Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 10:38 UTC

General

  • Target

    https://url.uk.m.mimecastprotect.com/s/yVTwCRoARF0QMXDU9hFZf?domain=mediafire.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url.uk.m.mimecastprotect.com/s/yVTwCRoARF0QMXDU9hFZf?domain=mediafire.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9841446f8,0x7ff984144708,0x7ff984144718
      2⤵
        PID:3396
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        2⤵
          PID:1948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2052
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2448 /prefetch:8
          2⤵
            PID:3428
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
            2⤵
              PID:4548
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:1760
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                2⤵
                  PID:1528
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
                  2⤵
                    PID:3720
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
                    2⤵
                      PID:3456
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
                      2⤵
                        PID:3284
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1844
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                        2⤵
                          PID:888
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
                          2⤵
                            PID:1400
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15219982442783748857,3676671346578165521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1332 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1172
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3976
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2092

                            Network

                            • flag-us
                              DNS
                              url.uk.m.mimecastprotect.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              url.uk.m.mimecastprotect.com
                              IN A
                              Response
                              url.uk.m.mimecastprotect.com
                              IN A
                              195.130.217.73
                              url.uk.m.mimecastprotect.com
                              IN A
                              91.220.42.235
                              url.uk.m.mimecastprotect.com
                              IN A
                              91.220.42.215
                              url.uk.m.mimecastprotect.com
                              IN A
                              195.130.217.187
                              url.uk.m.mimecastprotect.com
                              IN A
                              195.130.217.180
                              url.uk.m.mimecastprotect.com
                              IN A
                              91.220.42.63
                            • flag-gb
                              GET
                              https://url.uk.m.mimecastprotect.com/s/yVTwCRoARF0QMXDU9hFZf?domain=mediafire.com
                              msedge.exe
                              Remote address:
                              195.130.217.73:443
                              Request
                              GET /s/yVTwCRoARF0QMXDU9hFZf?domain=mediafire.com HTTP/1.1
                              Host: url.uk.m.mimecastprotect.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              DNT: 1
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 307 Temporary Redirect
                              Date: Thu, 18 Apr 2024 10:38:59 GMT
                              Content-Length: 0
                              Connection: keep-alive
                              Location: https://url.uk.m.mimecastprotect.com/r/SkY87F6eDFFuRzFD5cxU0zxTXFQ0JJ6WtHph_ZX8vNdmvUMCJsa_5WHUaQqLvMNsMPAKCRFmYwh6N1YYTF0pzkqPjDPesszv7yO9oouwMRe5Ozl10ecE__tDd26vhdEtNbyQOrl4AhwvIUCGVKEvSGjJIoG0X7fuBr74ciHDnfWDJnwV6QFLDaODOEljrhEWRluyNIV_cAmtSNi53DdCgfgG6cIwWe6YOpXVlyG2cINRSmwwFunvxBzyONPa2-_vNacvNlaTA9FrrgcHtw_h52w39oLikPJ4uPlIFB1n7Xcksh4i6_B0qrYOgAvHvl4srrtfDBU9mqIEd--Sl3W0qmkPR1pGFANjjKVrqs_CRkf8XecxbEuXuijVcPr0-Q6MJsdw0CYFzecrlmZJbp6DXlZodz870LVW0WFyZn61322U91HEmxB93RN9gWvFn8XKL8cvz999AIEFI5qezxAIhnkL0mr5vyUbPHtsoXxnAV6TfUlGqpwGr_cFeOpErvxGFdOCE0LI2g0yYQ26tx6-lWwP2NZnwLR9BqsxVEuAZfL9nU6Ia140lJy5siEJYwQ-kyhooaovXf6ct21cnWg2cdT2LiibL9IqOavDV9oEcqSRWgVTYRlj3H4XDt2yXnYfDm10IxqXrTh5R9ilsneALxGFDpzQ5HUcWL9xnLewlDUBXN3b6j7HytjuIYQISF9g64UrItugs-Caph_HGMJvoK7q8wKG-C9E28zY2kkxsqn_VOZ1f501aKLfM2A-A06kizQQ7Qk-QleLA8FxdNYiPiOAMxlgPifq0TREWALz9UlQ3GVlDQEsdKr7Pk0VKdioIW6oW8q7xpld_VpJecn4fM9e94vmJZ6eglQH4X2EqjTcOWkUmUSZczz1O9i5kQgDiRh3MP1MPJmAhhfSEBVJPfLADxmI05x8Slv9S-sNwBpiPSLMEJmG3_bQZXpMgSolL_6vWTNXus0-xfwXaXewZI-eRPuCbA0ANbKo2dpdVsrjfQwHSDNjXJ1wVYAQxEwQ1j4GtLINTGWV1FAJInRe3IF7efiF7IEXRK-_7o_XyA8Z7KAfGUF9K_QFvUepHu7xEIF99pbnwYun6WPLp55MnxK3V-i6ms9vSIWIIjfhnq2kOAjROClXwZ_Ja5amHrmltBN0sZiLCoy8AYpGyG5_fIVjbPlDnS-gSGy2XNAPoXCq4dBmaPxU_dvF0AQ8v47RZisBudkxDmGIxLnyrKcaNfSuu_VGp1FjbP4jTw4ytI3f2w6dMEutVRWjw3V1N9GMYQR_kdp4Oa6r75HskcwmEYxzjfp6T61EgNWO4o9mo6JLQOULeozRkxKeyfNkahtuMWCtAj99N-C9A8vAcNC7OR7eqyGjiG7duCe7GCySwfhGIjky8YFEO2AreyycPrQp6w95cbBXRY9TlvOxZJ615HzcAF-6TksZgN7R_rGyclwngeIN7dXdi2gEmdLHBf8GWOVCA53Cw3rlJXdHC7UQIY6SNXAtLCa5A4hyMl-37eADLw1e9dfW6N3UwWFJwHB9spx2fNTzi2g3inIT6d6MZDMCFon2yrBz3UT8txYp24kOZ6LqaPJz-856Uu97OiUzMHClcZBPVpNIg9T1UIRaGHeK318Fh8SPqGXCkChTcCwxmntaSjntD_pmtWwt6pYQVU9Q5gFF8aEbeoA491rXlH9syBzbUMzpfjjgzZEQu3XzKnYK1Kk6U0kodl8N7-yZ55kO3cvX7OiG9NaQWQvHetm0ZXlsORfHES7yjK957ld1rZkTCF5S4_SJQjg-gZyh8n9XIrnynlo5631O-Ii1fWqOhcicA_0iQOqLSDTOT2gBemJH8yyf_ubA-_7u1RsVy140IkLxpAGmiQubHtGZsrwBKVfqtOI2GTwcDZ2_fvAC5SfXi3gdcOJKg6NlPkAZtkX-2LwdoFH57h6MjcnZnhUPhpq2PZw4tut7HB1nwkyu18Apzr-eE8kb-xZVj_ciIFIJDdlbb4TRLO4TYDrgnSbojb182ZJkFdqtJKILO9PUDAK6bDSXWzh0JFp2JlbwJy9Hbkw8o20aN5jGpgPXpCCKo0UgmxAh2dzqHNDdjJNhOuR3fs-lTP8bPVX-qEUM__5Kprgsvpnc9fHlp2BM5A
                              Cache-control: no-store
                              Pragma: no-cache
                              X-Robots-Tag: noindex, nofollow
                            • flag-gb
                              GET
