Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
22/04/2024, 17:46 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
Resource
win10v2004-20240412-en
General
-
Target
https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
Malware Config
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Executes dropped EXE 2 IoCs
pid Process 736 Client-built.exe 5944 Client-built.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3048 msedge.exe 3048 msedge.exe 1056 msedge.exe 1056 msedge.exe 4924 identity_helper.exe 4924 identity_helper.exe 2280 msedge.exe 2280 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 736 Client-built.exe Token: SeDebugPrivilege 5944 Client-built.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1056 wrote to memory of 4720 1056 msedge.exe 86 PID 1056 wrote to memory of 4720 1056 msedge.exe 86 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3048 1056 msedge.exe 88 PID 1056 wrote to memory of 3048 1056 msedge.exe 88 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd718c46f8,0x7ffd718c4708,0x7ffd718c47182⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5500 /prefetch:82⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2300
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3276
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4296
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5612
-
C:\Users\Admin\Downloads\release\builder.exe"C:\Users\Admin\Downloads\release\builder.exe"1⤵PID:1804
-
C:\Users\Admin\Downloads\release\Client-built.exe"C:\Users\Admin\Downloads\release\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:736
-
C:\Users\Admin\Downloads\release\Client-built.exe"C:\Users\Admin\Downloads\release\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5944
Network
-
Remote address:8.8.8.8:53Request136.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestgithub.comIN AResponsegithub.comIN A20.26.156.215
-
Remote address:20.26.156.215:443RequestGET /moom825/Discord-RAT-2.0/releases/download/2.0/release.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
date: Mon, 22 Apr 2024 17:46:45 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: F002:1C6DD9:2724975:29DFBF3:6626A284
-
Remote address:8.8.8.8:53Requestobjects.githubusercontent.comIN AResponseobjects.githubusercontent.comIN A185.199.108.133objects.githubusercontent.comIN A185.199.109.133objects.githubusercontent.comIN A185.199.110.133objects.githubusercontent.comIN A185.199.111.133
-
GEThttps://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-streammsedge.exeRemote address:185.199.108.133:443RequestGET /github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream HTTP/2.0
host: objects.githubusercontent.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-md5: BqT81es6Odf1CgcJ3pkA2w==
last-modified: Wed, 03 Aug 2022 20:36:01 GMT
etag: "0x8DA758FC7B7F85D"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b232cdc1-f01e-0063-5043-657cae000000
x-ms-version: 2020-10-02
x-ms-creation-time: Wed, 03 Aug 2022 20:36:01 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=release.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 391
date: Mon, 22 Apr 2024 17:46:45 GMT
x-served-by: cache-iad-kcgs7200142-IAD, cache-lcy-eglc8600029-LCY
x-cache: HIT, HIT
x-cache-hits: 398, 0
x-timer: S1713808005.409172,VS0,VE320
content-length: 455770
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request215.156.26.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.108.199.185.in-addr.arpaIN PTRResponse133.108.199.185.in-addr.arpaIN PTRcdn-185-199-108-133githubcom
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1B4BF511FFD1647920E4E178FE31651B; domain=.bing.com; expires=Sat, 17-May-2025 17:46:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FD5523BBE1434C61BE47204AF872683E Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
date: Mon, 22 Apr 2024 17:46:46 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1B4BF511FFD1647920E4E178FE31651B
