hxxp://vencord[.]dev

Resubmissions

08/08/2024, 14:48 UTC

240808-r6n7raydlg 8

08/08/2024, 14:44 UTC

240808-r4fslaydjc 8

Analysis

max time kernel
145s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/08/2024, 14:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vencord.dev

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4716	VencordInstaller.exe
944	VencordInstaller.exe
1344	VencordInstaller.exe
3848	VencordInstaller.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\VencordInstaller.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 897077.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\VencordInstaller.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1316	msedge.exe
1316	msedge.exe
2176	msedge.exe
2176	msedge.exe
2884	msedge.exe
2884	msedge.exe
3260	identity_helper.exe
3260	identity_helper.exe
4684	msedge.exe
4684	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4716	VencordInstaller.exe
944	VencordInstaller.exe
1344	VencordInstaller.exe
3848	VencordInstaller.exe
4072	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1868	2176	msedge.exe	82
PID 2176 wrote to memory of 1868	2176	msedge.exe	82
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 3172	2176	msedge.exe	83
PID 2176 wrote to memory of 1316	2176	msedge.exe	84
PID 2176 wrote to memory of 1316	2176	msedge.exe	84
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85
PID 2176 wrote to memory of 652	2176	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vencord.dev
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff999eb3cb8,0x7ff999eb3cc8,0x7ff999eb3cd8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Users\Admin\Downloads\VencordInstaller.exe
  "C:\Users\Admin\Downloads\VencordInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4716
- C:\Users\Admin\Downloads\VencordInstaller.exe
  "C:\Users\Admin\Downloads\VencordInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:944
- C:\Users\Admin\Downloads\VencordInstaller.exe
  "C:\Users\Admin\Downloads\VencordInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1344
- C:\Users\Admin\Downloads\VencordInstaller.exe
  "C:\Users\Admin\Downloads\VencordInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,12282127369352397254,6417971360012399768,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4072

Network

DNS

vencord.dev

msedge.exe

Remote address:

8.8.8.8:53

Request

vencord.dev

IN A

Response

vencord.dev

IN A

172.67.183.184

vencord.dev

IN A

104.21.56.91
DNS

login.live.com

msedge.exe

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.trafficmanager.net

www.tm.lg.prod.aadmsa.trafficmanager.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.akadns.net

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.75

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.4

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.64

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.71

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.68

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.159.2

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.31.67

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.31.73
DNS

ctldl.windowsupdate.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

217.20.58.101

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

217.20.58.100

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

217.20.58.35

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

217.20.56.42

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

217.20.58.39

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

217.20.58.99

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

217.20.58.23

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

217.20.58.34
DNS

75.159.190.20.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

arc.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

IN A

20.103.156.88
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

133.110.199.185.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

133.110.199.185.in-addr.arpa

IN PTR

Response

133.110.199.185.in-addr.arpa

IN PTR

cdn-185-199-110-133githubcom
DNS

nexusrules.officeapps.live.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.227.14
DNS

172.210.232.199.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

api.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
DNS

133.209.17.2.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

133.209.17.2.in-addr.arpa

IN PTR

Response

133.209.17.2.in-addr.arpa

IN PTR

a2-17-209-133deploystaticakamaitechnologiescom
DNS

t-ring-s2.msedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

t-ring-s2.msedge.net

IN A

Response

t-ring-s2.msedge.net

IN CNAME

t-ring.s-part2-t-9999.t-msedge.net

t-ring.s-part2-t-9999.t-msedge.net

IN CNAME

azurefd-t-fb-prod.trafficmanager.net

azurefd-t-fb-prod.trafficmanager.net

IN CNAME

dual.s-part-0036.t-0009.fb-t-msedge.net

dual.s-part-0036.t-0009.fb-t-msedge.net

IN CNAME

s-part-0036.t-0009.fb-t-msedge.net

s-part-0036.t-0009.fb-t-msedge.net

IN A

13.107.253.64
DNS

6.173.189.20.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

6.173.189.20.in-addr.arpa

IN PTR

Response
GET

http://vencord.dev/

msedge.exe

Remote address:

172.67.183.184:80

Request

GET / HTTP/1.1
Host: vencord.dev
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 08 Aug 2024 14:44:54 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Aug 2024 15:44:54 GMT
Location: https://vencord.dev/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RpNYozHgodnr6G1gg7zYDTxpgrwD05GTiaMqrbDQHnwxBEr3P3UQfM0UzJXmW8bY64DB8RG%2B8G2vhI3my1DvMXW7mOU%2BmWnfYvtAIXxPO3thnKpYNSHNgp0hf9%2BfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8b00497eedd493ea-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/

msedge.exe

Remote address:

172.67.183.184:443

Request

GET / HTTP/2.0
host: vencord.dev
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=btsUUauG5hoPbQ0Rwk6j1iyoHg%2Fem1gKoZNFwGcazld1QEfCO4egQrUGXG0l7tuiaVFIha7srHDhikm0M0K1fLg3db8ZXU6u%2BlaWnZDcNnN1rzDXp7ZXDn%2BxSIe%2BkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8b00497fda1c93fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/fonts/Inter.var-subset.woff2

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /fonts/Inter.var-subset.woff2 HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://vencord.dev
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"fe72a9ef066279023eb04ba2bc860234"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sr5%2BxHzTebAJPEWCZflYmlhn947GAfdA2uBL4IonM78XsfHsshEhxZ0fOrcYjdQcPoox%2FdY1MGoEWn6X6OC9Y%2B7ZbqBcnb4vWDtEiaaz5tJ8g5oPwPuePg5i2R8tGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 6674
server: cloudflare
cf-ray: 8b0049817d1b93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/_astro/gdpr.DMDF9Ojm.css

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /_astro/gdpr.DMDF9Ojm.css HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/png
content-length: 3044
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "8966926a12e1f8d1a77da3d694c9ffa0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exsOY%2By0t4WvASfRQ5wTGigMTWo0l8ANij8iamg3%2BYVINmltCGQhByJZplzl0Exa1v2xL82kpHCE5ev4Qiz%2FY3Mo6YXW4jkyvOM4mCbMCpy9YMnJK3%2FrI6ogWA%2Fh5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 467
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d2c93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/logo-nav-oneko-padding.png

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/logo-nav-oneko-padding.png HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/png
content-length: 2395
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "813712eec2b08b81221f6710f0c50e22"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2mYETMnwNiI3bWjL0qg8qD4K171BF15BJcPIMp2bwZDYItwZOQSzqHfhgP3actb14yYQk4H%2BcpB5B0z5Pcxz5u2kLfO%2FpulnApJV1fMknbb5xn%2FMB6Sccp%2FYGnm0ZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 467
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d2993fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/cute-logo.avif

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/cute-logo.avif HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/png
content-length: 5410
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "8f7be9200bb6165443ff79abe05024fe"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pnpr5TZQZai%2BOUvVcTquNWwxKJPpXieZKtrSx%2FUtrD3OqgmpRyK979NnWOI6qZpSNHEKZ6BNE7bYfY5g%2FfCeNRxO6sp8zORJZ4JRSEsAEOjx%2FlTmBZj0mOudxIOx3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 467
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d2493fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/light-bulb.png

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/light-bulb.png HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/avif
content-length: 80379
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "604634e1996c4ef1beeddae245d7cb5e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i%2Fm2Edly64HM631feKrnJU8nFtXT1tz2Y8sjZXxOpuNcyM7d%2BI09qQqnQ3EH3C%2BewZAEs8MiaeqvV12fcsl4KZ6w5KsrM0%2F9B0mOOCTMEsH2dDTI7kcAFUhfGRFvNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6674
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d2193fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/heart.png

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/heart.png HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/png
content-length: 3587
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "bf13c2a67d6923b6f0896f12a8089aba"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yRu6lTcnNs7f2RIAP5TOQNPPlt%2B1jqraDRqUcSz0YSQX3oEs21EHzs4XwAYSTgytCESZc3dSYUQSWISeJSifrm4YV8Sg8SzFdATntodgOc75SFbAMOrzAuiToVk9gS%2FTBZ8sBh1tiB4xVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 467
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d2b93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/globe.png

