Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

21/07/2024, 11:29 UTC

240721-nlvl9aygqb 6

21/07/2024, 11:22 UTC

240721-ngvrfs1dkr 10

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 11:22 UTC

General

  • Target

    https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/NoMoreRansom.zip

Malware Config

Signatures

  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 46 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/NoMoreRansom.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3532
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff904346f8,0x7fff90434708,0x7fff90434718
      2⤵
        PID:4076
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:824
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
          2⤵
            PID:1048
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
            2⤵
              PID:432
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:3684
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
                2⤵
                  PID:4940
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1740
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4724 /prefetch:8
                  2⤵
                    PID:2332
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                    2⤵
                      PID:4572
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4152
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2112
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4188
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:916
                        • C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe
                          "C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe"
                          1⤵
                          • Adds Run key to start application
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3712
                        • C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe
                          "C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe"
                          1⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1544
                        • C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe
                          "C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe"
                          1⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4552
                        • C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe
                          "C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe"
                          1⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4016
                        • C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe
                          "C:\Users\Admin\Desktop\Endermanch@NoMoreRansom.exe"
                          1⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4180
                        • C:\Windows\system32\taskmgr.exe
                          "C:\Windows\system32\taskmgr.exe" /7
                          1⤵
                          • Checks SCSI registry key(s)
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          PID:2256
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe"
                          1⤵
                          • Enumerates system info in registry
                          • Modifies data under HKEY_USERS
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1908
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff80e0cc40,0x7fff80e0cc4c,0x7fff80e0cc58
                            2⤵
                              PID:1020
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1740,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1736 /prefetch:2
                              2⤵
                                PID:4052
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2176 /prefetch:3
                                2⤵
                                  PID:1264
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2456 /prefetch:8
                                  2⤵
                                    PID:1168
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
                                    2⤵
                                      PID:3648
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3392,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3412 /prefetch:1
                                      2⤵
                                        PID:1720
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4516 /prefetch:1
                                        2⤵
                                          PID:4368
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4840 /prefetch:8
                                          2⤵
                                            PID:920
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8
                                            2⤵
                                              PID:3224
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5324,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5376 /prefetch:1
                                              2⤵
                                                PID:6052
                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                              1⤵
                                                PID:3692
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                1⤵
                                                  PID:4528

