Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/04/2024, 17:46 UTC

General

  • Target

    https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Malware Config

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Executes dropped EXE 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd718c46f8,0x7ffd718c4708,0x7ffd718c4718
      2⤵
        PID:4720
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:3204
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3048
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
          2⤵
            PID:3932
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:3052
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:1620
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                2⤵
                  PID:3660
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4924
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5500 /prefetch:8
                  2⤵
                    PID:4232
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                    2⤵
                      PID:1808
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2280
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
                      2⤵
                        PID:528
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                        2⤵
                          PID:2680
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
                          2⤵
                            PID:5388
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
                            2⤵
                              PID:5396
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2300
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3276
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4296
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:5612
                                • C:\Users\Admin\Downloads\release\builder.exe
                                  "C:\Users\Admin\Downloads\release\builder.exe"
                                  1⤵
                                    PID:1804
                                  • C:\Users\Admin\Downloads\release\Client-built.exe
                                    "C:\Users\Admin\Downloads\release\Client-built.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:736
                                  • C:\Users\Admin\Downloads\release\Client-built.exe
                                    "C:\Users\Admin\Downloads\release\Client-built.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5944

                                  Network

                                  • flag-us
                                    DNS
                                    136.32.126.40.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    136.32.126.40.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    8.8.8.8.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    8.8.8.8.in-addr.arpa
                                    IN PTR
                                    Response
                                    8.8.8.8.in-addr.arpa
                                    IN PTR
                                    dnsgoogle
                                  • flag-us
                                    DNS
                                    github.com
                                    msedge.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    github.com
                                    IN A
                                    Response
                                    github.com
                                    IN A
                                    20.26.156.215
                                  • flag-gb
                                    GET
                                    https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
                                    msedge.exe
                                    Remote address:
                                    20.26.156.215:443
                                    Request
                                    GET /moom825/Discord-RAT-2.0/releases/download/2.0/release.zip HTTP/2.0
                                    host: github.com
                                    sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                    sec-ch-ua-mobile: ?0
                                    dnt: 1
                                    upgrade-insecure-requests: 1
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                    sec-fetch-site: none
                                    sec-fetch-mode: navigate
                                    sec-fetch-user: ?1
                                    sec-fetch-dest: document
                                    accept-encoding: gzip, deflate, br
                                    accept-language: en-US,en;q=0.9
                                    Response
                                    HTTP/2.0 302
                                    server: GitHub.com
                                    date: Mon, 22 Apr 2024 17:46:45 GMT
                                    content-type: text/html; charset=utf-8
                                    vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                    location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream
                                    cache-control: no-cache
                                    strict-transport-security: max-age=31536000; includeSubdomains; preload
                                    x-frame-options: deny
                                    x-content-type-options: nosniff
                                    x-xss-protection: 0
                                    referrer-policy: no-referrer-when-downgrade
                                    content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
                                    content-length: 0
                                    x-github-request-id: F002:1C6DD9:2724975:29DFBF3:6626A284
                                  • flag-us
                                    DNS
                                    objects.githubusercontent.com
                                    msedge.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    objects.githubusercontent.com
                                    IN A
                                    Response
                                    objects.githubusercontent.com
                                    IN A
                                    185.199.108.133
                                    objects.githubusercontent.com
                                    IN A
                                    185.199.109.133
                                    objects.githubusercontent.com
                                    IN A
                                    185.199.110.133
                                    objects.githubusercontent.com
                                    IN A
                                    185.199.111.133
                                  • flag-us
                                    GET
                                    https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream
                                    msedge.exe
                                    Remote address:
                                    185.199.108.133:443
                                    Request
                                    GET /github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream HTTP/2.0
                                    host: objects.githubusercontent.com
                                    dnt: 1
                                    upgrade-insecure-requests: 1
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                    sec-fetch-site: none
                                    sec-fetch-mode: navigate
                                    sec-fetch-user: ?1
                                    sec-fetch-dest: document
                                    sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                    sec-ch-ua-mobile: ?0
                                    accept-encoding: gzip, deflate, br
                                    accept-language: en-US,en;q=0.9
                                    Response
                                    HTTP/2.0 200
                                    content-type: application/octet-stream
                                    content-md5: BqT81es6Odf1CgcJ3pkA2w==
                                    last-modified: Wed, 03 Aug 2022 20:36:01 GMT
                                    etag: "0x8DA758FC7B7F85D"
                                    server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                    x-ms-request-id: b232cdc1-f01e-0063-5043-657cae000000