                              https://url.uk.m.mimecastprotect.com/r/SkY87F6eDFFuRzFD5cxU0zxTXFQ0JJ6WtHph_ZX8vNdmvUMCJsa_5WHUaQqLvMNsMPAKCRFmYwh6N1YYTF0pzkqPjDPesszv7yO9oouwMRe5Ozl10ecE__tDd26vhdEtNbyQOrl4AhwvIUCGVKEvSGjJIoG0X7fuBr74ciHDnfWDJnwV6QFLDaODOEljrhEWRluyNIV_cAmtSNi53DdCgfgG6cIwWe6YOpXVlyG2cINRSmwwFunvxBzyONPa2-_vNacvNlaTA9FrrgcHtw_h52w39oLikPJ4uPlIFB1n7Xcksh4i6_B0qrYOgAvHvl4srrtfDBU9mqIEd--Sl3W0qmkPR1pGFANjjKVrqs_CRkf8XecxbEuXuijVcPr0-Q6MJsdw0CYFzecrlmZJbp6DXlZodz870LVW0WFyZn61322U91HEmxB93RN9gWvFn8XKL8cvz999AIEFI5qezxAIhnkL0mr5vyUbPHtsoXxnAV6TfUlGqpwGr_cFeOpErvxGFdOCE0LI2g0yYQ26tx6-lWwP2NZnwLR9BqsxVEuAZfL9nU6Ia140lJy5siEJYwQ-kyhooaovXf6ct21cnWg2cdT2LiibL9IqOavDV9oEcqSRWgVTYRlj3H4XDt2yXnYfDm10IxqXrTh5R9ilsneALxGFDpzQ5HUcWL9xnLewlDUBXN3b6j7HytjuIYQISF9g64UrItugs-Caph_HGMJvoK7q8wKG-C9E28zY2kkxsqn_VOZ1f501aKLfM2A-A06kizQQ7Qk-QleLA8FxdNYiPiOAMxlgPifq0TREWALz9UlQ3GVlDQEsdKr7Pk0VKdioIW6oW8q7xpld_VpJecn4fM9e94vmJZ6eglQH4X2EqjTcOWkUmUSZczz1O9i5kQgDiRh3MP1MPJmAhhfSEBVJPfLADxmI05x8Slv9S-sNwBpiPSLMEJmG3_bQZXpMgSolL_6vWTNXus0-xfwXaXewZI-eRPuCbA0ANbKo2dpdVsrjfQwHSDNjXJ1wVYAQxEwQ1j4GtLINTGWV1FAJInRe3IF7efiF7IEXRK-_7o_XyA8Z7KAfGUF9K_QFvUepHu7xEIF99pbnwYun6WPLp55MnxK3V-i6ms9vSIWIIjfhnq2kOAjROClXwZ_Ja5amHrmltBN0sZiLCoy8AYpGyG5_fIVjbPlDnS-gSGy2XNAPoXCq4dBmaPxU_dvF0AQ8v47RZisBudkxDmGIxLnyrKcaNfSuu_VGp1FjbP4jTw4ytI3f2w6dMEutVRWjw3V1N9GMYQR_kdp4Oa6r75HskcwmEYxzjfp6T61EgNWO4o9mo6JLQOULeozRkxKeyfNkahtuMWCtAj99N-C9A8vAcNC7OR7eqyGjiG7duCe7GCySwfhGIjky8YFEO2AreyycPrQp6w95cbBXRY9TlvOxZJ615HzcAF-6TksZgN7R_rGyclwngeIN7dXdi2gEmdLHBf8GWOVCA53Cw3rlJXdHC7UQIY6SNXAtLCa5A4hyMl-37eADLw1e9dfW6N3UwWFJwHB9spx2fNTzi2g3inIT6d6MZDMCFon2yrBz3UT8txYp24kOZ6LqaPJz-856Uu97OiUzMHClcZBPVpNIg9T1UIRaGHeK318Fh8SPqGXCkChTcCwxmntaSjntD_pmtWwt6pYQVU9Q5gFF8aEbeoA491rXlH9syBzbUMzpfjjgzZEQu3XzKnYK1Kk6U0kodl8N7-yZ55kO3cvX7OiG9NaQWQvHetm0ZXlsORfHES7yjK957ld1rZkTCF5S4_SJQjg-gZyh8n9XIrnynlo5631O-Ii1fWqOhcicA_0iQOqLSDTOT2gBemJH8yyf_ubA-_7u1RsVy140IkLxpAGmiQubHtGZsrwBKVfqtOI2GTwcDZ2_fvAC5SfXi3gdcOJKg6NlPkAZtkX-2LwdoFH57h6MjcnZnhUPhpq2PZw4tut7HB1nwkyu18Apzr-eE8kb-xZVj_ciIFIJDdlbb4TRLO4TYDrgnSbojb182ZJkFdqtJKILO9PUDAK6bDSXWzh0JFp2JlbwJy9Hbkw8o20aN5jGpgPXpCCKo0UgmxAh2dzqHNDdjJNhOuR3fs-lTP8bPVX-qEUM__5Kprgsvpnc9fHlp2BM5A
                              msedge.exe
                              Remote address:
                              195.130.217.73:443
                              Request
                              GET /r/SkY87F6eDFFuRzFD5cxU0zxTXFQ0JJ6WtHph_ZX8vNdmvUMCJsa_5WHUaQqLvMNsMPAKCRFmYwh6N1YYTF0pzkqPjDPesszv7yO9oouwMRe5Ozl10ecE__tDd26vhdEtNbyQOrl4AhwvIUCGVKEvSGjJIoG0X7fuBr74ciHDnfWDJnwV6QFLDaODOEljrhEWRluyNIV_cAmtSNi53DdCgfgG6cIwWe6YOpXVlyG2cINRSmwwFunvxBzyONPa2-_vNacvNlaTA9FrrgcHtw_h52w39oLikPJ4uPlIFB1n7Xcksh4i6_B0qrYOgAvHvl4srrtfDBU9mqIEd--Sl3W0qmkPR1pGFANjjKVrqs_CRkf8XecxbEuXuijVcPr0-Q6MJsdw0CYFzecrlmZJbp6DXlZodz870LVW0WFyZn61322U91HEmxB93RN9gWvFn8XKL8cvz999AIEFI5qezxAIhnkL0mr5vyUbPHtsoXxnAV6TfUlGqpwGr_cFeOpErvxGFdOCE0LI2g0yYQ26tx6-lWwP2NZnwLR9BqsxVEuAZfL9nU6Ia140lJy5siEJYwQ-kyhooaovXf6ct21cnWg2cdT2LiibL9IqOavDV9oEcqSRWgVTYRlj3H4XDt2yXnYfDm10IxqXrTh5R9ilsneALxGFDpzQ5HUcWL9xnLewlDUBXN3b6j7HytjuIYQISF9g64UrItugs-Caph_HGMJvoK7q8wKG-C9E28zY2kkxsqn_VOZ1f501aKLfM2A-A06kizQQ7Qk-QleLA8FxdNYiPiOAMxlgPifq0TREWALz9UlQ3GVlDQEsdKr7Pk0VKdioIW6oW8q7xpld_VpJecn4fM9e94vmJZ6eglQH4X2EqjTcOWkUmUSZczz1O9i5kQgDiRh3MP1MPJmAhhfSEBVJPfLADxmI05x8Slv9S-sNwBpiPSLMEJmG3_bQZXpMgSolL_6vWTNXus0-xfwXaXewZI-eRPuCbA0ANbKo2dpdVsrjfQwHSDNjXJ1wVYAQxEwQ1j4GtLINTGWV1FAJInRe3IF7efiF7IEXRK-_7o_XyA8Z7KAfGUF9K_QFvUepHu7xEIF99pbnwYun6WPLp55MnxK3V-i6ms9vSIWIIjfhnq2kOAjROClXwZ_Ja5amHrmltBN0sZiLCoy8AYpGyG5_fIVjbPlDnS-gSGy2XNAPoXCq4dBmaPxU_dvF0AQ8v47RZisBudkxDmGIxLnyrKcaNfSuu_VGp1FjbP4jTw4ytI3f2w6dMEutVRWjw3V1N9GMYQR_kdp4Oa6r75HskcwmEYxzjfp6T61EgNWO4o9mo6JLQOULeozRkxKeyfNkahtuMWCtAj99N-C9A8vAcNC7OR7eqyGjiG7duCe7GCySwfhGIjky8YFEO2AreyycPrQp6w95cbBXRY9TlvOxZJ615HzcAF-6TksZgN7R_rGyclwngeIN7dXdi2gEmdLHBf8GWOVCA53Cw3rlJXdHC7UQIY6SNXAtLCa5A4hyMl-37eADLw1e9dfW6N3UwWFJwHB9spx2fNTzi2g3inIT6d6MZDMCFon2yrBz3UT8txYp24kOZ6LqaPJz-856Uu97OiUzMHClcZBPVpNIg9T1UIRaGHeK318Fh8SPqGXCkChTcCwxmntaSjntD_pmtWwt6pYQVU9Q5gFF8aEbeoA491rXlH9syBzbUMzpfjjgzZEQu3XzKnYK1Kk6U0kodl8N7-yZ55kO3cvX7OiG9NaQWQvHetm0ZXlsORfHES7yjK957ld1rZkTCF5S4_SJQjg-gZyh8n9XIrnynlo5631O-Ii1fWqOhcicA_0iQOqLSDTOT2gBemJH8yyf_ubA-_7u1RsVy140IkLxpAGmiQubHtGZsrwBKVfqtOI2GTwcDZ2_fvAC5SfXi3gdcOJKg6NlPkAZtkX-2LwdoFH57h6MjcnZnhUPhpq2PZw4tut7HB1nwkyu18Apzr-eE8kb-xZVj_ciIFIJDdlbb4TRLO4TYDrgnSbojb182ZJkFdqtJKILO9PUDAK6bDSXWzh0JFp2JlbwJy9Hbkw8o20aN5jGpgPXpCCKo0UgmxAh2dzqHNDdjJNhOuR3fs-lTP8bPVX-qEUM__5Kprgsvpnc9fHlp2BM5A HTTP/1.1
                              Host: url.uk.m.mimecastprotect.com
                              Connection: keep-alive
                              DNT: 1
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 307 Temporary Redirect
                              Date: Thu, 18 Apr 2024 10:38:59 GMT
                              Content-Length: 0
                              Connection: keep-alive
                              Location: https://security-eu.mimecast.com/ttpwp?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ#/block?key=FMWZsInTJb8itXEirpbm5ezep_XoBCsVtjsCZHjekBuIlHHO8Di8VmD_oCUEQ636imCIZiVkN2pLW_bey0WGObWoHg2jVj3cYujL9PXaBrM
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Cache-control: no-store
                              Pragma: no-cache
                              X-Robots-Tag: noindex, nofollow
                            • flag-us
                              DNS
                              138.32.126.40.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              138.32.126.40.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              172.210.232.199.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              172.210.232.199.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              73.217.130.195.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              73.217.130.195.in-addr.arpa
                              IN PTR
                              Response
                              73.217.130.195.in-addr.arpa
                              IN PTR
                              eu-apimimecastcom
                            • flag-us
                              DNS
                              9.228.82.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              9.228.82.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              security-eu.mimecast.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              security-eu.mimecast.com
                              IN A
                              Response
                              security-eu.mimecast.com
                              IN A
                              195.130.217.78
                              security-eu.mimecast.com
                              IN A
                              195.130.217.194
                              security-eu.mimecast.com
                              IN A
                              91.220.42.76
                              security-eu.mimecast.com