                                                Network

                                                • flag-us
                                                  DNS
                                                  github.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  github.com
                                                  IN A
                                                  Response
                                                  github.com
                                                  IN A
                                                  20.26.156.215
                                                • flag-gb
                                                  GET
                                                  https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/NoMoreRansom.zip
                                                  msedge.exe
                                                  Remote address:
                                                  20.26.156.215:443
                                                  Request
                                                  GET /Endermanch/MalwareDatabase/raw/master/ransomwares/NoMoreRansom.zip HTTP/2.0
                                                  host: github.com
                                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                                  sec-ch-ua-mobile: ?0
                                                  dnt: 1
                                                  upgrade-insecure-requests: 1
                                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                  sec-fetch-site: none
                                                  sec-fetch-mode: navigate
                                                  sec-fetch-user: ?1
                                                  sec-fetch-dest: document
                                                  accept-encoding: gzip, deflate, br
                                                  accept-language: en-US,en;q=0.9
                                                  Response
                                                  HTTP/2.0 302
                                                  server: GitHub.com
                                                  date: Sun, 21 Jul 2024 11:22:49 GMT
                                                  content-type: text/html; charset=utf-8
                                                  vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                  access-control-allow-origin:
                                                  location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/NoMoreRansom.zip
                                                  cache-control: no-cache
                                                  strict-transport-security: max-age=31536000; includeSubdomains; preload
                                                  x-frame-options: deny
                                                  x-content-type-options: nosniff
                                                  x-xss-protection: 0
                                                  referrer-policy: no-referrer-when-downgrade
                                                  content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
                                                  content-length: 0
                                                  x-github-request-id: D633:14DB61:259EB86:2A22F52:669CEF89
                                                • flag-us
                                                  DNS
                                                  raw.githubusercontent.com
                                                  msedge.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  raw.githubusercontent.com
                                                  IN A
                                                  Response
                                                  raw.githubusercontent.com
                                                  IN A
                                                  185.199.108.133
                                                  raw.githubusercontent.com
                                                  IN A
                                                  185.199.109.133
                                                  raw.githubusercontent.com
                                                  IN A
                                                  185.199.111.133
                                                  raw.githubusercontent.com
                                                  IN A
                                                  185.199.110.133
                                                • flag-us
                                                  GET
                                                  https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/NoMoreRansom.zip
                                                  msedge.exe
                                                  Remote address:
                                                  185.199.108.133:443
                                                  Request
                                                  GET /Endermanch/MalwareDatabase/master/ransomwares/NoMoreRansom.zip HTTP/2.0
                                                  host: raw.githubusercontent.com
                                                  dnt: 1
                                                  upgrade-insecure-requests: 1
                                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                  sec-fetch-site: none
                                                  sec-fetch-mode: navigate
                                                  sec-fetch-user: ?1
                                                  sec-fetch-dest: document
                                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                                  sec-ch-ua-mobile: ?0
                                                  accept-encoding: gzip, deflate, br
                                                  accept-language: en-US,en;q=0.9
                                                  Response
                                                  HTTP/2.0 200
                                                  cache-control: max-age=300
                                                  content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                  content-type: application/zip
                                                  etag: W/"2c2e0f8071b5f5c50b750de55dec04d3c4c06319c150c609825afcb049b48fad"
                                                  strict-transport-security: max-age=31536000
                                                  x-content-type-options: nosniff
                                                  x-frame-options: deny
                                                  x-xss-protection: 1; mode=block
                                                  x-github-request-id: C768:854E4:2CD24E:3901BF:669CEF88
                                                  accept-ranges: bytes
                                                  date: Sun, 21 Jul 2024 11:22:49 GMT
                                                  via: 1.1 varnish
                                                  x-served-by: cache-lon4267-LON
                                                  x-cache: MISS
                                                  x-cache-hits: 0
                                                  x-timer: S1721560970.823009,VS0,VE153
                                                  vary: Authorization,Accept-Encoding,Origin
                                                  access-control-allow-origin: *
                                                  cross-origin-resource-policy: cross-origin
                                                  x-fastly-request-id: 9d4998aa03ed4300d402d0d589a3fb5e39f19ee9
                                                  expires: Sun, 21 Jul 2024 11:27:49 GMT
                                                  source-age: 0
                                                  content-length: 938498
                                                • flag-us
                                                  DNS
                                                  104.219.191.52.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  104.219.191.52.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  215.156.26.20.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  215.156.26.20.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  240.143.123.92.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  240.143.123.92.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  240.143.123.92.in-addr.arpa
                                                  IN PTR
                                                  a92-123-143-240deploystaticakamaitechnologiescom
                                                • flag-us
                                                  DNS
                                                  133.32.126.40.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  133.32.126.40.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  133.108.199.185.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  133.108.199.185.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  133.108.199.185.in-addr.arpa
                                                  IN PTR
                                                  cdn-185-199-108-133githubcom
                                                • flag-us
                                                  DNS
                                                  88.156.103.20.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  88.156.103.20.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  232.168.11.51.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  232.168.11.51.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  244.244.23.193.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  244.244.23.193.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  244.244.23.193.in-addr.arpa
                                                  IN PTR
                                                  dannenbergtorauthde
                                                • flag-us
                                                  DNS
                                                  157.123.68.40.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  157.123.68.40.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  206.23.85.13.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  206.23.85.13.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  147.142.123.92.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  147.142.123.92.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  147.142.123.92.in-addr.arpa
                                                  IN PTR
                                                  a92-123-142-147deploystaticakamaitechnologiescom
                                                • flag-us
                                                  DNS
                                                  26.35.223.20.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  26.35.223.20.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  www.google.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  www.google.com
                                                  IN A
                                                  Response
                                                  www.google.com
                                                  IN A
                                                  142.250.180.4
                                                • flag-us
                                                  DNS
                                                  3.178.250.142.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  3.178.250.142.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  3.178.250.142.in-addr.arpa
                                                  IN PTR
                                                  lhr48s27-in-f31e100net
                                                • flag-us
                                                  DNS
                                                  10.180.250.142.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  10.180.250.142.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  10.180.250.142.in-addr.arpa
                                                  IN PTR
                                                  lhr25s32-in-f101e100net
                                                • flag-us
                                                  DNS
                                                  4.180.250.142.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  4.180.250.142.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  4.180.250.142.in-addr.arpa
                                                  IN PTR
                                                  lhr25s32-in-f41e100net
                                                • flag-us
                                                  DNS
                                                  clients2.google.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  clients2.google.com
                                                  IN A
                                                  Response
                                                  clients2.google.com
                                                  IN CNAME
                                                  clients.l.google.com
                                                  clients.l.google.com
                                                  IN A
                                                  172.217.16.238
                                                • flag-us
                                                  DNS
                                                  238.16.217.172.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  238.16.217.172.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  238.16.217.172.in-addr.arpa
                                                  IN PTR
                                                  lhr48s28-in-f141e100net
                                                  238.16.217.172.in-addr.arpa
                                                  IN PTR
                                                  mad08s04-in-f14�I
                                                • flag-us
                                                  DNS
                                                  tse1.mm.bing.net
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  tse1.mm.bing.net
                                                  IN A
                                                  Response
                                                  tse1.mm.bing.net
                                                  IN CNAME
                                                  mm-mm.bing.net.trafficmanager.net
                                                  mm-mm.bing.net.trafficmanager.net
                                                  IN CNAME
                                                  ax-0001.ax-msedge.net
                                                  ax-0001.ax-msedge.net
                                                  IN A
                                                  150.171.28.10
                                                  ax-0001.ax-msedge.net
                                                  IN A
                                                  150.171.27.10
                                                • flag-us
                                                  GET
                                                  https://tse1.mm.bing.net/th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                  Remote address:
                                                  150.171.28.10:443
                                                  Request
                                                  GET /th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                  host: tse1.mm.bing.net
                                                  accept: */*
                                                  accept-encoding: gzip, deflate, br
                                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                  Response
                                                  HTTP/2.0 200
                                                  cache-control: public, max-age=2592000
                                                  content-length: 589683
                                                  content-type: image/jpeg
                                                  x-cache: TCP_HIT
                                                  access-control-allow-origin: *
                                                  access-control-allow-headers: *
                                                  access-control-allow-methods: GET, POST, OPTIONS
                                                  timing-allow-origin: *
                                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                  x-msedge-ref: Ref A: 679AA08062B14C0582D41528DD98B578 Ref B: LON04EDGE1221 Ref C: 2024-07-21T11:24:15Z
                                                  date: Sun, 21 Jul 2024 11:24:14 GMT
                                                • flag-us
                                                  GET
                                                  https://tse1.mm.bing.net/th?id=OADD2.10239339388056_1O9WMGQV7BVEGHO4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                  Remote address:
                                                  150.171.28.10:443
                                                  Request
                                                  GET /th?id=OADD2.10239339388056_1O9WMGQV7BVEGHO4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                  host: tse1.mm.bing.net
                                                  accept: */*
                                                  accept-encoding: gzip, deflate, br
                                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                  Response
                                                  HTTP/2.0 200
                                                  cache-control: public, max-age=2592000
                                                  content-length: 797704
                                                  content-type: image/jpeg
                                                  x-cache: TCP_HIT
                                                  access-control-allow-origin: *
                                                  access-control-allow-headers: *
                                                  access-control-allow-methods: GET, POST, OPTIONS
                                                  timing-allow-origin: *
                                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                  x-msedge-ref: Ref A: 3C2B1E9D49CA4196BB6457265993616E Ref B: LON04EDGE1221 Ref C: 2024-07-21T11:24:15Z
                                                  date: Sun, 21 Jul 2024 11:24:14 GMT
                                                • flag-us
                                                  GET
                                                  https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                  Remote address:
                                                  150.171.28.10:443
                                                  Request
                                                  GET /th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                  host: tse1.mm.bing.net
                                                  accept: */*
                                                  accept-encoding: gzip, deflate, br
                                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                  Response