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=qrgWjtDiUspdVhZ6MweM9Rr1hJ85yrIpBxlSTYYnQNY; domain=.bing.com; expires=Sat, 17-May-2025 17:46:47 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 25F37CBEF79A486EB0A6C27C7E8A549E Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
date: Mon, 22 Apr 2024 17:46:46 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1B4BF511FFD1647920E4E178FE31651B; MSPTC=qrgWjtDiUspdVhZ6MweM9Rr1hJ85yrIpBxlSTYYnQNY
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AED5B6C4F4D74A0191A91AD43BD11003 Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
date: Mon, 22 Apr 2024 17:46:46 GMT
-
Remote address:8.8.8.8:53Request67.32.209.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request21.114.53.23.in-addr.arpaIN PTRResponse21.114.53.23.in-addr.arpaIN PTRa23-53-114-21deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request82.90.14.23.in-addr.arpaIN PTRResponse82.90.14.23.in-addr.arpaIN PTRa23-14-90-82deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.121.18.2.in-addr.arpaIN PTRResponse200.121.18.2.in-addr.arpaIN PTRa2-18-121-200deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 555746
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F64C8F01FCAF484BBCDB657650C667B1 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8A17C7CE3F4643DAB4EF304AEEC28BF9 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA29E8CB6AF74859BE44812A56CC7DE0 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 85265D5990EC4AD6B9C61C98C20E1D65 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 638730
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C7034AEF8F424F7DAFF518E41B01ADF8 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D3DFC93B79B04BC99DDD29856AD58D1F Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:30 GMT
-
Remote address:8.8.8.8:53Requestgateway.discord.ggIN AResponsegateway.discord.ggIN A162.159.136.234gateway.discord.ggIN A162.159.135.234gateway.discord.ggIN A162.159.134.234gateway.discord.ggIN A162.159.133.234gateway.discord.ggIN A162.159.130.234
-
Remote address:162.159.136.234:443RequestGET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: n/+Eup5Uguti5jE0eRszig==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg
ResponseHTTP/1.1 101 Switching Protocols
Connection: upgrade
sec-websocket-accept: bbC1tqODA32sv4BxW5ajJ73qbMA=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2FIFlGYU8lo%2FTzrT6rs3f4GMkxZQkdxbQaiRrqTn0L9EsHLD5ylWPyVHA2E89x5fi93ofDNk34aPwyNb4qZIJJXbIYfujQLuvs45Vc%2B%2FUpEZtBK%2FWqBKe%2F7dGOHSXN8XoeGqbg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87877246b8097695-LHR
-
Remote address:8.8.8.8:53Request234.136.159.162.in-addr.arpaIN PTRResponse
-
Remote address:162.159.136.234:443RequestGET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: 1gQGP/1zgzt5O7AQB7VZeg==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg
ResponseHTTP/1.1 101 Switching Protocols
Connection: upgrade
sec-websocket-accept: CstGx/LN+zOvYGNYWjnN7jPRk1I=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mt%2BIdDFdgHdGASi0aOOSHXeVhKud%2BzR6lv1M1o2RIMgp6lwpIU4vMnYeesMKIVbYY13kz5qhx87Cs9hgP2zNxJ2VDxNejbOyRXHokDg8yiiUz9CdQqeqOYD6SbIxOJzzEyYJrg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 878772c71f849559-LHR
-
20.26.156.215:443https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.ziptls, http2msedge.exe2.0kB 8.2kB 17 14
HTTP Request
GET https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zipHTTP Response
302 -
185.199.108.133:443https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-streamtls, http2msedge.exe9.8kB 475.8kB 181 351
HTTP Request
GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-streamHTTP Response
200 -
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=tls, http22.0kB 9.2kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=HTTP Response
204 -
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 14
-
1.5kB 8.0kB 16 10