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/globe.png HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/png
content-length: 4753
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "b92120fe9c2f27968c9d9ed489a111f6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YN%2FmsRjFNdIemFaxbCIT506n3XcCRlQoMzOfeDn7Zz1tvobsHd%2Btdr4fER6cih%2BI9ZIt6ECiPyQ8zzFmRFMRy%2FaLQnY0NPIzN0nWgD21%2B1Mkr%2FPICvL53Eu8g5XrsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 467
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d2593fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/locked.png

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/locked.png HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: font/woff2
content-length: 128208
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "9688c3196b874c6b494547fccd642e11"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tet8tUQpnFFJMN8rRsuqbVHtYaeGTUbGvASXwmlDhMv%2B%2FxrY%2BwwzQk4zExF7YFYsiOIf58bEH%2FCR4Rn32YFDt14rr9qYwn0789kk7nqeitevKlby0tPS%2B7pi6xghRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 4046
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d1a93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/package.png

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/package.png HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/png
content-length: 570
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "abd2c8f3f2f8da8932f5163f38b8df69"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNWuYgIjDyPK4rjrYq7Ta0hEr%2BF9PsLNt65xOEF2MqRjmmcZJLTwJzP%2BMjRZwaMMEuoO5Xf9CMBmiFhsRZN53%2FjUohLVUidrv4Ao%2F0ogsPX76hh%2BBG2fI%2FXQPfs0XA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6674
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d1f93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/hammer-and-wrench.png

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/hammer-and-wrench.png HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/png
content-length: 4232
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c5303cbf12e193c3548331f83d0fca22"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BgXmtfhlWzmc63Lb3URKcOAlZqS%2Fd%2FMvj%2Bt8WQmxnArcQ5dX%2FtwG0tIkiMOzv37WNgagH1dh33pXM3W1ZDh%2F39DcywAf3WE2KYZz7vIEd%2BDgwNchBevGG2YkSm8H6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 467
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049817d2393fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/_astro/ThemeToggle.DD8uX7ta.js

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /_astro/ThemeToggle.DD8uX7ta.js HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://vencord.dev
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"834da85e6693ed3355830c4d0d5feb6b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZmVugGg0Id8J3SmYQS9rnXYbENO8UrF7d1Dx9CK4ReZzyl%2BLMsEgOz3HmU7ZA4F9qEZOPa2eWqbs1mTU94YtzYGYQzViw2clfdDY5N5HN0cnRj5kUnRcD2ytVjkQq5yEo%2FKOf2DXwcsiog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 6993
server: cloudflare
cf-ray: 8b0049821e0f93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/_astro/client.Cx1FBVJX.js

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /_astro/client.Cx1FBVJX.js HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://vencord.dev
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"3c5b8633bbac981a2c1cb75a936ed402"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fpl7LgHOSIYnbUzhuTiMtBFftiJr5PGsAo6Smb2INo1zxgcTXCRZig7%2BbTOY4u1X04WTr8yV%2FYkghOKPBLOe9vKhUonijiRyeeFSDtaYSimspyRA%2BU9PjUoLso75Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 6993
server: cloudflare
cf-ray: 8b0049821e0b93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/oneko.gif

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/oneko.gif HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/_astro/gdpr.DMDF9Ojm.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/gif
content-length: 3310
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "1a9668c457acbeac335bea80fd4a796e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BXdoHUapzSU7JaDtItVk5DiirftM0MqjGHuNxaKxIyjj8OTCUZ9fqM3lo2SmWBa7HBUKM6CPx5YN2b3jH8nPOLrRq0t%2Bw4oCs3LDb25eViuEW462F9ELW%2FSWXfzzoWktuM8ZWuKwtsx%2FaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6993
accept-ranges: bytes
server: cloudflare
cf-ray: 8b0049821e1293fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/_astro/index.BQ0cYy2H.js

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /_astro/index.BQ0cYy2H.js HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://vencord.dev
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://vencord.dev/_astro/ThemeToggle.DD8uX7ta.js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"a7771440a5f9dc01907602fd15ea8aed"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=palTS9JAMDWvmjmv%2BqFGcvMCzdCsAFLXH1GEIsWLjUYlh1sCvVek0G4XdgISYdnSdVkd1vtEKwtm%2FPfdCVyWEyF88W%2F6jrh4qfKKOxaAM3CwmpiRGFz7%2FRCUxn5l9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 2279
server: cloudflare
cf-ray: 8b0049827e9f93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/_astro/index.DKIpgR2_.js