                                                  HTTP/2.0 200
                                                  cache-control: public, max-age=2592000
                                                  content-length: 554838
                                                  content-type: image/jpeg
                                                  x-cache: TCP_HIT
                                                  access-control-allow-origin: *
                                                  access-control-allow-headers: *
                                                  access-control-allow-methods: GET, POST, OPTIONS
                                                  timing-allow-origin: *
                                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                  x-msedge-ref: Ref A: 97B50249A1CE4E39BB75522F60E88667 Ref B: LON04EDGE1221 Ref C: 2024-07-21T11:24:15Z
                                                  date: Sun, 21 Jul 2024 11:24:14 GMT
                                                • flag-us
                                                  GET
                                                  https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                  Remote address:
                                                  150.171.28.10:443
                                                  Request
                                                  GET /th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                  host: tse1.mm.bing.net
                                                  accept: */*
                                                  accept-encoding: gzip, deflate, br
                                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                  Response
                                                  HTTP/2.0 200
                                                  cache-control: public, max-age=2592000
                                                  content-length: 575578
                                                  content-type: image/jpeg
                                                  x-cache: TCP_HIT
                                                  access-control-allow-origin: *
                                                  access-control-allow-headers: *
                                                  access-control-allow-methods: GET, POST, OPTIONS
                                                  timing-allow-origin: *
                                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                  x-msedge-ref: Ref A: DB4E73302E1D48E6B768736D630323B9 Ref B: LON04EDGE1221 Ref C: 2024-07-21T11:24:15Z
                                                  date: Sun, 21 Jul 2024 11:24:14 GMT
                                                • flag-us
                                                  GET
                                                  https://tse1.mm.bing.net/th?id=OADD2.10239339388057_1GGG85785BK7BP6Y7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                  Remote address:
                                                  150.171.28.10:443
                                                  Request
                                                  GET /th?id=OADD2.10239339388057_1GGG85785BK7BP6Y7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                  host: tse1.mm.bing.net
                                                  accept: */*
                                                  accept-encoding: gzip, deflate, br
                                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                  Response
                                                  HTTP/2.0 200
                                                  cache-control: public, max-age=2592000
                                                  content-length: 706510
                                                  content-type: image/jpeg
                                                  x-cache: TCP_HIT
                                                  access-control-allow-origin: *
                                                  access-control-allow-headers: *
                                                  access-control-allow-methods: GET, POST, OPTIONS
                                                  timing-allow-origin: *
                                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                  x-msedge-ref: Ref A: C547686804B844E8B256585E8DE7E621 Ref B: LON04EDGE1221 Ref C: 2024-07-21T11:24:15Z
                                                  date: Sun, 21 Jul 2024 11:24:14 GMT
                                                • flag-us
                                                  GET
                                                  https://tse1.mm.bing.net/th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                  Remote address:
                                                  150.171.28.10:443
                                                  Request
                                                  GET /th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                  host: tse1.mm.bing.net
                                                  accept: */*
                                                  accept-encoding: gzip, deflate, br
                                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                  Response
                                                  HTTP/2.0 200
                                                  cache-control: public, max-age=2592000
                                                  content-length: 458468
                                                  content-type: image/jpeg
                                                  x-cache: TCP_HIT
                                                  access-control-allow-origin: *
                                                  access-control-allow-headers: *
                                                  access-control-allow-methods: GET, POST, OPTIONS
                                                  timing-allow-origin: *
                                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                  x-msedge-ref: Ref A: 7AAFB519DC6E48478E08C3539C4F887E Ref B: LON04EDGE1221 Ref C: 2024-07-21T11:24:15Z
                                                  date: Sun, 21 Jul 2024 11:24:15 GMT
                                                • flag-us
                                                  DNS
                                                  14.227.111.52.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  14.227.111.52.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  github.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  github.com
                                                  IN A
                                                  Response
                                                  github.com
                                                  IN A
                                                  20.26.156.215
                                                • flag-us
                                                  DNS
                                                  github.githubassets.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  github.githubassets.com
                                                  IN A
                                                  Response
                                                  github.githubassets.com
                                                  IN A
                                                  185.199.108.154
                                                  github.githubassets.com
                                                  IN A
                                                  185.199.111.154
                                                  github.githubassets.com
                                                  IN A
                                                  185.199.110.154
                                                  github.githubassets.com
                                                  IN A
                                                  185.199.109.154
                                                • flag-us
                                                  DNS
                                                  avatars.githubusercontent.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  avatars.githubusercontent.com
                                                  IN A
                                                  Response
                                                  avatars.githubusercontent.com
                                                  IN A
                                                  185.199.111.133
                                                  avatars.githubusercontent.com
                                                  IN A
                                                  185.199.108.133
                                                  avatars.githubusercontent.com
                                                  IN A
                                                  185.199.109.133
                                                  avatars.githubusercontent.com
                                                  IN A
                                                  185.199.110.133
                                                • flag-us
                                                  DNS
                                                  user-images.githubusercontent.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  user-images.githubusercontent.com
                                                  IN A
                                                  Response
                                                  user-images.githubusercontent.com
                                                  IN A
                                                  185.199.109.133
                                                  user-images.githubusercontent.com
                                                  IN A
                                                  185.199.108.133
                                                  user-images.githubusercontent.com
                                                  IN A
                                                  185.199.111.133
                                                  user-images.githubusercontent.com
                                                  IN A
                                                  185.199.110.133
                                                • flag-us
                                                  DNS
                                                  github-cloud.s3.amazonaws.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  github-cloud.s3.amazonaws.com
                                                  IN A
                                                  Response
                                                  github-cloud.s3.amazonaws.com
                                                  IN CNAME
                                                  s3-1-w.amazonaws.com
                                                  s3-1-w.amazonaws.com
                                                  IN CNAME
                                                  s3-w.us-east-1.amazonaws.com
                                                  s3-w.us-east-1.amazonaws.com
                                                  IN A
                                                  52.217.116.161
                                                  s3-w.us-east-1.amazonaws.com
                                                  IN A
                                                  16.182.106.9
                                                  s3-w.us-east-1.amazonaws.com
                                                  IN A
                                                  52.217.123.9
                                                  s3-w.us-east-1.amazonaws.com
                                                  IN A
                                                  52.217.226.121
                                                  s3-w.us-east-1.amazonaws.com
                                                  IN A
                                                  52.216.146.235
                                                  s3-w.us-east-1.amazonaws.com
                                                  IN A
                                                  54.231.128.153
                                                  s3-w.us-east-1.amazonaws.com
                                                  IN A
                                                  3.5.27.115
                                                  s3-w.us-east-1.amazonaws.com
                                                  IN A
                                                  16.182.34.217
                                                • flag-us
                                                  DNS
                                                  camo.githubusercontent.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  camo.githubusercontent.com
                                                  IN A
                                                  Response
                                                  camo.githubusercontent.com
                                                  IN A
                                                  185.199.111.133
                                                  camo.githubusercontent.com
                                                  IN A
                                                  185.199.108.133
                                                  camo.githubusercontent.com
                                                  IN A
                                                  185.199.110.133
                                                  camo.githubusercontent.com
                                                  IN A
                                                  185.199.109.133
                                                • flag-us
                                                  DNS
                                                  154.108.199.185.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  154.108.199.185.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  154.108.199.185.in-addr.arpa
                                                  IN PTR
                                                  cdn-185-199-108-154githubcom
                                                • flag-us
                                                  DNS
                                                  133.111.199.185.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  133.111.199.185.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  133.111.199.185.in-addr.arpa
                                                  IN PTR
                                                  cdn-185-199-111-133githubcom
                                                • flag-us
                                                  DNS
                                                  content-autofill.googleapis.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  Response
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  216.58.212.234
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  142.250.200.42
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  142.250.187.234
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  172.217.16.234
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  142.250.187.202
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  142.250.200.10
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  142.250.179.234
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  142.250.180.10
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  216.58.212.202
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  216.58.204.74
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  142.250.178.10
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  172.217.169.10
                                                  content-autofill.googleapis.com
                                                  IN A
                                                  216.58.201.106
                                                • flag-us
                                                  DNS
                                                  collector.github.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  collector.github.com
                                                  IN A
                                                  Response
                                                  collector.github.com
                                                  IN CNAME
                                                  glb-db52c2cf8be544.github.com
                                                  glb-db52c2cf8be544.github.com
                                                  IN A
                                                  140.82.114.21
                                                • flag-us
                                                  DNS
                                                  api.github.com
                                                  chrome.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  api.github.com
                                                  IN A
                                                  Response
                                                  api.github.com
                                                  IN A
                                                  20.26.156.210
                                                • flag-us
                                                  DNS
                                                  234.212.58.216.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  234.212.58.216.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  234.212.58.216.in-addr.arpa
                                                  IN PTR
                                                  ams16s22-in-f2341e100net
                                                  234.212.58.216.in-addr.arpa
                                                  IN PTR
                                                  lhr25s28-in-f10�J
                                                  234.212.58.216.in-addr.arpa
                                                  IN PTR
                                                  ams16s22-in-f10�J
                                                • flag-us
                                                  DNS
                                                  210.156.26.20.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  210.156.26.20.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  210.156.26.20.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  210.156.26.20.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                • flag-us
                                                  DNS
                                                  21.114.82.140.in-addr.arpa
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  21.114.82.140.in-addr.arpa
                                                  IN PTR
                                                  Response
                                                  21.114.82.140.in-addr.arpa
                                                  IN PTR
                                                  lb-140-82-114-21-iadgithubcom
                                                • 20.26.156.215:443
                                                  https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/NoMoreRansom.zip
                                                  tls, http2
                                                  msedge.exe
                                                  1.9kB
                                                  7.9kB
                                                  15
                                                  13