                                    x-ms-version: 2020-10-02
                                    x-ms-creation-time: Wed, 03 Aug 2022 20:36:01 GMT
                                    x-ms-lease-status: unlocked
                                    x-ms-lease-state: available
                                    x-ms-blob-type: BlockBlob
                                    content-disposition: attachment; filename=release.zip
                                    x-ms-server-encrypted: true
                                    via: 1.1 varnish, 1.1 varnish
                                    accept-ranges: bytes
                                    age: 391
                                    date: Mon, 22 Apr 2024 17:46:45 GMT
                                    x-served-by: cache-iad-kcgs7200142-IAD, cache-lcy-eglc8600029-LCY
                                    x-cache: HIT, HIT
                                    x-cache-hits: 398, 0
                                    x-timer: S1713808005.409172,VS0,VE320
                                    content-length: 455770
                                  • flag-us
                                    DNS
                                    172.210.232.199.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    172.210.232.199.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    215.156.26.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    215.156.26.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    95.221.229.192.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    95.221.229.192.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    58.55.71.13.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    58.55.71.13.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    133.108.199.185.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    133.108.199.185.in-addr.arpa
                                    IN PTR
                                    Response
                                    133.108.199.185.in-addr.arpa
                                    IN PTR
                                    cdn-185-199-108-133githubcom
                                  • flag-us
                                    DNS
                                    241.154.82.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    241.154.82.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    g.bing.com
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    g.bing.com
                                    IN A
                                    Response
                                    g.bing.com
                                    IN CNAME
                                    g-bing-com.dual-a-0034.a-msedge.net
                                    g-bing-com.dual-a-0034.a-msedge.net
                                    IN CNAME
                                    dual-a-0034.a-msedge.net
                                    dual-a-0034.a-msedge.net
                                    IN A
                                    204.79.197.237
                                    dual-a-0034.a-msedge.net
                                    IN A
                                    13.107.21.237
                                  • flag-us
                                    GET
                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=
                                    Remote address:
                                    204.79.197.237:443
                                    Request
                                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
                                    host: g.bing.com
                                    accept-encoding: gzip, deflate
                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                    Response
                                    HTTP/2.0 204
                                    cache-control: no-cache, must-revalidate
                                    pragma: no-cache
                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                    set-cookie: MUID=1B4BF511FFD1647920E4E178FE31651B; domain=.bing.com; expires=Sat, 17-May-2025 17:46:47 GMT; path=/; SameSite=None; Secure; Priority=High;
                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                    access-control-allow-origin: *
                                    x-cache: CONFIG_NOCACHE
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: FD5523BBE1434C61BE47204AF872683E Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
                                    date: Mon, 22 Apr 2024 17:46:46 GMT
                                  • flag-us
                                    GET
                                    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=
                                    Remote address:
                                    204.79.197.237:443
                                    Request
                                    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
                                    host: g.bing.com
                                    accept-encoding: gzip, deflate
                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                    cookie: MUID=1B4BF511FFD1647920E4E178FE31651B
                                    Response
                                    HTTP/2.0 204
                                    cache-control: no-cache, must-revalidate
                                    pragma: no-cache
                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                    set-cookie: MSPTC=qrgWjtDiUspdVhZ6MweM9Rr1hJ85yrIpBxlSTYYnQNY; domain=.bing.com; expires=Sat, 17-May-2025 17:46:47 GMT; path=/; Partitioned; secure; SameSite=None
                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                    access-control-allow-origin: *
                                    x-cache: CONFIG_NOCACHE
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 25F37CBEF79A486EB0A6C27C7E8A549E Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
                                    date: Mon, 22 Apr 2024 17:46:46 GMT
                                  • flag-us
                                    GET
                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=
                                    Remote address:
                                    204.79.197.237:443
                                    Request
                                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
                                    host: g.bing.com
                                    accept-encoding: gzip, deflate
                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                    cookie: MUID=1B4BF511FFD1647920E4E178FE31651B; MSPTC=qrgWjtDiUspdVhZ6MweM9Rr1hJ85yrIpBxlSTYYnQNY
                                    Response
                                    HTTP/2.0 204
                                    cache-control: no-cache, must-revalidate
                                    pragma: no-cache
                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                    access-control-allow-origin: *
                                    x-cache: CONFIG_NOCACHE
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: AED5B6C4F4D74A0191A91AD43BD11003 Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
                                    date: Mon, 22 Apr 2024 17:46:46 GMT
                                  • flag-us
                                    DNS
                                    67.32.209.4.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    67.32.209.4.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    21.114.53.23.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    21.114.53.23.in-addr.arpa
                                    IN PTR
                                    Response
                                    21.114.53.23.in-addr.arpa
                                    IN PTR
                                    a23-53-114-21deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    237.197.79.204.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    237.197.79.204.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    205.47.74.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    205.47.74.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    104.219.191.52.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    104.219.191.52.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    196.249.167.52.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    196.249.167.52.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    183.59.114.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    183.59.114.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    15.164.165.52.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    15.164.165.52.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    240.221.184.93.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    240.221.184.93.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    82.90.14.23.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    82.90.14.23.in-addr.arpa