                              IN A
                              195.130.217.193
                              security-eu.mimecast.com
                              IN A
                              91.220.42.249
                              security-eu.mimecast.com
                              IN A
                              91.220.42.248
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              DNT: 1
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Content-Type: text/html; charset=utf-8
                              ETag: W/"1692-RJnKgcPpsS8iLJ4Rv1eE6epHkfc"
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Date: Thu, 18 Apr 2024 10:38:59 GMT
                              Connection: keep-alive
                              Transfer-Encoding: chunked
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/branding/b27414d05a9c6cd47862ee8f13bc9c27616f5df2/style.css?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ&originalContextPath=ttpwp
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /branding/b27414d05a9c6cd47862ee8f13bc9c27616f5df2/style.css?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ&originalContextPath=ttpwp HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: text/css,*/*;q=0.1
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: style
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Cache-Control: public, max-age=1209600000
                              Accept-Ranges: bytes
                              Last-Modified: Wed, 20 Mar 2024 00:36:18 GMT
                              ETag: W/"1147-18e5949963c"
                              Content-Type: text/css; charset=UTF-8
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Date: Thu, 18 Apr 2024 10:38:59 GMT
                              Connection: keep-alive
                              Transfer-Encoding: chunked
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/polyfills.5257ca6e429949972959.js
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: */*
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: script
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"1743c-18d89b1f630"
                              Content-Type: application/javascript; charset=UTF-8
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Date: Thu, 18 Apr 2024 10:38:59 GMT
                              Connection: keep-alive
                              Transfer-Encoding: chunked
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/branding/b27414d05a9c6cd47862ee8f13bc9c27616f5df2/main-page-logo.png?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ&originalContextPath=ttpwp
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /branding/b27414d05a9c6cd47862ee8f13bc9c27616f5df2/main-page-logo.png?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ&originalContextPath=ttpwp HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Cache-Control: public, max-age=1209600000
                              Accept-Ranges: bytes
                              Last-Modified: Wed, 20 Mar 2024 00:36:18 GMT
                              ETag: W/"f0a-18e594996b3"
                              Content-Type: image/png
                              Content-Length: 3850
                              Date: Thu, 18 Apr 2024 10:39:00 GMT
                              Connection: keep-alive
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2 HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              Origin: https://security-eu.mimecast.com
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Dest: font
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"21790-18d89b1f630"
                              Content-Type: font/woff2
                              Content-Length: 137104
                              Date: Thu, 18 Apr 2024 10:39:00 GMT
                              Connection: keep-alive
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/images/favicon.ico
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/images/favicon.ico HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"47e-18d89b1f630"
                              Content-Type: image/x-icon
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Date: Thu, 18 Apr 2024 10:39:00 GMT
                              Connection: keep-alive
                              Transfer-Encoding: chunked
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/runtime.5257ca6e429949972959.js
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: */*
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: script
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"5d4-18d89b1f630"
                              Content-Type: application/javascript; charset=UTF-8
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Date: Thu, 18 Apr 2024 10:38:59 GMT
                              Connection: keep-alive
                              Transfer-Encoding: chunked
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/styles.5257ca6e429949972959.js
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: */*
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: script
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"6434f-18d89b1f630"
                              Content-Type: application/javascript; charset=UTF-8
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Date: Thu, 18 Apr 2024 10:38:59 GMT
                              Connection: keep-alive
                              Transfer-Encoding: chunked
                            • flag-gb
                              POST
                              https://security-eu.mimecast.com/api/ttp/url/get-page-data
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              POST /api/ttp/url/get-page-data HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              Content-Length: 152
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              Accept: application/json, text/plain, */*
                              DNT: 1
                              x-context-route: ttpwp
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Content-Type: application/json
                              Origin: https://security-eu.mimecast.com
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Dest: empty
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              date: Thu, 18 Apr 2024 10:39:00 GMT
                              content-type: application/json; charset=UTF-8
                              connection: close
                              cache-control: no-store
                              pragma: no-cache
                              X-Robots-Tag: noindex, nofollow
                              content-encoding: gzip