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2123.4kB 3.4MB 2507 2503
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200 -
1.2kB 8.0kB 16 12
-
1.1kB 4.2kB 10 12
HTTP Request
GET https://gateway.discord.gg/?v=9&encording=jsonHTTP Response
101 -
1.4kB 4.5kB 12 13
HTTP Request
GET https://gateway.discord.gg/?v=9&encording=jsonHTTP Response
101
-
72 B 158 B 1 1
DNS Request
136.32.126.40.in-addr.arpa
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
56 B 72 B 1 1
DNS Request
github.com
DNS Response
20.26.156.215
-
75 B 139 B 1 1
DNS Request
objects.githubusercontent.com
DNS Response
185.199.108.133185.199.109.133185.199.110.133185.199.111.133
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
215.156.26.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
502 B 8
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
74 B 118 B 1 1
DNS Request
133.108.199.185.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
70 B 156 B 1 1
DNS Request
67.32.209.4.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
21.114.53.23.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
205.47.74.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
82.90.14.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
200.121.18.2.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
64 B 144 B 1 1
DNS Request
gateway.discord.gg
DNS Response
162.159.136.234162.159.135.234162.159.134.234162.159.133.234162.159.130.234
-
74 B 136 B 1 1
DNS Request
234.136.159.162.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57b56675b54840d86d49bde5a1ff8af6a
SHA1fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811
SHA25686af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929
SHA51211fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9
-
Filesize
152B
MD548cff1baabb24706967de3b0d6869906
SHA1b0cd54f587cd4c88e60556347930cb76991e6734
SHA256f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775
SHA512fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6
-
Filesize
265B
MD5f5cd008cf465804d0e6f39a8d81f9a2d
SHA16b2907356472ed4a719e5675cc08969f30adc855
SHA256fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d
SHA512dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d
-
Filesize
6KB
MD579e8cd4869d2c6b46b03a927e1c30717
SHA164fcf282c708d8790727e3d4fdd0001869dab515
SHA256400d576e26384ea9119568a1e37946a99fbe15b663606b03e9fc908f197d505d
SHA512517fd52836491055daa7474523cb9a777fd6bc6cb725fc738f36d26c9cb8b51cf4bd8ca182fe969332a7a9f6d9504e355f6ab624ba03f0e8ef56704c0356042f
-
Filesize
6KB
MD581be4dbbabff94ff9d787870467c40ff
SHA10589ae4bb6a725112d148a939f425ed0a9118f8e
SHA256ec298d79fa8e735f78f42d71799ac1be3c3e32156b93cea2f4aedf05d6aa1f94
SHA512be525c4126918544f1698cd2cee62d7b4eb2788647991eba6b64c60ce01846964ad2542128c23a45724fbdc470ae638ca478836046d3dd10f6112e1dca88526c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59a9dc7b126ed23c36c974335d5eb68ac
SHA13772797544d84dea9e367e3fa72dab0a533d6483
SHA25632e798752b2e3b0639a7f6754cace57d1f37ec1c06aafd7a55ef8e95523b726a
SHA5125aea3405ac9d25604c9c6096a7c21028ebec451b47aed020830c46f879cd5e9006e270a33b94740d82ba2ba24bf500319d8777a4bd8e2a5aac13ee948cb28623
-
Filesize
11KB
MD5f60a199d07c5e65ccefb842589d6eda5
SHA1a4ee1febf5aa2cedbd3fd4b60d397bc7905bcc55
SHA2561bb0aa1695a4caa2cb1d347e46c66183af27c951eb693d9a3f97add7b2b18b3c
SHA51297038cd0f5249d0aaa5c64fe77e6f820b761cd64ae97a31738f63f333216d11ca62dbc6ae31834a626193108ac12d6a24d4f36986b59668f19dc4d6bc5f56a50
-
Filesize
445KB
MD506a4fcd5eb3a39d7f50a0709de9900db
SHA150d089e915f69313a5187569cda4e6dec2d55ca7
SHA256c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97
SHA51275e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b
-
Filesize
78KB
MD55fa78b19ae158350ead3ef50feb6a7a2
SHA157d57ca525968fd9d5a9ee38e783e288896caa01
SHA2561d4914ee768fbaf1b82a860ace972a01338c12a05ff7dbdde42bfab43b21a4d5
SHA512c0d0803b5ceaa4c3013132ead8d8a95faae4a01933c41cb4c998572c2a31c971faab5bb2c488aee8d73a16a0037a78e09130e1ecd2804c40f0665399c404c00e