                                    IN PTR
                                    Response
                                    82.90.14.23.in-addr.arpa
                                    IN PTR
                                    a23-14-90-82deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    88.156.103.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    88.156.103.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    200.121.18.2.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    200.121.18.2.in-addr.arpa
                                    IN PTR
                                    Response
                                    200.121.18.2.in-addr.arpa
                                    IN PTR
                                    a2-18-121-200deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    tse1.mm.bing.net
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    tse1.mm.bing.net
                                    IN A
                                    Response
                                    tse1.mm.bing.net
                                    IN CNAME
                                    mm-mm.bing.net.trafficmanager.net
                                    mm-mm.bing.net.trafficmanager.net
                                    IN CNAME
                                    dual-a-0001.a-msedge.net
                                    dual-a-0001.a-msedge.net
                                    IN A
                                    204.79.197.200
                                    dual-a-0001.a-msedge.net
                                    IN A
                                    13.107.21.200
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 555746
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: F64C8F01FCAF484BBCDB657650C667B1 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
                                    date: Mon, 22 Apr 2024 17:48:29 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 415458
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 8A17C7CE3F4643DAB4EF304AEEC28BF9 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
                                    date: Mon, 22 Apr 2024 17:48:29 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 659775
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: FA29E8CB6AF74859BE44812A56CC7DE0 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
                                    date: Mon, 22 Apr 2024 17:48:29 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 621794
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 85265D5990EC4AD6B9C61C98C20E1D65 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
                                    date: Mon, 22 Apr 2024 17:48:29 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 638730
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: C7034AEF8F424F7DAFF518E41B01ADF8 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
                                    date: Mon, 22 Apr 2024 17:48:29 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 430689
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: D3DFC93B79B04BC99DDD29856AD58D1F Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
                                    date: Mon, 22 Apr 2024 17:48:30 GMT
                                  • flag-us
                                    DNS
                                    gateway.discord.gg
                                    Client-built.exe
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    gateway.discord.gg
                                    IN A
                                    Response
                                    gateway.discord.gg
                                    IN A
                                    162.159.136.234
                                    gateway.discord.gg
                                    IN A
                                    162.159.135.234
                                    gateway.discord.gg
                                    IN A
                                    162.159.134.234
                                    gateway.discord.gg
                                    IN A
                                    162.159.133.234
                                    gateway.discord.gg
                                    IN A
                                    162.159.130.234
                                  • flag-us
                                    GET
                                    https://gateway.discord.gg/?v=9&encording=json
                                    Client-built.exe
                                    Remote address:
                                    162.159.136.234:443
                                    Request
                                    GET /?v=9&encording=json HTTP/1.1
                                    Connection: Upgrade,Keep-Alive
                                    Upgrade: websocket
                                    Sec-WebSocket-Key: n/+Eup5Uguti5jE0eRszig==
                                    Sec-WebSocket-Version: 13
                                    Host: gateway.discord.gg
                                    Response
                                    HTTP/1.1 101 Switching Protocols
                                    Date: Mon, 22 Apr 2024 17:48:44 GMT
                                    Connection: upgrade
                                    sec-websocket-accept: bbC1tqODA32sv4BxW5ajJ73qbMA=
                                    upgrade: websocket
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2FIFlGYU8lo%2FTzrT6rs3f4GMkxZQkdxbQaiRrqTn0L9EsHLD5ylWPyVHA2E89x5fi93ofDNk34aPwyNb4qZIJJXbIYfujQLuvs45Vc%2B%2FUpEZtBK%2FWqBKe%2F7dGOHSXN8XoeGqbg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                    X-Content-Type-Options: nosniff
                                    Server: cloudflare
                                    CF-RAY: 87877246b8097695-LHR
                                  • flag-us
                                    DNS
                                    234.136.159.162.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    234.136.159.162.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    GET
                                    https://gateway.discord.gg/?v=9&encording=json
                                    Client-built.exe
                                    Remote address:
                                    162.159.136.234:443
                                    Request
                                    GET /?v=9&encording=json HTTP/1.1
                                    Connection: Upgrade,Keep-Alive
                                    Upgrade: websocket
                                    Sec-WebSocket-Key: 1gQGP/1zgzt5O7AQB7VZeg==
                                    Sec-WebSocket-Version: 13
                                    Host: gateway.discord.gg
                                    Response
                                    HTTP/1.1 101 Switching Protocols
                                    Date: Mon, 22 Apr 2024 17:49:04 GMT
                                    Connection: upgrade
                                    sec-websocket-accept: CstGx/LN+zOvYGNYWjnN7jPRk1I=
                                    upgrade: websocket
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mt%2BIdDFdgHdGASi0aOOSHXeVhKud%2BzR6lv1M1o2RIMgp6lwpIU4vMnYeesMKIVbYY13kz5qhx87Cs9hgP2zNxJ2VDxNejbOyRXHokDg8yiiUz9CdQqeqOYD6SbIxOJzzEyYJrg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                    X-Content-Type-Options: nosniff
                                    Server: cloudflare
                                    CF-RAY: 878772c71f849559-LHR
                                  • 20.26.156.215:443
                                    https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
                                    tls, http2
                                    msedge.exe
                                    2.0kB
                                    8.2kB
                                    17
                                    14

