17.3.184:443
                                  challenges.cloudflare.com
                                  https
                                  chrome.exe
                                  137.8kB
                                  213.5kB
                                  175
                                  247
                                • 8.8.8.8:53
                                  177.68.21.104.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  177.68.21.104.in-addr.arpa

                                • 8.8.8.8:53
                                  1.80.190.35.in-addr.arpa
                                  dns
                                  70 B
                                  120 B
                                  1
                                  1

                                  DNS Request

                                  1.80.190.35.in-addr.arpa

                                • 8.8.8.8:53
                                  205.179.17.96.in-addr.arpa
                                  dns
                                  72 B
                                  137 B
                                  1
                                  1

                                  DNS Request

                                  205.179.17.96.in-addr.arpa

                                • 8.8.8.8:53
                                  184.3.17.104.in-addr.arpa
                                  dns
                                  71 B
                                  133 B
                                  1
                                  1

                                  DNS Request

                                  184.3.17.104.in-addr.arpa

                                • 224.0.0.251:5353
                                  chrome.exe
                                  204 B
                                  3
                                • 8.8.8.8:53
                                  unpkg.com
                                  dns
                                  chrome.exe
                                  55 B
                                  135 B
                                  1
                                  1

                                  DNS Request

                                  unpkg.com

                                  DNS Response

                                  104.16.125.175
                                  104.16.122.175
                                  104.16.124.175
                                  104.16.123.175
                                  104.16.126.175

                                • 8.8.8.8:53
                                  175.125.16.104.in-addr.arpa
                                  dns
                                  73 B
                                  135 B
                                  1
                                  1

                                  DNS Request

                                  175.125.16.104.in-addr.arpa

                                • 8.8.8.8:53
                                  content-autofill.googleapis.com
                                  dns
                                  chrome.exe
                                  77 B
                                  301 B
                                  1
                                  1

                                  DNS Request

                                  content-autofill.googleapis.com

                                  DNS Response

                                  142.250.179.234
                                  142.250.180.10
                                  142.250.187.202
                                  142.250.187.234
                                  172.217.16.234
                                  142.250.200.42
                                  142.250.200.10
                                  142.250.178.10
                                  216.58.201.106
                                  216.58.204.74
                                  216.58.213.10
                                  172.217.169.10
                                  216.58.212.202
                                  216.58.212.234

                                • 8.8.8.8:53
                                  234.179.250.142.in-addr.arpa
                                  dns
                                  74 B
                                  113 B
                                  1
                                  1

                                  DNS Request

                                  234.179.250.142.in-addr.arpa

                                • 8.8.8.8:53
                                  aadcdn.msauthimages.net
                                  dns
                                  chrome.exe
                                  69 B
                                  210 B
                                  1
                                  1

                                  DNS Request

                                  aadcdn.msauthimages.net

                                  DNS Response

                                  152.199.21.175

                                • 8.8.8.8:53
                                  175.21.199.152.in-addr.arpa
                                  dns
                                  73 B
                                  144 B
                                  1
                                  1

                                  DNS Request

                                  175.21.199.152.in-addr.arpa

                                • 8.8.8.8:53
                                  57.110.18.2.in-addr.arpa
                                  dns
                                  70 B
                                  133 B
                                  1
                                  1

                                  DNS Request

                                  57.110.18.2.in-addr.arpa

                                • 8.8.8.8:53
                                  103.169.127.40.in-addr.arpa
                                  dns
                                  73 B
                                  147 B
                                  1
                                  1

                                  DNS Request

                                  103.169.127.40.in-addr.arpa

                                • 8.8.8.8:53
                                  206.23.85.13.in-addr.arpa
                                  dns
                                  71 B
                                  145 B
                                  1
                                  1

                                  DNS Request

                                  206.23.85.13.in-addr.arpa

                                • 8.8.8.8:53
                                  240.221.184.93.in-addr.arpa
                                  dns
                                  146 B
                                  288 B
                                  2
                                  2