                                                  HTTP Request

                                                  GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/NoMoreRansom.zip

                                                  HTTP Response

                                                  302
                                                • 185.199.108.133:443
                                                  https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/NoMoreRansom.zip
                                                  tls, http2
                                                  msedge.exe
                                                  17.9kB
                                                  974.3kB
                                                  364
                                                  712

                                                  HTTP Request

                                                  GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/NoMoreRansom.zip

                                                  HTTP Response

                                                  200
                                                • 127.0.0.1:57742
                                                  Endermanch@NoMoreRansom.exe
                                                • 193.23.244.244:443
                                                  www.hkq3a5.com
                                                  tls
                                                  Endermanch@NoMoreRansom.exe
                                                  3.0kB
                                                  5.6kB
                                                  12
                                                  9
                                                • 127.0.0.1:57755
                                                  Endermanch@NoMoreRansom.exe
                                                • 127.0.0.1:57762
                                                  Endermanch@NoMoreRansom.exe
                                                • 127.0.0.1:57766
                                                  Endermanch@NoMoreRansom.exe
                                                • 127.0.0.1:57771
                                                  Endermanch@NoMoreRansom.exe
                                                • 142.250.180.4:443
                                                  www.google.com
                                                  tls
                                                  chrome.exe
                                                  1.0kB
                                                  4.6kB
                                                  8
                                                  9
                                                • 172.217.16.238:443
                                                  clients2.google.com
                                                  tls
                                                  chrome.exe
                                                  1.1kB
                                                  8.1kB
                                                  10
                                                  10
                                                • 150.171.28.10:443
                                                  tse1.mm.bing.net
                                                  tls, http2
                                                  1.2kB
                                                  6.9kB
                                                  15
                                                  13
                                                • 150.171.28.10:443
                                                  tse1.mm.bing.net
                                                  tls, http2
                                                  1.2kB
                                                  6.9kB
                                                  15
                                                  13
                                                • 150.171.28.10:443
                                                  tse1.mm.bing.net
                                                  tls, http2
                                                  1.2kB
                                                  6.9kB
                                                  15
                                                  13
                                                • 150.171.28.10:443
                                                  https://tse1.mm.bing.net/th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                  tls, http2
                                                  133.1kB
                                                  3.8MB
                                                  2779
                                                  2775

                                                  HTTP Request

                                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                  HTTP Request

                                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239339388056_1O9WMGQV7BVEGHO4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                  HTTP Request

                                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                  HTTP Request

                                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                  HTTP Request

                                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239339388057_1GGG85785BK7BP6Y7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                  HTTP Response

                                                  200

                                                  HTTP Response

                                                  200

                                                  HTTP Response

                                                  200

                                                  HTTP Response

                                                  200

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                  HTTP Response