                                    HTTP Request

                                    GET https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

                                    HTTP Response

                                    302
                                  • 185.199.108.133:443
                                    https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream
                                    tls, http2
                                    msedge.exe
                                    9.8kB
                                    475.8kB
                                    181
                                    351

                                    HTTP Request

                                    GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream

                                    HTTP Response

                                    200
                                  • 204.79.197.237:443
                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=
                                    tls, http2
                                    2.0kB
                                    9.2kB
                                    21
                                    19

                                    HTTP Request

                                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

                                    HTTP Response

                                    204

                                    HTTP Request

                                    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

                                    HTTP Response

                                    204

                                    HTTP Request

                                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

                                    HTTP Response

                                    204
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    1.2kB
                                    8.1kB
                                    16
                                    14
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    1.2kB
                                    8.1kB
                                    16
                                    14
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    1.5kB
                                    8.0kB
                                    16
                                    10
                                  • 204.79.197.200:443
                                    https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                    tls, http2
                                    123.4kB
                                    3.4MB
                                    2507
                                    2503

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                    HTTP Response

                                    200

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    1.2kB
                                    8.0kB
                                    16
                                    12
                                  • 162.159.136.234:443
                                    https://gateway.discord.gg/?v=9&encording=json
                                    tls, http
                                    Client-built.exe
                                    1.1kB
                                    4.2kB
                                    10
                                    12