                              trailer: Content-MD5
                              x-mc-req-id: 65872419-a1f8-4ffb-b79d-f9cba10b50f6
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Content-Length: 175
                              ETag: W/"af-QD63+4w8MZNzIMKUVTAxmgZpLMU"
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/images/mimecastlogo@2x.png
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"ade-18d89b1f630"
                              Content-Type: image/png
                              Content-Length: 2782
                              Date: Thu, 18 Apr 2024 10:39:00 GMT
                              Connection: keep-alive
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273 HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              Origin: https://security-eu.mimecast.com
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Dest: font
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"92e8-18d89b1f630"
                              Content-Type: font/woff2
                              Content-Length: 37608
                              Date: Thu, 18 Apr 2024 10:39:00 GMT
                              Connection: keep-alive
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/main.5257ca6e429949972959.js
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: */*
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: script
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"fe6a4-18d89b1f630"
                              Content-Type: application/javascript; charset=UTF-8
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Date: Thu, 18 Apr 2024 10:39:00 GMT
                              Connection: keep-alive
                              Transfer-Encoding: chunked
                            • flag-gb
                              GET
                              https://security-eu.mimecast.com/ttpwp/resources/languages/en.json
                              msedge.exe
                              Remote address:
                              195.130.217.78:443
                              Request
                              GET /ttpwp/resources/languages/en.json HTTP/1.1
                              Host: security-eu.mimecast.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              Accept: application/json, text/plain, */*
                              DNT: 1
                              x-context-route: ttpwp
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Content-Type: application/json
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: cors
                              Sec-Fetch-Dest: empty
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block
                              x-frame-options: SAMEORIGIN
                              Referrer-Policy: no-referrer
                              X-Robots-Tag: noindex, nofollow
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Accept-Ranges: bytes
                              Cache-Control: public, max-age=0
                              Last-Modified: Thu, 08 Feb 2024 17:09:18 GMT
                              ETag: W/"4300-18d89b1f630"
                              Content-Type: application/json; charset=UTF-8
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Date: Thu, 18 Apr 2024 10:39:00 GMT
                              Connection: keep-alive
                              Transfer-Encoding: chunked
                            • flag-us
                              DNS
                              78.217.130.195.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              78.217.130.195.in-addr.arpa
                              IN PTR
                              Response
                              78.217.130.195.in-addr.arpa
                              IN PTR
                              security-eumimecastcom
                            • flag-us
                              DNS
                              g.bing.com
                              Remote address:
                              8.8.8.8:53
                              Request
                              g.bing.com
                              IN A
                              Response
                              g.bing.com
                              IN CNAME
                              g-bing-com.dual-a-0034.a-msedge.net
                              g-bing-com.dual-a-0034.a-msedge.net
                              IN CNAME
                              dual-a-0034.a-msedge.net
                              dual-a-0034.a-msedge.net
                              IN A
                              204.79.197.237
                              dual-a-0034.a-msedge.net
                              IN A
                              13.107.21.237
                            • flag-us
                              GET
                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid=
                              Remote address:
                              204.79.197.237:443
                              Request
                              GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid= HTTP/2.0
                              host: g.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              Response
                              HTTP/2.0 204
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                              set-cookie: MUID=3B7F9B5426E0696115EE8F31270068F2; domain=.bing.com; expires=Tue, 13-May-2025 10:39:00 GMT; path=/; SameSite=None; Secure; Priority=High;
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              access-control-allow-origin: *
                              x-cache: CONFIG_NOCACHE
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 81CE1683FBB24DBAA874C9A836AEB538 Ref B: LON04EDGE1205 Ref C: 2024-04-18T10:39:00Z
                              date: Thu, 18 Apr 2024 10:38:59 GMT
                            • flag-us
                              GET
                              https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid=
                              Remote address:
                              204.79.197.237:443
                              Request
                              GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid= HTTP/2.0
                              host: g.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              cookie: MUID=3B7F9B5426E0696115EE8F31270068F2
                              Response
                              HTTP/2.0 204
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                              set-cookie: MSPTC=GkVS5hlgnIjh9AqiGXna4gKmAgJmXsCpo2xpi9UsBBY; domain=.bing.com; expires=Tue, 13-May-2025 10:39:00 GMT; path=/; Partitioned; secure; SameSite=None