                                                  200
                                                • 150.171.28.10:443
                                                  tse1.mm.bing.net
                                                  tls, http2
                                                  1.2kB
                                                  6.9kB
                                                  15
                                                  13
                                                • 20.26.156.215:443
                                                  github.com
                                                  tls
                                                  chrome.exe
                                                  897 B
                                                  4.0kB
                                                  7
                                                  8
                                                • 20.26.156.215:443
                                                  github.com
                                                  tls
                                                  chrome.exe
                                                  7.5kB
                                                  166.9kB
                                                  93
                                                  155
                                                • 185.199.108.154:443
                                                  github.githubassets.com
                                                  tls
                                                  chrome.exe
                                                  1.0kB
                                                  4.2kB
                                                  8
                                                  9
                                                • 185.199.108.154:443
                                                  github.githubassets.com
                                                  tls
                                                  chrome.exe
                                                  1.0kB
                                                  4.2kB
                                                  8
                                                  9
                                                • 185.199.108.154:443
                                                  github.githubassets.com
                                                  tls
                                                  chrome.exe
                                                  1.0kB
                                                  4.2kB
                                                  8
                                                  9
                                                • 185.199.108.154:443
                                                  github.githubassets.com
                                                  tls
                                                  chrome.exe
                                                  969 B
                                                  4.2kB
                                                  8
                                                  9
                                                • 185.199.108.154:443
                                                  github.githubassets.com
                                                  tls
                                                  chrome.exe
                                                  1.0kB
                                                  4.2kB
                                                  8
                                                  9
                                                • 185.199.108.154:443
                                                  github.githubassets.com
                                                  tls
                                                  chrome.exe
                                                  43.8kB
                                                  1.1MB
                                                  645
                                                  930
                                                • 185.199.111.133:443
                                                  avatars.githubusercontent.com
                                                  tls
                                                  chrome.exe
                                                  3.0kB
                                                  27.6kB
                                                  32
                                                  40
                                                • 185.199.111.133:443
                                                  camo.githubusercontent.com
                                                  tls
                                                  chrome.exe
                                                  2.1kB
                                                  5.8kB
                                                  13
                                                  16
                                                • 216.58.212.234:443
                                                  content-autofill.googleapis.com
                                                  tls
                                                  chrome.exe
                                                  2.1kB
                                                  7.0kB
                                                  15
                                                  18
                                                • 185.199.108.154:443
                                                  github.githubassets.com
                                                  tls
                                                  chrome.exe
                                                  2.3kB
                                                  22.3kB
                                                  22
                                                  27
                                                • 140.82.114.21:443
                                                  collector.github.com
                                                  tls
                                                  chrome.exe
                                                  1.0kB
                                                  4.6kB
                                                  10
                                                  8
                                                • 140.82.114.21:443
                                                  collector.github.com
                                                  tls
                                                  chrome.exe
                                                  10.6kB
                                                  8.5kB
                                                  27
                                                  28
                                                • 20.26.156.210:443
                                                  api.github.com
                                                  tls
                                                  chrome.exe
                                                  6.2kB
                                                  6.5kB
                                                  17
                                                  18
                                                • 8.8.8.8:53
                                                  github.com
                                                  dns
                                                  chrome.exe
                                                  56 B
                                                  72 B
                                                  1
                                                  1

                                                  DNS Request

                                                  github.com

                                                  DNS Response

                                                  20.26.156.215

                                                • 8.8.8.8:53
                                                  raw.githubusercontent.com
                                                  dns
                                                  msedge.exe
                                                  71 B
                                                  135 B
                                                  1
                                                  1

                                                  DNS Request

                                                  raw.githubusercontent.com

                                                  DNS Response

                                                  185.199.108.133
                                                  185.199.109.133
                                                  185.199.111.133
                                                  185.199.110.133

                                                • 8.8.8.8:53
                                                  104.219.191.52.in-addr.arpa
                                                  dns
                                                  73 B
                                                  147 B
                                                  1
                                                  1

                                                  DNS Request

                                                  104.219.191.52.in-addr.arpa

                                                • 8.8.8.8:53
                                                  215.156.26.20.in-addr.arpa
                                                  dns
                                                  72 B
                                                  158 B
                                                  1
                                                  1

                                                  DNS Request

                                                  215.156.26.20.in-addr.arpa

                                                • 8.8.8.8:53
                                                  240.143.123.92.in-addr.arpa
                                                  dns
                                                  73 B
                                                  139 B
                                                  1
                                                  1

                                                  DNS Request

                                                  240.143.123.92.in-addr.arpa

                                                • 8.8.8.8:53
                                                  133.32.126.40.in-addr.arpa
                                                  dns
                                                  72 B
                                                  158 B
                                                  1
                                                  1

                                                  DNS Request

                                                  133.32.126.40.in-addr.arpa

                                                • 224.0.0.251:5353
                                                  chrome.exe
                                                  408 B
                                                  6
                                                • 8.8.8.8:53
                                                  133.108.199.185.in-addr.arpa
                                                  dns
                                                  74 B
                                                  118 B
                                                  1
                                                  1

                                                  DNS Request

                                                  133.108.199.185.in-addr.arpa

                                                • 8.8.8.8:53
                                                  88.156.103.20.in-addr.arpa
                                                  dns
                                                  72 B
                                                  158 B
                                                  1
                                                  1

                                                  DNS Request

                                                  88.156.103.20.in-addr.arpa

                                                • 8.8.8.8:53
                                                  232.168.11.51.in-addr.arpa
                                                  dns
                                                  72 B
                                                  158 B
                                                  1
                                                  1

                                                  DNS Request

                                                  232.168.11.51.in-addr.arpa

                                                • 8.8.8.8:53
                                                  244.244.23.193.in-addr.arpa
                                                  dns
                                                  73 B
                                                  108 B
                                                  1
                                                  1

                                                  DNS Request

                                                  244.244.23.193.in-addr.arpa

                                                • 8.8.8.8:53
                                                  157.123.68.40.in-addr.arpa
                                                  dns
                                                  72 B
                                                  146 B
                                                  1
                                                  1

                                                  DNS Request

                                                  157.123.68.40.in-addr.arpa

                                                • 8.8.8.8:53
                                                  206.23.85.13.in-addr.arpa
                                                  dns
                                                  71 B
                                                  145 B
                                                  1
                                                  1

                                                  DNS Request

                                                  206.23.85.13.in-addr.arpa

                                                • 8.8.8.8:53
                                                  147.142.123.92.in-addr.arpa
                                                  dns
                                                  73 B
                                                  139 B
                                                  1
                                                  1

                                                  DNS Request

                                                  147.142.123.92.in-addr.arpa

                                                • 8.8.8.8:53
                                                  26.35.223.20.in-addr.arpa
                                                  dns
                                                  71 B
                                                  157 B
                                                  1
                                                  1