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /_astro/index.DKIpgR2_.js HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://vencord.dev
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://vencord.dev/_astro/ThemeToggle.DD8uX7ta.js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"c867ca93ba5fb2bb039ac23932ddd901"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FdzfAohOTAIGzZMKNSb1Ac3M0P4hQ61Os3EuydfqAL%2BadKLRRwM1Ag0jvrp5ekUWRDSg5Xzlr2e0Fpk4pkA6aSnHTNvKdQdu3B%2BYiMjHAuHZKZtn9rMBts1cREqTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 6993
server: cloudflare
cf-ray: 8b0049827e9e93fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/assets/favicon.png

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /assets/favicon.png HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:54 GMT
content-type: image/png
content-length: 900
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "76421ec9480aa4acf8535101ad03ce1a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SGcNz78vRzs6P3wcQobMb8FduDxkK%2FEE6pSzYAQkch51BVqA%2F03scUGjp3vfp90PXdvcZsNeDyRstOtU59qFqO%2FcCuDtRGSxPbDnDXGnL4p7T2zEIycaJK%2Fut5nuPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6992
accept-ranges: bytes
server: cloudflare
cf-ray: 8b004982ef8393fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/download

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /download HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 308

date: Thu, 08 Aug 2024 14:44:57 GMT
content-length: 0
location: /download/
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=toFmHc9YY4tvVIgS2JZImh%2B06uqg%2B3PxeaHIDXVNu3ASbHqdCllM3ZweISkdxuri8m2f5c7kmy0uxRRC524dWuU9NwgL7K9ZykWPH5UJJONQcSRDgPyKuFEKlQ59tA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8b0049911cc093fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/download/

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /download/ HTTP/2.0
host: vencord.dev
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:57 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2BBqYYoUvUJc1OsTfd7XrCuYetGcHta%2BntOZeO69LX6gBMfn1YkDV7Hf9vUqwZxvz03eI2AqO4egX16LBkgrrV9hkIjIBIh%2FL4UdT6g1DXqGexbPQJAHCu%2F3%2BWUAaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8b0049917d6993fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/_astro/index.BD4eKIuq.js

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /_astro/index.BD4eKIuq.js HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://vencord.dev
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://vencord.dev/download/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:57 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"ccf67fb1f435eb8684bb640f07d74ee9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KgH8bF64Q%2Bw4yxKJDGJbpRJIzlB2uRtybylkBkJYQHeb49EEB%2FNqYz4Q3wOp07dVRQD%2BzlA%2FozLKTvx2odMN8UfG8MEkAg1FRFxhv%2FIqdenGOI%2FM6dIFHA%2B8%2BdgiIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 2237
server: cloudflare
cf-ray: 8b0049923e9693fb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://vencord.dev/_astro/each.-gASlQSi.js

msedge.exe

Remote address:

172.67.183.184:443

Request

GET /_astro/each.-gASlQSi.js HTTP/2.0
host: vencord.dev
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://vencord.dev
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://vencord.dev/_astro/index.BD4eKIuq.js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 08 Aug 2024 14:44:57 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"6d56ae1a03f787bf6c095fa76e9bbe42"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bo3cNC%2BxWpnr79MA3GEyaxSowLJLgGeTpMtK2HmzME0CodTSTkOGLuNijZivGvYkT7JtIjGikYu62j62%2BUkRbtkskRuybSaBXbgb90ZAAX9yBDsuqiqmFQDCIqC988NtPEawFjLhEsZkOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 3843
server: cloudflare
cf-ray: 8b0049928f0f93fb-LHR
alt-svc: h3=":443"; ma=86400
DNS

184.183.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.183.67.172.in-addr.arpa