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              access-control-allow-origin: *
                              x-cache: CONFIG_NOCACHE
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 54C59F1987AF4419B8F284F04B4D056C Ref B: LON04EDGE1205 Ref C: 2024-04-18T10:39:00Z
                              date: Thu, 18 Apr 2024 10:39:00 GMT
                            • flag-us
                              GET
                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid=
                              Remote address:
                              204.79.197.237:443
                              Request
                              GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid= HTTP/2.0
                              host: g.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              cookie: MUID=3B7F9B5426E0696115EE8F31270068F2; MSPTC=GkVS5hlgnIjh9AqiGXna4gKmAgJmXsCpo2xpi9UsBBY
                              Response
                              HTTP/2.0 204
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              access-control-allow-origin: *
                              x-cache: CONFIG_NOCACHE
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 229989274B9D428694156D9129C92B58 Ref B: LON04EDGE1205 Ref C: 2024-04-18T10:39:00Z
                              date: Thu, 18 Apr 2024 10:39:00 GMT
                            • flag-us
                              DNS
                              67.32.209.4.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              67.32.209.4.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              237.197.79.204.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              237.197.79.204.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              21.114.53.23.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              21.114.53.23.in-addr.arpa
                              IN PTR
                              Response
                              21.114.53.23.in-addr.arpa
                              IN PTR
                              a23-53-114-21deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              205.47.74.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              205.47.74.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              26.165.165.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              26.165.165.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              18.31.95.13.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              18.31.95.13.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              28.143.109.104.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              28.143.109.104.in-addr.arpa
                              IN PTR
                              Response
                              28.143.109.104.in-addr.arpa
                              IN PTR
                              a104-109-143-28deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              25.24.18.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              25.24.18.2.in-addr.arpa
                              IN PTR
                              Response
                              25.24.18.2.in-addr.arpa
                              IN PTR
                              a2-18-24-25deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              11.227.111.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              11.227.111.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              40.173.79.40.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              40.173.79.40.in-addr.arpa
                              IN PTR
                              Response
                            • 195.130.217.73:443
                              url.uk.m.mimecastprotect.com
                              tls
                              msedge.exe
                              1.1kB
                              5.8kB
                              10
                              12
                            • 195.130.217.73:443
                              https://url.uk.m.mimecastprotect.com/r/SkY87F6eDFFuRzFD5cxU0zxTXFQ0JJ6WtHph_ZX8vNdmvUMCJsa_5WHUaQqLvMNsMPAKCRFmYwh6N1YYTF0pzkqPjDPesszv7yO9oouwMRe5Ozl10ecE__tDd26vhdEtNbyQOrl4AhwvIUCGVKEvSGjJIoG0X7fuBr74ciHDnfWDJnwV6QFLDaODOEljrhEWRluyNIV_cAmtSNi53DdCgfgG6cIwWe6YOpXVlyG2cINRSmwwFunvxBzyONPa2-_vNacvNlaTA9FrrgcHtw_h52w39oLikPJ4uPlIFB1n7Xcksh4i6_B0qrYOgAvHvl4srrtfDBU9mqIEd--Sl3W0qmkPR1pGFANjjKVrqs_CRkf8XecxbEuXuijVcPr0-Q6MJsdw0CYFzecrlmZJbp6DXlZodz870LVW0WFyZn61322U91HEmxB93RN9gWvFn8XKL8cvz999AIEFI5qezxAIhnkL0mr5vyUbPHtsoXxnAV6TfUlGqpwGr_cFeOpErvxGFdOCE0LI2g0yYQ26tx6-lWwP2NZnwLR9BqsxVEuAZfL9nU6Ia140lJy5siEJYwQ-kyhooaovXf6ct21cnWg2cdT2LiibL9IqOavDV9oEcqSRWgVTYRlj3H4XDt2yXnYfDm10IxqXrTh5R9ilsneALxGFDpzQ5HUcWL9xnLewlDUBXN3b6j7HytjuIYQISF9g64UrItugs-Caph_HGMJvoK7q8wKG-C9E28zY2kkxsqn_VOZ1f501aKLfM2A-A06kizQQ7Qk-QleLA8FxdNYiPiOAMxlgPifq0TREWALz9UlQ3GVlDQEsdKr7Pk0VKdioIW6oW8q7xpld_VpJecn4fM9e94vmJZ6eglQH4X2EqjTcOWkUmUSZczz1O9i5kQgDiRh3MP1MPJmAhhfSEBVJPfLADxmI05x8Slv9S-sNwBpiPSLMEJmG3_bQZXpMgSolL_6vWTNXus0-xfwXaXewZI-eRPuCbA0ANbKo2dpdVsrjfQwHSDNjXJ1wVYAQxEwQ1j4GtLINTGWV1FAJInRe3IF7efiF7IEXRK-_7o_XyA8Z7KAfGUF9K_QFvUepHu7xEIF99pbnwYun6WPLp55MnxK3V-i6ms9vSIWIIjfhnq2kOAjROClXwZ_Ja5amHrmltBN0sZiLCoy8AYpGyG5_fIVjbPlDnS-gSGy2XNAPoXCq4dBmaPxU_dvF0AQ8v47RZisBudkxDmGIxLnyrKcaNfSuu_VGp1FjbP4jTw4ytI3f2w6dMEutVRWjw3V1N9GMYQR_kdp4Oa6r75HskcwmEYxzjfp6T61EgNWO4o9mo6JLQOULeozRkxKeyfNkahtuMWCtAj99N-C9A8vAcNC7OR7eqyGjiG7duCe7GCySwfhGIjky8YFEO2AreyycPrQp6w95cbBXRY9TlvOxZJ615HzcAF-6TksZgN7R_rGyclwngeIN7dXdi2gEmdLHBf8GWOVCA53Cw3rlJXdHC7UQIY6SNXAtLCa5A4hyMl-37eADLw1e9dfW6N3UwWFJwHB9spx2fNTzi2g3inIT6d6MZDMCFon2yrBz3UT8txYp24kOZ6LqaPJz-856Uu97OiUzMHClcZBPVpNIg9T1UIRaGHeK318Fh8SPqGXCkChTcCwxmntaSjntD_pmtWwt6pYQVU9Q5gFF8aEbeoA491rXlH9syBzbUMzpfjjgzZEQu3XzKnYK1Kk6U0kodl8N7-yZ55kO3cvX7OiG9NaQWQvHetm0ZXlsORfHES7yjK957ld1rZkTCF5S4_SJQjg-gZyh8n9XIrnynlo5631O-Ii1fWqOhcicA_0iQOqLSDTOT2gBemJH8yyf_ubA-_7u1RsVy140IkLxpAGmiQubHtGZsrwBKVfqtOI2GTwcDZ2_fvAC5SfXi3gdcOJKg6NlPkAZtkX-2LwdoFH57h6MjcnZnhUPhpq2PZw4tut7HB1nwkyu18Apzr-eE8kb-xZVj_ciIFIJDdlbb4TRLO4TYDrgnSbojb182ZJkFdqtJKILO9PUDAK6bDSXWzh0JFp2JlbwJy9Hbkw8o20aN5jGpgPXpCCKo0UgmxAh2dzqHNDdjJNhOuR3fs-lTP8bPVX-qEUM__5Kprgsvpnc9fHlp2BM5A
                              tls, http
                              msedge.exe
                              4.8kB
                              9.1kB
                              16
                              18