                                                  DNS Request

                                                  26.35.223.20.in-addr.arpa

                                                • 8.8.8.8:53
                                                  www.google.com
                                                  dns
                                                  chrome.exe
                                                  60 B
                                                  76 B
                                                  1
                                                  1

                                                  DNS Request

                                                  www.google.com

                                                  DNS Response

                                                  142.250.180.4

                                                • 142.250.180.4:443
                                                  www.google.com
                                                  https
                                                  chrome.exe
                                                  5.6kB
                                                  22.6kB
                                                  34
                                                  36
                                                • 8.8.8.8:53
                                                  3.178.250.142.in-addr.arpa
                                                  dns
                                                  72 B
                                                  110 B
                                                  1
                                                  1

                                                  DNS Request

                                                  3.178.250.142.in-addr.arpa

                                                • 8.8.8.8:53
                                                  10.180.250.142.in-addr.arpa
                                                  dns
                                                  73 B
                                                  112 B
                                                  1
                                                  1

                                                  DNS Request

                                                  10.180.250.142.in-addr.arpa

                                                • 8.8.8.8:53
                                                  4.180.250.142.in-addr.arpa
                                                  dns
                                                  72 B
                                                  110 B
                                                  1
                                                  1

                                                  DNS Request

                                                  4.180.250.142.in-addr.arpa

                                                • 8.8.8.8:53
                                                  clients2.google.com
                                                  dns
                                                  chrome.exe
                                                  65 B
                                                  105 B
                                                  1
                                                  1

                                                  DNS Request

                                                  clients2.google.com

                                                  DNS Response

                                                  172.217.16.238

                                                • 172.217.16.238:443
                                                  clients2.google.com
                                                  https
                                                  chrome.exe
                                                  2.4kB
                                                  8.1kB
                                                  9
                                                  12
                                                • 8.8.8.8:53
                                                  238.16.217.172.in-addr.arpa
                                                  dns
                                                  73 B
                                                  142 B
                                                  1
                                                  1

                                                  DNS Request

                                                  238.16.217.172.in-addr.arpa

                                                • 8.8.8.8:53
                                                  tse1.mm.bing.net
                                                  dns
                                                  62 B
                                                  170 B
                                                  1
                                                  1

                                                  DNS Request

                                                  tse1.mm.bing.net

                                                  DNS Response

                                                  150.171.28.10
                                                  150.171.27.10

                                                • 8.8.8.8:53
                                                  14.227.111.52.in-addr.arpa
                                                  dns
                                                  72 B
                                                  158 B
                                                  1
                                                  1

                                                  DNS Request

                                                  14.227.111.52.in-addr.arpa

                                                • 8.8.8.8:53
                                                  github.com
                                                  dns
                                                  chrome.exe
                                                  56 B
                                                  72 B
                                                  1
                                                  1

                                                  DNS Request

                                                  github.com

                                                  DNS Response

                                                  20.26.156.215

                                                • 8.8.8.8:53
                                                  github.githubassets.com
                                                  dns
                                                  chrome.exe
                                                  69 B
                                                  133 B
                                                  1
                                                  1

                                                  DNS Request

                                                  github.githubassets.com

                                                  DNS Response

                                                  185.199.108.154
                                                  185.199.111.154
                                                  185.199.110.154
                                                  185.199.109.154

                                                • 8.8.8.8:53
                                                  avatars.githubusercontent.com
                                                  dns
                                                  chrome.exe
                                                  75 B
                                                  139 B
                                                  1
                                                  1

                                                  DNS Request

                                                  avatars.githubusercontent.com

                                                  DNS Response

                                                  185.199.111.133
                                                  185.199.108.133
                                                  185.199.109.133
                                                  185.199.110.133

                                                • 8.8.8.8:53
                                                  user-images.githubusercontent.com
                                                  dns
                                                  chrome.exe
                                                  79 B
                                                  143 B
                                                  1
                                                  1

                                                  DNS Request

                                                  user-images.githubusercontent.com

                                                  DNS Response

                                                  185.199.109.133
                                                  185.199.108.133
                                                  185.199.111.133
                                                  185.199.110.133

                                                • 8.8.8.8:53
                                                  github-cloud.s3.amazonaws.com
                                                  dns
                                                  chrome.exe
                                                  75 B
                                                  253 B
                                                  1
                                                  1

                                                  DNS Request

                                                  github-cloud.s3.amazonaws.com

                                                  DNS Response

                                                  52.217.116.161
                                                  16.182.106.9
                                                  52.217.123.9
                                                  52.217.226.121
                                                  52.216.146.235
                                                  54.231.128.153
                                                  3.5.27.115
                                                  16.182.34.217

                                                • 8.8.8.8:53
                                                  camo.githubusercontent.com
                                                  dns
                                                  chrome.exe
                                                  72 B
                                                  136 B
                                                  1
                                                  1

                                                  DNS Request

                                                  camo.githubusercontent.com

                                                  DNS Response

                                                  185.199.111.133
                                                  185.199.108.133
                                                  185.199.110.133
                                                  185.199.109.133

                                                • 8.8.8.8:53
                                                  154.108.199.185.in-addr.arpa
                                                  dns
                                                  74 B
                                                  118 B
                                                  1
                                                  1

                                                  DNS Request

                                                  154.108.199.185.in-addr.arpa

                                                • 8.8.8.8:53
                                                  133.111.199.185.in-addr.arpa
                                                  dns
                                                  74 B
                                                  118 B
                                                  1
                                                  1

                                                  DNS Request

                                                  133.111.199.185.in-addr.arpa

                                                • 8.8.8.8:53
                                                  content-autofill.googleapis.com
                                                  dns
                                                  chrome.exe
                                                  77 B
                                                  285 B
                                                  1
                                                  1

                                                  DNS Request

                                                  content-autofill.googleapis.com

                                                  DNS Response

                                                  216.58.212.234
                                                  142.250.200.42
                                                  142.250.187.234
                                                  172.217.16.234
                                                  142.250.187.202
                                                  142.250.200.10
                                                  142.250.179.234
                                                  142.250.180.10
                                                  216.58.212.202
                                                  216.58.204.74
                                                  142.250.178.10
                                                  172.217.169.10
                                                  216.58.201.106