                                    HTTP Request

                                    GET https://gateway.discord.gg/?v=9&encording=json

                                    HTTP Response

                                    101
                                  • 162.159.136.234:443
                                    https://gateway.discord.gg/?v=9&encording=json
                                    tls, http
                                    Client-built.exe
                                    1.4kB
                                    4.5kB
                                    12
                                    13

                                    HTTP Request

                                    GET https://gateway.discord.gg/?v=9&encording=json

                                    HTTP Response

                                    101
                                  • 8.8.8.8:53
                                    136.32.126.40.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    136.32.126.40.in-addr.arpa

                                  • 8.8.8.8:53
                                    8.8.8.8.in-addr.arpa
                                    dns
                                    66 B
                                    90 B
                                    1
                                    1

                                    DNS Request

                                    8.8.8.8.in-addr.arpa

                                  • 8.8.8.8:53
                                    github.com
                                    dns
                                    msedge.exe
                                    56 B
                                    72 B
                                    1
                                    1

                                    DNS Request

                                    github.com

                                    DNS Response

                                    20.26.156.215

                                  • 8.8.8.8:53
                                    objects.githubusercontent.com
                                    dns
                                    msedge.exe
                                    75 B
                                    139 B
                                    1
                                    1

                                    DNS Request

                                    objects.githubusercontent.com

                                    DNS Response

                                    185.199.108.133
                                    185.199.109.133
                                    185.199.110.133
                                    185.199.111.133

                                  • 8.8.8.8:53
                                    172.210.232.199.in-addr.arpa
                                    dns
                                    74 B
                                    128 B
                                    1
                                    1

                                    DNS Request

                                    172.210.232.199.in-addr.arpa

                                  • 8.8.8.8:53
                                    215.156.26.20.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    215.156.26.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    95.221.229.192.in-addr.arpa
                                    dns
                                    73 B
                                    144 B
                                    1
                                    1

                                    DNS Request

                                    95.221.229.192.in-addr.arpa

                                  • 224.0.0.251:5353
                                    502 B
                                    8
                                  • 8.8.8.8:53
                                    58.55.71.13.in-addr.arpa
                                    dns
                                    70 B
                                    144 B
                                    1
                                    1

                                    DNS Request

                                    58.55.71.13.in-addr.arpa

                                  • 8.8.8.8:53
                                    133.108.199.185.in-addr.arpa
                                    dns
                                    74 B
                                    118 B
                                    1
                                    1

                                    DNS Request

                                    133.108.199.185.in-addr.arpa

                                  • 8.8.8.8:53
                                    241.154.82.20.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    241.154.82.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    g.bing.com
                                    dns
                                    56 B
                                    151 B
                                    1
                                    1

                                    DNS Request

                                    g.bing.com

                                    DNS Response

                                    204.79.197.237
                                    13.107.21.237

                                  • 8.8.8.8:53
                                    67.32.209.4.in-addr.arpa
                                    dns
                                    70 B
                                    156 B
                                    1
                                    1

                                    DNS Request

                                    67.32.209.4.in-addr.arpa

                                  • 8.8.8.8:53
                                    21.114.53.23.in-addr.arpa
                                    dns
                                    71 B
                                    135 B
                                    1
                                    1

                                    DNS Request

                                    21.114.53.23.in-addr.arpa

                                  • 8.8.8.8:53
                                    237.197.79.204.in-addr.arpa
                                    dns
                                    73 B
                                    143 B
                                    1
                                    1

                                    DNS Request

                                    237.197.79.204.in-addr.arpa

                                  • 8.8.8.8:53
                                    205.47.74.20.in-addr.arpa
                                    dns
                                    71 B
                                    157 B
                                    1
                                    1

                                    DNS Request

                                    205.47.74.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    104.219.191.52.in-addr.arpa
                                    dns
                                    73 B
                                    147 B
                                    1
                                    1

                                    DNS Request

                                    104.219.191.52.in-addr.arpa

                                  • 8.8.8.8:53
                                    196.249.167.52.in-addr.arpa
                                    dns
                                    73 B
                                    147 B
                                    1
                                    1