                              HTTP Request

                              GET https://url.uk.m.mimecastprotect.com/s/yVTwCRoARF0QMXDU9hFZf?domain=mediafire.com

                              HTTP Response

                              307

                              HTTP Request

                              GET https://url.uk.m.mimecastprotect.com/r/SkY87F6eDFFuRzFD5cxU0zxTXFQ0JJ6WtHph_ZX8vNdmvUMCJsa_5WHUaQqLvMNsMPAKCRFmYwh6N1YYTF0pzkqPjDPesszv7yO9oouwMRe5Ozl10ecE__tDd26vhdEtNbyQOrl4AhwvIUCGVKEvSGjJIoG0X7fuBr74ciHDnfWDJnwV6QFLDaODOEljrhEWRluyNIV_cAmtSNi53DdCgfgG6cIwWe6YOpXVlyG2cINRSmwwFunvxBzyONPa2-_vNacvNlaTA9FrrgcHtw_h52w39oLikPJ4uPlIFB1n7Xcksh4i6_B0qrYOgAvHvl4srrtfDBU9mqIEd--Sl3W0qmkPR1pGFANjjKVrqs_CRkf8XecxbEuXuijVcPr0-Q6MJsdw0CYFzecrlmZJbp6DXlZodz870LVW0WFyZn61322U91HEmxB93RN9gWvFn8XKL8cvz999AIEFI5qezxAIhnkL0mr5vyUbPHtsoXxnAV6TfUlGqpwGr_cFeOpErvxGFdOCE0LI2g0yYQ26tx6-lWwP2NZnwLR9BqsxVEuAZfL9nU6Ia140lJy5siEJYwQ-kyhooaovXf6ct21cnWg2cdT2LiibL9IqOavDV9oEcqSRWgVTYRlj3H4XDt2yXnYfDm10IxqXrTh5R9ilsneALxGFDpzQ5HUcWL9xnLewlDUBXN3b6j7HytjuIYQISF9g64UrItugs-Caph_HGMJvoK7q8wKG-C9E28zY2kkxsqn_VOZ1f501aKLfM2A-A06kizQQ7Qk-QleLA8FxdNYiPiOAMxlgPifq0TREWALz9UlQ3GVlDQEsdKr7Pk0VKdioIW6oW8q7xpld_VpJecn4fM9e94vmJZ6eglQH4X2EqjTcOWkUmUSZczz1O9i5kQgDiRh3MP1MPJmAhhfSEBVJPfLADxmI05x8Slv9S-sNwBpiPSLMEJmG3_bQZXpMgSolL_6vWTNXus0-xfwXaXewZI-eRPuCbA0ANbKo2dpdVsrjfQwHSDNjXJ1wVYAQxEwQ1j4GtLINTGWV1FAJInRe3IF7efiF7IEXRK-_7o_XyA8Z7KAfGUF9K_QFvUepHu7xEIF99pbnwYun6WPLp55MnxK3V-i6ms9vSIWIIjfhnq2kOAjROClXwZ_Ja5amHrmltBN0sZiLCoy8AYpGyG5_fIVjbPlDnS-gSGy2XNAPoXCq4dBmaPxU_dvF0AQ8v47RZisBudkxDmGIxLnyrKcaNfSuu_VGp1FjbP4jTw4ytI3f2w6dMEutVRWjw3V1N9GMYQR_kdp4Oa6r75HskcwmEYxzjfp6T61EgNWO4o9mo6JLQOULeozRkxKeyfNkahtuMWCtAj99N-C9A8vAcNC7OR7eqyGjiG7duCe7GCySwfhGIjky8YFEO2AreyycPrQp6w95cbBXRY9TlvOxZJ615HzcAF-6TksZgN7R_rGyclwngeIN7dXdi2gEmdLHBf8GWOVCA53Cw3rlJXdHC7UQIY6SNXAtLCa5A4hyMl-37eADLw1e9dfW6N3UwWFJwHB9spx2fNTzi2g3inIT6d6MZDMCFon2yrBz3UT8txYp24kOZ6LqaPJz-856Uu97OiUzMHClcZBPVpNIg9T1UIRaGHeK318Fh8SPqGXCkChTcCwxmntaSjntD_pmtWwt6pYQVU9Q5gFF8aEbeoA491rXlH9syBzbUMzpfjjgzZEQu3XzKnYK1Kk6U0kodl8N7-yZ55kO3cvX7OiG9NaQWQvHetm0ZXlsORfHES7yjK957ld1rZkTCF5S4_SJQjg-gZyh8n9XIrnynlo5631O-Ii1fWqOhcicA_0iQOqLSDTOT2gBemJH8yyf_ubA-_7u1RsVy140IkLxpAGmiQubHtGZsrwBKVfqtOI2GTwcDZ2_fvAC5SfXi3gdcOJKg6NlPkAZtkX-2LwdoFH57h6MjcnZnhUPhpq2PZw4tut7HB1nwkyu18Apzr-eE8kb-xZVj_ciIFIJDdlbb4TRLO4TYDrgnSbojb182ZJkFdqtJKILO9PUDAK6bDSXWzh0JFp2JlbwJy9Hbkw8o20aN5jGpgPXpCCKo0UgmxAh2dzqHNDdjJNhOuR3fs-lTP8bPVX-qEUM__5Kprgsvpnc9fHlp2BM5A