                                                • 8.8.8.8:53
                                                  collector.github.com
                                                  dns
                                                  chrome.exe
                                                  66 B
                                                  115 B
                                                  1
                                                  1

                                                  DNS Request

                                                  collector.github.com

                                                  DNS Response

                                                  140.82.114.21

                                                • 8.8.8.8:53
                                                  api.github.com
                                                  dns
                                                  chrome.exe
                                                  60 B
                                                  76 B
                                                  1
                                                  1

                                                  DNS Request

                                                  api.github.com

                                                  DNS Response

                                                  20.26.156.210

                                                • 216.58.212.234:443
                                                  content-autofill.googleapis.com
                                                  https
                                                  chrome.exe
                                                  2.2kB
                                                  7.0kB
                                                  7
                                                  11
                                                • 8.8.8.8:53
                                                  234.212.58.216.in-addr.arpa
                                                  dns
                                                  73 B
                                                  173 B
                                                  1
                                                  1

                                                  DNS Request

                                                  234.212.58.216.in-addr.arpa

                                                • 8.8.8.8:53
                                                  210.156.26.20.in-addr.arpa
                                                  dns
                                                  144 B
                                                  316 B
                                                  2
                                                  2

                                                  DNS Request

                                                  210.156.26.20.in-addr.arpa

                                                  DNS Request

                                                  210.156.26.20.in-addr.arpa

                                                • 8.8.8.8:53
                                                  21.114.82.140.in-addr.arpa
                                                  dns
                                                  72 B
                                                  117 B
                                                  1
                                                  1

                                                  DNS Request

                                                  21.114.82.140.in-addr.arpa

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\ProgramData\Windows\csrss.exe

                                                  Filesize

                                                  1.4MB

                                                  MD5

                                                  63210f8f1dde6c40a7f3643ccf0ff313

                                                  SHA1

                                                  57edd72391d710d71bead504d44389d0462ccec9

                                                  SHA256

                                                  2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

                                                  SHA512

                                                  87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                  Filesize

                                                  649B

                                                  MD5

                                                  78f3dd894aeb1530d2a97e2025476668

                                                  SHA1

                                                  aa855aeba1e4c1dd6d4c33c5617b4937374f178a

                                                  SHA256

                                                  8397c08ccff92c027d1b407d8f0d1fd474f0c39947a5a06e168a819f5c528bd7

                                                  SHA512

                                                  6f85af30dc07c98d1787cffba3a196108847e3a60cd73ed60109f3cff5cbd761e47173a64721a4b6af17220f50fe80770e21e4fb272f2afcc10655568ba0b77a

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  e93980c4122c2570bf17a0d1e2c890be

                                                  SHA1

                                                  14efc026bd1c58446e9788c98d57aa83d466d639

                                                  SHA256

                                                  fbb4f93711e0764d9da85564803f688cd89f5763d5ace9ea169ef4d9d7f9c5f0

                                                  SHA512

                                                  bead31cbc82774ceab7dda8c8219052588a0143d4a0c05905e9f798405175952eae07d795ce62600a3292860db2086888e00f6cf153d29cd102e59546a2fac52

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                  Filesize

                                                  2B

                                                  MD5

                                                  d751713988987e9331980363e24189ce

                                                  SHA1

                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                  SHA256

                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                  SHA512

                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  354B

                                                  MD5

                                                  1d072a9db966275110a6ab4e93bc1e8e

                                                  SHA1

                                                  7b0cc49cc83429e774bc18d5b15c179a468acb4c

                                                  SHA256

                                                  e5848302d9f5c57add0e87f5a8d398ccbffca7d71df154ed3d8b7d3a470deb26

                                                  SHA512

                                                  164b2ac6fcd261f1f5b671273e7573a4803aae649002a440df0cffb73eee3731415b39973f2abc5b896dc56efbeb41fd8b28a105d001210b61bf0a464c46fdd0

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  bdfa8584bc88b4cc74e522fe3c2846ab

                                                  SHA1

                                                  ab51b216e45ad6c5998a20bac4740d5997f2b648

                                                  SHA256

                                                  1a184fc12737f81de3bf36c18ac724605a4cde30acf781690b409f893eb8db80

                                                  SHA512

                                                  21c05950f71341e133395dc4cbb5aa3bc9cefd2e54dca22b6976ce58713c6de687264a0199c698a648f50032e413e7a5236d97c0a832f8fea72184f43b0c417b

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  38c85ea21bf290989abc012517407dd9

                                                  SHA1

                                                  6acbf91a6e78b96f20f0dc99009d4ebc902b1cd7

                                                  SHA256

                                                  9d64dacc4c54b0e1340df77988b2cf01e6e98586d3bfc2bd04dc6cd0de73205f

                                                  SHA512

                                                  9c25bb2b34c522171063e8c497b27563cd35456640833671538a3d0db6399a743d5d70e0fd58785f56e60f0498ef2b108e20483873849c81848b7f768cae5016

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  5a7eec352961c379e07765e8964338c4

                                                  SHA1

                                                  a0dd1beecd3951b04d3ecd49b5541fdf5c397982

                                                  SHA256

                                                  6f5e0baa06bd019d8daf149c4a17e7d2ec3ba7809f0436efc6f01c72d6d77189

                                                  SHA512

                                                  6b37e5841f08a2154ce8dd23ddd7faf08d619ad3db77d18657bb60a788947f02fa3d5eccfba0fb1393d76322601108b98373af57a55a97cde3b7a5cb8cf085d8

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  9KB

                                                  MD5

                                                  70abdfdef4ee4ffe9db904afc930f50b

                                                  SHA1

                                                  31964586279c7a0c8399ba2ebdc595c31152ce45

                                                  SHA256

                                                  db7bc923e10fdbb24d642e91b60e1e8d160ba0871dac229406a508415af20f4e

                                                  SHA512

                                                  b3a0561e7a8669dfd5661ef52f99e5d89e6ea21ab065a02fa6805504831cfc42619c9267b714da59081ab91b33eb78ca5bf7b731a0cb296fb2eeb3646e093de7

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  9KB

                                                  MD5

                                                  dbd27c0b90fa4e98dec670ea00f87e34

                                                  SHA1

                                                  439aa9ca3420a76ddb55fa22ffc747be3673dba8

                                                  SHA256

                                                  07701406c637a10f479139b88abec60dcaf23af188d6d35a228aaf9aae1c2ffa

                                                  SHA512

                                                  c895d76d56fca02aba53f3ccdd4e5b78b3bb509c3a26a0d9808d9eb28768fee319e45713fda2456f779d477d7630d2600480ea976a0914a0e62516ab3de7e1fb