                                    DNS Request

                                    196.249.167.52.in-addr.arpa

                                  • 8.8.8.8:53
                                    183.59.114.20.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    183.59.114.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    15.164.165.52.in-addr.arpa
                                    dns
                                    72 B
                                    146 B
                                    1
                                    1

                                    DNS Request

                                    15.164.165.52.in-addr.arpa

                                  • 8.8.8.8:53
                                    240.221.184.93.in-addr.arpa
                                    dns
                                    73 B
                                    144 B
                                    1
                                    1

                                    DNS Request

                                    240.221.184.93.in-addr.arpa

                                  • 8.8.8.8:53
                                    82.90.14.23.in-addr.arpa
                                    dns
                                    70 B
                                    133 B
                                    1
                                    1

                                    DNS Request

                                    82.90.14.23.in-addr.arpa

                                  • 8.8.8.8:53
                                    88.156.103.20.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    88.156.103.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    200.121.18.2.in-addr.arpa
                                    dns
                                    71 B
                                    135 B
                                    1
                                    1

                                    DNS Request

                                    200.121.18.2.in-addr.arpa

                                  • 8.8.8.8:53
                                    tse1.mm.bing.net
                                    dns
                                    62 B
                                    173 B
                                    1
                                    1

                                    DNS Request

                                    tse1.mm.bing.net

                                    DNS Response

                                    204.79.197.200
                                    13.107.21.200

                                  • 8.8.8.8:53
                                    gateway.discord.gg
                                    dns
                                    Client-built.exe
                                    64 B
                                    144 B
                                    1
                                    1

                                    DNS Request

                                    gateway.discord.gg

                                    DNS Response

                                    162.159.136.234
                                    162.159.135.234
                                    162.159.134.234
                                    162.159.133.234
                                    162.159.130.234

                                  • 8.8.8.8:53
                                    234.136.159.162.in-addr.arpa
                                    dns
                                    74 B
                                    136 B
                                    1
                                    1

                                    DNS Request

                                    234.136.159.162.in-addr.arpa

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    7b56675b54840d86d49bde5a1ff8af6a

                                    SHA1

                                    fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

                                    SHA256

                                    86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

                                    SHA512

                                    11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    48cff1baabb24706967de3b0d6869906

                                    SHA1

                                    b0cd54f587cd4c88e60556347930cb76991e6734

                                    SHA256

                                    f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

                                    SHA512

                                    fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    265B

                                    MD5

                                    f5cd008cf465804d0e6f39a8d81f9a2d

                                    SHA1

                                    6b2907356472ed4a719e5675cc08969f30adc855

                                    SHA256

                                    fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

                                    SHA512

                                    dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    79e8cd4869d2c6b46b03a927e1c30717

                                    SHA1

                                    64fcf282c708d8790727e3d4fdd0001869dab515

                                    SHA256

                                    400d576e26384ea9119568a1e37946a99fbe15b663606b03e9fc908f197d505d

                                    SHA512

                                    517fd52836491055daa7474523cb9a777fd6bc6cb725fc738f36d26c9cb8b51cf4bd8ca182fe969332a7a9f6d9504e355f6ab624ba03f0e8ef56704c0356042f

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    81be4dbbabff94ff9d787870467c40ff

                                    SHA1

                                    0589ae4bb6a725112d148a939f425ed0a9118f8e

                                    SHA256

                                    ec298d79fa8e735f78f42d71799ac1be3c3e32156b93cea2f4aedf05d6aa1f94

                                    SHA512

                                    be525c4126918544f1698cd2cee62d7b4eb2788647991eba6b64c60ce01846964ad2542128c23a45724fbdc470ae638ca478836046d3dd10f6112e1dca88526c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    11KB