                              HTTP Response

                              307
                            • 195.130.217.78:443
                              https://security-eu.mimecast.com/ttpwp/resources/images/favicon.ico
                              tls, http
                              msedge.exe
                              8.9kB
                              188.4kB
                              86
                              146

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ

                              HTTP Response

                              200

                              HTTP Request

                              GET https://security-eu.mimecast.com/branding/b27414d05a9c6cd47862ee8f13bc9c27616f5df2/style.css?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ&originalContextPath=ttpwp

                              HTTP Response

                              200

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/polyfills.5257ca6e429949972959.js

                              HTTP Response

                              200

                              HTTP Request

                              GET https://security-eu.mimecast.com/branding/b27414d05a9c6cd47862ee8f13bc9c27616f5df2/main-page-logo.png?tkn=3.IgIJwAPH2qSob67Wa5Pjp3ciVyXrdWoKJsAYKGW9WJ25rbWtmvvqbn7sY1H2IXhvx1W87cBaAu1PWrjL-h3hc5tYmRGpZzHHt-p62jYINOTvMfAOAcgM3HFVMFoWKmzdgFeEEcqB5jAcitt-ymNigaAVaglX2mYNQ_WZb5Z1hN4.XPEw6l2Xhtb5yrYYw3r2BQ&originalContextPath=ttpwp

                              HTTP Response

                              200

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2

                              HTTP Response

                              200

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/images/favicon.ico

                              HTTP Response

                              200
                            • 195.130.217.78:443
                              https://security-eu.mimecast.com/api/ttp/url/get-page-data
                              tls, http
                              msedge.exe
                              4.1kB
                              66.9kB
                              33
                              57

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/runtime.5257ca6e429949972959.js

                              HTTP Response

                              200

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/styles.5257ca6e429949972959.js

                              HTTP Response

                              200

                              HTTP Request

                              POST https://security-eu.mimecast.com/api/ttp/url/get-page-data

                              HTTP Response

                              200
                            • 195.130.217.78:443
                              https://security-eu.mimecast.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273
                              tls, http
                              msedge.exe
                              3.2kB
                              46.8kB
                              29
                              39

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/images/mimecastlogo@2x.png

                              HTTP Response

                              200

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273

                              HTTP Response

                              200
                            • 195.130.217.78:443
                              https://security-eu.mimecast.com/ttpwp/resources/languages/en.json
                              tls, http
                              msedge.exe
                              7.0kB
                              285.4kB
                              113
                              211

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/main.5257ca6e429949972959.js

                              HTTP Response

                              200

                              HTTP Request

                              GET https://security-eu.mimecast.com/ttpwp/resources/languages/en.json

                              HTTP Response

                              200
                            • 204.79.197.237:443
                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid=
                              tls, http2
                              2.0kB
                              9.2kB
                              21
                              18

                              HTTP Request

                              GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid=

                              HTTP Response

                              204

                              HTTP Request

                              GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid=

                              HTTP Response

                              204

                              HTTP Request

                              GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d5074bce810949fdabea2842c29667c7&localId=w:6B64A61F-3845-A817-60EE-6065BD62B10E&deviceId=6825832441214664&anid=

                              HTTP Response

                              204
                            • 52.111.229.43:443
                              322 B
                              7
                            • 8.8.8.8:53
                              url.uk.m.mimecastprotect.com
                              dns
                              msedge.exe
                              74 B
                              170 B
                              1
                              1

                              DNS Request

                              url.uk.m.mimecastprotect.com

                              DNS Response

                              195.130.217.73
                              91.220.42.235
                              91.220.42.215
                              195.130.217.187
                              195.130.217.180
                              91.220.42.63

                            • 8.8.8.8:53
                              138.32.126.40.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              138.32.126.40.in-addr.arpa

                            • 8.8.8.8:53
                              172.210.232.199.in-addr.arpa
                              dns
                              74 B
                              128 B
                              1
                              1

                              DNS Request

                              172.210.232.199.in-addr.arpa

                            • 8.8.8.8:53
                              73.217.130.195.in-addr.arpa
                              dns
                              73 B
                              106 B
                              1
                              1