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  10KB

                                                  MD5

                                                  6883dc81f7876e35e7be9a6b25af53a4

                                                  SHA1

                                                  fbc94714a05e5a33fc2f81702ba6ce30365ed2af

                                                  SHA256

                                                  fdd313f03d764d84a2bdcc60a9bf04db113068c949c8dcacc87a62d54c0c469d

                                                  SHA512

                                                  0365e0f065dfcfa32c4469fc74d15add7300d8d8e8aba6f36d0b5a7edb9e0366f258ee7aa073540dd3016d03afd5d255f10708720dd37ff09a8de872192b5de0

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                  Filesize

                                                  15KB

                                                  MD5

                                                  abb43758e5ac28dda6ad6d8421570e92

                                                  SHA1

                                                  9b47f0a008d0d94e111c83f864739c1147ed4bda

                                                  SHA256

                                                  f4a42650461cd31db49ecfb078975a085f29dd4b20e338bbc5dca418cad6a3f0

                                                  SHA512

                                                  82a913e86cabfe0112ef3e21f1b73d1c40206d9790c3840ebaa0cb47f089fc5086f784e58cbf186a6767087c9ebeeb216ae8f5363ea62759caf49aad43fb3fbb

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                  Filesize

                                                  185KB

                                                  MD5

                                                  baf30fdd36390395e08110764b8fbbdc

                                                  SHA1

                                                  06369c38c1b47364551d111310e1d11076e28539

                                                  SHA256

                                                  a64b40162f91b3d5a550c6a395dc00ba95ddddb62b5811a190953606b8d89689

                                                  SHA512

                                                  856d2088e53666612522c4bb49fc44a8940bff0445596e93140063b10241585a523563221f5e02583381012706eb5a184d6c4c0ce05ae533aabe1f0dc0bf62fc

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                  Filesize

                                                  185KB

                                                  MD5

                                                  72dc1b00cbd8678c7ef6f4562ca80259

                                                  SHA1

                                                  6b1a342a7b9c10f8c3d4c97ddab3ad666df2cee7

                                                  SHA256

                                                  105cfe13a8390f50fdbec81c990a9b8487b44fc4202bd3362084cf365c484e30

                                                  SHA512

                                                  5a84d16b20fefefcf1489bda0e1bfc9c1aaf1bb1d93a2f199fd39697c34a7b0b8c56275378ee854c4c7a947c864419783c6f880169164025b0cace7079fd4df8

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  bafce9e4c53a0cb85310891b6b21791b

                                                  SHA1

                                                  5d70027cc137a7cbb38f5801b15fd97b05e89ee2

                                                  SHA256

                                                  71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

                                                  SHA512

                                                  c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  a499254d6b5d91f97eb7a86e5f8ca573

                                                  SHA1

                                                  03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

                                                  SHA256

                                                  fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

                                                  SHA512

                                                  d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                  Filesize

                                                  261B

                                                  MD5

                                                  2c2e6472d05e3832905f0ad4a04d21c3

                                                  SHA1

                                                  007edbf35759af62a5b847ab09055e7d9b86ffcc

                                                  SHA256

                                                  283d954fa21caa1f3b4aba941b154fab3e626ff27e7b8029f5357872c48cbe03

                                                  SHA512

                                                  8c4ce1ea02da6ffb7e7041c50528da447d087d9ee3c9f4a8c525d2d856cf48e46f5dd9a1fedd23dd047634e719c8886457f7e7240aa3cc36f1a6216e4c00ee37

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  5KB

                                                  MD5

                                                  b99802bb4191f6b47189af3f3c6be246

                                                  SHA1

                                                  0ec187ef3ec6582fb1c64499d96c14327cbd4e5f

                                                  SHA256

                                                  b9341e55e1dc1140bc45194a9003ff7869480b1918eeb1a995cfceb923f754db

                                                  SHA512

                                                  b0329ea1a833893a23af1e35fe082a41f6ad1706b259835e4a285b97e78c8f5c7ee6186da342d2b1a4d60da265c20cfb48aeb0fb32deb495caf3200d33fac28a

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  0b09b426565ba8b55629190172c064da

                                                  SHA1

                                                  fa747fd4f2c6281849b1c09af533d04cd48fa1e8

                                                  SHA256

                                                  6b49de4270bde53964dbd511ad702cef468b15798b8cf820a44333c1d22caada

                                                  SHA512

                                                  d2727f8375f68d3dc4f28825cb9b4643ed382e8c78e25177a878a444c39dd3e1010d78783b66c216a5dbbf457157b89d40753b18e5a2bf8a836ce197c2ce03d2

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  11KB

                                                  MD5

                                                  3ae48bbc68774b383d41127bc30a06b3

                                                  SHA1

                                                  3777df8d86439ef625c86eaa1cc44e31ba309529

                                                  SHA256

                                                  cf7edd55aa5ba4ec4a69b9d9be220d8a485b0a1c9fed6c35e427da29c3d95781

                                                  SHA512

                                                  bd6448c7432c4c77e06d5ceff72bc2ccd894a8182a0f467c85e5876a3f78432074b473c36acbd0866053b9aafb10db2328e1b5f5aa53ed84105806572968e7a0

                                                • C:\Users\Admin\Downloads\NoMoreRansom.zip

                                                  Filesize

                                                  916KB

                                                  MD5

                                                  f315e49d46914e3989a160bbcfc5de85

                                                  SHA1

                                                  99654bfeaad090d95deef3a2e9d5d021d2dc5f63

                                                  SHA256

                                                  5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

                                                  SHA512

                                                  224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

                                                • memory/1544-145-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/1544-146-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/1544-144-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/2256-165-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-177-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-176-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-175-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-174-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-173-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-172-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-171-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-167-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2256-166-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3712-137-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/3712-143-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/3712-179-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/3712-136-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/3712-138-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/3712-140-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/3712-180-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/3712-153-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/4016-152-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/4016-160-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/4180-155-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/4180-162-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/4552-150-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                • memory/4552-156-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                  Filesize

                                                  1.9MB

                                                We care about your privacy.

                                                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.