                                  DNS Request

                                  240.221.184.93.in-addr.arpa

                                  DNS Request

                                  240.221.184.93.in-addr.arpa

                                • 35.190.80.1:443
                                  a.nel.cloudflare.com
                                  https
                                  chrome.exe
                                  4.4kB
                                  2.4kB
                                  10
                                  9
                                • 8.8.8.8:53
                                  0.205.248.87.in-addr.arpa
                                  dns
                                  142 B
                                  232 B
                                  2
                                  2

                                  DNS Request

                                  0.205.248.87.in-addr.arpa

                                  DNS Request

                                  0.205.248.87.in-addr.arpa

                                • 8.8.8.8:53
                                  178.223.142.52.in-addr.arpa
                                  dns
                                  146 B
                                  294 B
                                  2
                                  2

                                  DNS Request

                                  178.223.142.52.in-addr.arpa

                                  DNS Request

                                  178.223.142.52.in-addr.arpa

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  240B

                                  MD5

                                  49b26abb5eaec5aec01b61d38bad539d

                                  SHA1

                                  c45fc25d49aa7edb9ecf68c0403353ab4871efae

                                  SHA256

                                  49bf75787a422ed003729514ef715f2daae1dc5e2e5922b2a447b0eedbf1b20c

                                  SHA512

                                  4a91c4867b294b5bbe1adb1eb4f66597f87d98f336149e6d752df2d1bf6d7400246c0a460f664251940847d224448d130862b46fd8869e6fdad9a140bb6bcb17

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  bc28e08a6dfd5c1fdfc4742568129278

                                  SHA1

                                  d0ef5df59ae2d281939eaa70dda2c84ffac69539

                                  SHA256

                                  cca4f19ac689c384a993ff47748ec566ad98551c1be5e4613ec2c4528349e8d8

                                  SHA512

                                  6687fa7c9f7ebbc4c2773df0329244e494d3a0c9d510192dac282e6be2de46f567ee085c8bb29a2524b7ac3c9b613db7d3d62d2723f75961d023ed35e868b4ee

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  536B

                                  MD5

                                  ab07efbe460f8573ddf43723e66983cc

                                  SHA1

                                  87b113aade332823b0a248bb8e792bca38ddc32b

                                  SHA256

                                  9554b19eb3f9fb484fa05a9ab9b0a007ad3c7a7184567ae3f5349aac5b157bea

                                  SHA512

                                  449ff8fcfd8bbbe80de21c78a3adb942b30dedff1c36f23726b7dcebaa75b30734d2c21050cb9ffe42fade2375ee9313d8a2b8a312589f86ce732131ae16db23

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  663efeb58c40b3b21fc40a9fc4412a21

                                  SHA1

                                  e74c3a24d1d677a07bb91a2b44169a42168c7b8a

                                  SHA256

                                  b1554bfed36939b4e9ddf9829629eae6930f678873c0a5aa71a5c610515f0910

                                  SHA512

                                  1f902ba3c9adf22a389a7c5dd1c88a083bdce9a0ee3b9cb36fa7512787e4281df977615606f910cb8a2fae525d135f836c0352a2baba5b0b08b6581175e47d14

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  114KB

                                  MD5

                                  ab253798592253f3a73d0fee945007c8

                                  SHA1

                                  44d98b048902fb9ec051aaeb55aa2874ce6f4b80

                                  SHA256

                                  441ecaa363c38ebe3bb4b1e9f7a0eb48813958c208d69efe2ec4e47aae388b37

                                  SHA512

                                  0bf81f276767aee500fdc9fee306cedc7cd1e49798952b832f027c4efee03c71f1f9f4220b26ffe861ca4480d19f8a4196812b8085c686ac04937709bdae1f10

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                  Filesize

                                  2B

                                  MD5

                                  99914b932bd37a50b983c5e7c90ae93b

                                  SHA1

                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                  SHA256

                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                  SHA512

                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                We care about your privacy.

                                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.