                              DNS Request

                              73.217.130.195.in-addr.arpa

                            • 8.8.8.8:53
                              9.228.82.20.in-addr.arpa
                              dns
                              70 B
                              156 B
                              1
                              1

                              DNS Request

                              9.228.82.20.in-addr.arpa

                            • 8.8.8.8:53
                              security-eu.mimecast.com
                              dns
                              msedge.exe
                              70 B
                              166 B
                              1
                              1

                              DNS Request

                              security-eu.mimecast.com

                              DNS Response

                              195.130.217.78
                              195.130.217.194
                              91.220.42.76
                              195.130.217.193
                              91.220.42.249
                              91.220.42.248

                            • 8.8.8.8:53
                              78.217.130.195.in-addr.arpa
                              dns
                              73 B
                              111 B
                              1
                              1

                              DNS Request

                              78.217.130.195.in-addr.arpa

                            • 8.8.8.8:53
                              g.bing.com
                              dns
                              56 B
                              151 B
                              1
                              1

                              DNS Request

                              g.bing.com

                              DNS Response

                              204.79.197.237
                              13.107.21.237

                            • 8.8.8.8:53
                              67.32.209.4.in-addr.arpa
                              dns
                              70 B
                              156 B
                              1
                              1

                              DNS Request

                              67.32.209.4.in-addr.arpa

                            • 8.8.8.8:53
                              237.197.79.204.in-addr.arpa
                              dns
                              73 B
                              143 B
                              1
                              1

                              DNS Request

                              237.197.79.204.in-addr.arpa

                            • 8.8.8.8:53
                              21.114.53.23.in-addr.arpa
                              dns
                              71 B
                              135 B
                              1
                              1

                              DNS Request

                              21.114.53.23.in-addr.arpa

                            • 8.8.8.8:53
                              205.47.74.20.in-addr.arpa
                              dns
                              71 B
                              157 B
                              1
                              1

                              DNS Request

                              205.47.74.20.in-addr.arpa

                            • 224.0.0.251:5353
                              465 B
                              7
                            • 8.8.8.8:53
                              26.165.165.52.in-addr.arpa
                              dns
                              72 B
                              146 B
                              1
                              1

                              DNS Request

                              26.165.165.52.in-addr.arpa

                            • 8.8.8.8:53
                              18.31.95.13.in-addr.arpa
                              dns
                              70 B
                              144 B
                              1
                              1

                              DNS Request

                              18.31.95.13.in-addr.arpa

                            • 8.8.8.8:53
                              28.143.109.104.in-addr.arpa
                              dns
                              73 B
                              139 B
                              1
                              1

                              DNS Request

                              28.143.109.104.in-addr.arpa

                            • 8.8.8.8:53
                              25.24.18.2.in-addr.arpa
                              dns
                              69 B
                              131 B
                              1
                              1

                              DNS Request

                              25.24.18.2.in-addr.arpa

                            • 8.8.8.8:53
                              11.227.111.52.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              11.227.111.52.in-addr.arpa

                            • 8.8.8.8:53
                              40.173.79.40.in-addr.arpa
                              dns
                              71 B
                              145 B
                              1
                              1

                              DNS Request

                              40.173.79.40.in-addr.arpa

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              8c91c8582b0c918416d14bd7eedd686e

                              SHA1

                              b2ff8149bc21144fdcec64111afda492965c6621

                              SHA256

                              1e839706b748c04adf8efa2790564ca1efd707fdf6451e71af6862e07123717e

                              SHA512

                              a93be868d9f08097bff39069378a0bfa0f5c78e74e9e8df820be9b0426cbfe84e03e9638b329b6142279ed140a120c4c4c21857f410fc4789a370445c3919dcf

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              2579d07b98bbefadc929d80fb3dbd32a

                              SHA1

                              1ceb57c4b81f0f23500e118a4b9a225116a467de

                              SHA256

                              b8443c289ad36568a2bf794ac9ec1f259a9dd930c36680dafc8d0cb4de81feb6

                              SHA512

                              53522ad5e8e2a272d5b1bff9b9226b7d976d47413891c60d7efebd4365baff12b6891e3f79b20e14892ec7c654ad2d437941014290c428c6b1bd78a7b3e557de

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              144B

                              MD5

                              cd14fd451de704329932f6ff68aafccc

                              SHA1

                              84d90f7e4824f82c5db4104e621bb07718f17eab

                              SHA256

                              adba2cf2182a2bfaf176cf59f48c767ce427b110e2517523bb42861907ace682

                              SHA512

                              4722b4a358211747d4c6b589e82163d02768c9815572fa7faf52dd1de4203fd2cc8a952b1f91efa7963562f20dd5245dfd932f4e6e2b7471574daf2d90ae1a39

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              a15ab672b6a4e3422d84a3c81de888a2

                              SHA1

                              62c8f23524037894b71d74289302233777d79827

                              SHA256

                              2dbf25ea57ecf7a005b2e5bedf2305cda94baccbc591c407f6e4c36e9c368efa

                              SHA512

                              333783637502d4d4028d078b96da36609f53d4f860157a62716e126d436a3d8659d892740d7a8130ebaa26a488f0d91ebe1e8845396ef7ebdea4552628d91be3

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              fa53e486bfc2adb9e9236b895f51c2f6

                              SHA1

                              bcec506b0b0499034e4d13f146daf82346cb886a

                              SHA256

                              25013b8bd02a5fe8cd1d9224bd0263dda6ec311e74314f65b4f1e7abe9853e6b

                              SHA512

                              704ce2b1172995e19d524a8f92019c10118c9ca8779b48d9ce2f1e27bab03d6971c17e18c552a4f3f5064c49b635cc4cfdbbaac3953810e516c46a28bc88f317

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              11KB

                              MD5

                              cf402e0fb1eb4d588f8af8c13c7587e0

                              SHA1

                              3666395023aa2a0a112db2b53c1153a73d3902ad

                              SHA256

                              ade595c4b5f3918111769f7e6d48e205f4374a4fb8612276e0910f12850632e6

                              SHA512

                              1114e0e007850cb9895143012481fd93919092b938d38585c05841c62e65c75c87bc29e96d53ec95e97bb27c1c3e644f56f71086f629bba5699456b93eda763d

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.