IN PTR

Response
DNS

101.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.58.20.217.in-addr.arpa

IN PTR

Response
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

210.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.156.26.20.in-addr.arpa

IN PTR

Response
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

bg.microsoft.map.fastly.net

bg.microsoft.map.fastly.net

IN A

199.232.210.172

bg.microsoft.map.fastly.net

IN A

199.232.214.172
DNS

222.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

222.197.79.204.in-addr.arpa

IN PTR

Response
DNS

t-ring-fallback-s2.msedge.net

Remote address:

8.8.8.8:53

Request

t-ring-fallback-s2.msedge.net

IN A

Response

t-ring-fallback-s2.msedge.net

IN CNAME

t-ring.s-part2-t-9999.fb-t-msedge.net

t-ring.s-part2-t-9999.fb-t-msedge.net

IN CNAME

s-part2-t-9999.fb-t-msedge.net

s-part2-t-9999.fb-t-msedge.net

IN A

13.107.226.254
DNS

browser.pipe.aria.microsoft.com

Remote address:

8.8.8.8:53

Request

browser.pipe.aria.microsoft.com

IN A

Response

browser.pipe.aria.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdwus05.westus.cloudapp.azure.com

onedscolprdwus05.westus.cloudapp.azure.com

IN A

20.189.173.6
DNS

254.253.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.253.107.13.in-addr.arpa

IN PTR

Response
GET

https://github.com/Vencord/Installer/releases/latest/download/VencordInstaller.exe

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Vencord/Installer/releases/latest/download/VencordInstaller.exe HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: GitHub.com
date: Thu, 08 Aug 2024 14:45:01 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://github.com/Vencord/Installer/releases/download/v1.4.0/VencordInstaller.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
set-cookie: _gh_sess=3%2FPBHG4JsJYJnKIQGEvCPl9h3IGDdEQmf5yWhnE72tUMeUvh4jx3NfzXM0l4BGzIW8o8R1iG%2FwCx0ff1kuVlTGcxKHOo83wYjFndjFYk4DPPyAF%2BpCuSwGg2%2BW7FuqrFKId66JSoI%2BsvuecXBhAJjQLMjdmQIWrOOJaezD2c9wHgUf%2BqDxQDA0kvJbP2DDe0%2F%2BuRghdh2I56xSiho7P1XwNkg20ITeSdp3bHivynLzNHZGovrtQmsN6HAq%2FO3VuHlAdtw0iYoMe9XbOBUUoQyA%3D%3D--2572TizPhmaVKChC--fd%2BoJIjD%2FzkzzExYlEhc1g%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1787750430.1723128301; Path=/; Domain=github.com; Expires=Fri, 08 Aug 2025 14:45:01 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 08 Aug 2025 14:45:01 GMT; HttpOnly; Secure; SameSite=Lax
content-length: 0
x-github-request-id: C2B2:10EB1C:27AC6D0:2C212CA:66B4D9ED
GET

https://github.com/Vencord/Installer/releases/download/v1.4.0/VencordInstaller.exe

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Vencord/Installer/releases/download/v1.4.0/VencordInstaller.exe HTTP/2.0
host: github.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=3%2FPBHG4JsJYJnKIQGEvCPl9h3IGDdEQmf5yWhnE72tUMeUvh4jx3NfzXM0l4BGzIW8o8R1iG%2FwCx0ff1kuVlTGcxKHOo83wYjFndjFYk4DPPyAF%2BpCuSwGg2%2BW7FuqrFKId66JSoI%2BsvuecXBhAJjQLMjdmQIWrOOJaezD2c9wHgUf%2BqDxQDA0kvJbP2DDe0%2F%2BuRghdh2I56xSiho7P1XwNkg20ITeSdp3bHivynLzNHZGovrtQmsN6HAq%2FO3VuHlAdtw0iYoMe9XbOBUUoQyA%3D%3D--2572TizPhmaVKChC--fd%2BoJIjD%2FzkzzExYlEhc1g%3D%3D
cookie: _octo=GH1.1.1787750430.1723128301
cookie: logged_in=no