                                    MD5

                                    9a9dc7b126ed23c36c974335d5eb68ac

                                    SHA1

                                    3772797544d84dea9e367e3fa72dab0a533d6483

                                    SHA256

                                    32e798752b2e3b0639a7f6754cace57d1f37ec1c06aafd7a55ef8e95523b726a

                                    SHA512

                                    5aea3405ac9d25604c9c6096a7c21028ebec451b47aed020830c46f879cd5e9006e270a33b94740d82ba2ba24bf500319d8777a4bd8e2a5aac13ee948cb28623

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    11KB

                                    MD5

                                    f60a199d07c5e65ccefb842589d6eda5

                                    SHA1

                                    a4ee1febf5aa2cedbd3fd4b60d397bc7905bcc55

                                    SHA256

                                    1bb0aa1695a4caa2cb1d347e46c66183af27c951eb693d9a3f97add7b2b18b3c

                                    SHA512

                                    97038cd0f5249d0aaa5c64fe77e6f820b761cd64ae97a31738f63f333216d11ca62dbc6ae31834a626193108ac12d6a24d4f36986b59668f19dc4d6bc5f56a50

                                  • C:\Users\Admin\Downloads\release.zip

                                    Filesize

                                    445KB

                                    MD5

                                    06a4fcd5eb3a39d7f50a0709de9900db

                                    SHA1

                                    50d089e915f69313a5187569cda4e6dec2d55ca7

                                    SHA256

                                    c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

                                    SHA512

                                    75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

                                  • C:\Users\Admin\Downloads\release\Client-built.exe

                                    Filesize

                                    78KB

                                    MD5

                                    5fa78b19ae158350ead3ef50feb6a7a2

                                    SHA1

                                    57d57ca525968fd9d5a9ee38e783e288896caa01

                                    SHA256

                                    1d4914ee768fbaf1b82a860ace972a01338c12a05ff7dbdde42bfab43b21a4d5

                                    SHA512

                                    c0d0803b5ceaa4c3013132ead8d8a95faae4a01933c41cb4c998572c2a31c971faab5bb2c488aee8d73a16a0037a78e09130e1ecd2804c40f0665399c404c00e

                                  • memory/736-127-0x0000029751BC0000-0x0000029751D82000-memory.dmp

                                    Filesize

                                    1.8MB

                                  • memory/736-130-0x00000297523E0000-0x0000029752908000-memory.dmp

                                    Filesize

                                    5.2MB

                                  • memory/736-139-0x0000029751A70000-0x0000029751A80000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/736-135-0x00007FFD5C0A0000-0x00007FFD5CB61000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/736-129-0x0000029751A70000-0x0000029751A80000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/736-128-0x00007FFD5C0A0000-0x00007FFD5CB61000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/736-126-0x0000029737680000-0x0000029737698000-memory.dmp

                                    Filesize

                                    96KB

                                  • memory/1804-123-0x0000000004D00000-0x0000000004D10000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/1804-92-0x0000000074FE0000-0x0000000075790000-memory.dmp

                                    Filesize

                                    7.7MB

                                  • memory/1804-121-0x0000000007D60000-0x0000000007E82000-memory.dmp

                                    Filesize

                                    1.1MB

                                  • memory/1804-91-0x00000000000A0000-0x00000000000A8000-memory.dmp

                                    Filesize

                                    32KB

                                  • memory/1804-120-0x0000000074FE0000-0x0000000075790000-memory.dmp

                                    Filesize

                                    7.7MB

                                  • memory/1804-93-0x0000000005050000-0x00000000055F4000-memory.dmp

                                    Filesize

                                    5.6MB

                                  • memory/1804-94-0x0000000004AA0000-0x0000000004B32000-memory.dmp

                                    Filesize

                                    584KB

                                  • memory/1804-96-0x0000000004C40000-0x0000000004C4A000-memory.dmp

                                    Filesize

                                    40KB

                                  • memory/1804-95-0x0000000004D00000-0x0000000004D10000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/5944-137-0x00007FFD5C0A0000-0x00007FFD5CB61000-memory.dmp

                                    Filesize

                                    10.8MB

                                  • memory/5944-138-0x00000226D8C40000-0x00000226D8C50000-memory.dmp

                                    Filesize

                                    64KB

                                  We care about your privacy.

                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.