Response

HTTP/2.0 302

server: GitHub.com
date: Thu, 08 Aug 2024 14:45:02 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/556771238/e6f209d5-f5ac-4b74-8139-eeaefa7dfa73?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240808%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240808T144502Z&X-Amz-Expires=300&X-Amz-Signature=c4f4c58dfd551737a65def450c9b4e6aaf31fca801d3933873aca96106dcddda&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=556771238&response-content-disposition=attachment%3B%20filename%3DVencordInstaller.exe&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: C2B2:10EB1C:27AC6FB:2C212F6:66B4D9ED
GET

https://objects.githubusercontent.com/github-production-release-asset-2e65be/556771238/e6f209d5-f5ac-4b74-8139-eeaefa7dfa73?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240808%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240808T144502Z&X-Amz-Expires=300&X-Amz-Signature=c4f4c58dfd551737a65def450c9b4e6aaf31fca801d3933873aca96106dcddda&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=556771238&response-content-disposition=attachment%3B%20filename%3DVencordInstaller.exe&response-content-type=application%2Foctet-stream

msedge.exe

Remote address:

185.199.110.133:443

Request

GET /github-production-release-asset-2e65be/556771238/e6f209d5-f5ac-4b74-8139-eeaefa7dfa73?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240808%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240808T144502Z&X-Amz-Expires=300&X-Amz-Signature=c4f4c58dfd551737a65def450c9b4e6aaf31fca801d3933873aca96106dcddda&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=556771238&response-content-disposition=attachment%3B%20filename%3DVencordInstaller.exe&response-content-type=application%2Foctet-stream HTTP/2.0
host: objects.githubusercontent.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
referer: https://vencord.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/octet-stream
last-modified: Tue, 23 Jan 2024 01:46:29 GMT
etag: "0x8DC1BB51E4724D6"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d6735991-501e-0027-42a0-def691000000
x-ms-version: 2020-10-02
x-ms-creation-time: Tue, 23 Jan 2024 01:46:29 GMT
x-ms-blob-content-md5: G47mHdz9HUJYIddupUyoKQ==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=VencordInstaller.exe
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 7151
date: Thu, 08 Aug 2024 14:45:02 GMT
x-served-by: cache-iad-kcgs7200036-IAD, cache-lon420140-LON
x-cache: HIT, HIT
x-cache-hits: 13, 0
x-timer: S1723128302.192754,VS0,VE1
content-length: 10339840
DNS

64.253.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.253.107.13.in-addr.arpa

IN PTR

Response

172.67.183.184:80

http://vencord.dev/

http

msedge.exe

765 B
1.1kB
7
6

HTTP Request

GET http://vencord.dev/

HTTP Response

301
172.67.183.184:80

vencord.dev

msedge.exe

190 B
132 B
4
3
172.67.183.184:443

https://vencord.dev/_astro/each.-gASlQSi.js

tls, http2

msedge.exe

10.2kB
290.9kB
163
290

HTTP Request

GET https://vencord.dev/

HTTP Response

200

HTTP Request

GET https://vencord.dev/fonts/Inter.var-subset.woff2

HTTP Request

GET https://vencord.dev/_astro/gdpr.DMDF9Ojm.css

HTTP Request

GET https://vencord.dev/assets/logo-nav-oneko-padding.png

HTTP Request

GET https://vencord.dev/assets/cute-logo.avif

HTTP Request

GET https://vencord.dev/assets/light-bulb.png

HTTP Request

GET https://vencord.dev/assets/heart.png

HTTP Request

GET https://vencord.dev/assets/globe.png

HTTP Request

GET https://vencord.dev/assets/locked.png

HTTP Request

GET https://vencord.dev/assets/package.png

HTTP Request

GET https://vencord.dev/assets/hammer-and-wrench.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://vencord.dev/_astro/ThemeToggle.DD8uX7ta.js

HTTP Request

GET https://vencord.dev/_astro/client.Cx1FBVJX.js

HTTP Request

GET https://vencord.dev/assets/oneko.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://vencord.dev/_astro/index.BQ0cYy2H.js

HTTP Request

GET https://vencord.dev/_astro/index.DKIpgR2_.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://vencord.dev/assets/favicon.png

HTTP Response

200

HTTP Request

GET https://vencord.dev/download

HTTP Response

308

HTTP Request

GET https://vencord.dev/download/

HTTP Response

200

HTTP Request

GET https://vencord.dev/_astro/index.BD4eKIuq.js

HTTP Response

200

HTTP Request

GET https://vencord.dev/_astro/each.-gASlQSi.js

HTTP Response

200
20.26.156.215:443

github.com

tls

msedge.exe

989 B
4.0kB
9
7
20.26.156.215:443

https://github.com/Vencord/Installer/releases/download/v1.4.0/VencordInstaller.exe

tls, http2

msedge.exe

2.4kB
13.3kB
17
22

HTTP Request

GET https://github.com/Vencord/Installer/releases/latest/download/VencordInstaller.exe

HTTP Response

302

HTTP Request

GET https://github.com/Vencord/Installer/releases/download/v1.4.0/VencordInstaller.exe

HTTP Response

302
185.199.110.133:443

https://objects.githubusercontent.com/github-production-release-asset-2e65be/556771238/e6f209d5-f5ac-4b74-8139-eeaefa7dfa73?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240808%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240808T144502Z&X-Amz-Expires=300&X-Amz-Signature=c4f4c58dfd551737a65def450c9b4e6aaf31fca801d3933873aca96106dcddda&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=556771238&response-content-disposition=attachment%3B%20filename%3DVencordInstaller.exe&response-content-type=application%2Foctet-stream

tls, http2

msedge.exe

253.0kB
10.7MB
4907
7657

HTTP Request

GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/556771238/e6f209d5-f5ac-4b74-8139-eeaefa7dfa73?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240808%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240808T144502Z&X-Amz-Expires=300&X-Amz-Signature=c4f4c58dfd551737a65def450c9b4e6aaf31fca801d3933873aca96106dcddda&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=556771238&response-content-disposition=attachment%3B%20filename%3DVencordInstaller.exe&response-content-type=application%2Foctet-stream

HTTP Response

200
20.26.156.210:443

api.github.com

VencordInstaller.exe

144 B
52 B
3
1
20.26.156.210:443

api.github.com

VencordInstaller.exe

144 B
52 B
3
1
20.26.156.210:443

api.github.com

VencordInstaller.exe

52 B
1
20.26.156.210:443

api.github.com

VencordInstaller.exe

52 B
1
184.28.176.82:443

www.bing.com

tls

37.0kB
155.2kB
168
144
2.17.209.133:443

r.bing.com

tls

58.6kB
1.5MB
1093
1071
2.17.209.133:443

r.bing.com

tls

1.2kB
5.2kB
16
14
2.17.209.133:443

r.bing.com

tls

1.2kB
5.2kB
16
14
2.17.209.133:443

r.bing.com

tls

1.3kB
5.2kB
17
14
2.17.209.133:443

r.bing.com

tls

1.3kB
5.2kB
17
14
2.17.209.133:443

r.bing.com

tls

1.2kB
5.2kB
16
15
13.107.226.254:443

t-ring-fallback-s2.msedge.net

tls

2.5kB
8.8kB
19
14
13.107.253.254:443

t-ring-fallback.msedge.net

tls

2.5kB
8.8kB
19
14
20.189.173.6:443

browser.pipe.aria.microsoft.com

tls

3.2kB
7.5kB
20
14
13.107.253.64:443

t-ring-s2.msedge.net

tls

2.5kB
8.8kB
19
14

8.8.8.8:53

vencord.dev

dns

msedge.exe

863 B
2.2kB
13
13

DNS Request

vencord.dev

DNS Response

172.67.183.184

104.21.56.91

DNS Request

login.live.com

DNS Response

20.190.159.75

20.190.159.4

20.190.159.64

20.190.159.71

20.190.159.68

20.190.159.2

40.126.31.67

40.126.31.73

DNS Request

ctldl.windowsupdate.com

DNS Response

217.20.58.101

217.20.58.100

217.20.58.35

217.20.56.42

217.20.58.39

217.20.58.99

217.20.58.23

217.20.58.34

DNS Request

75.159.190.20.in-addr.arpa

DNS Request

arc.msn.com

DNS Response

20.103.156.88

DNS Request

github.com

DNS Response

20.26.156.215

DNS Request

133.110.199.185.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.227.14

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

api.github.com

DNS Response

20.26.156.210

DNS Request

133.209.17.2.in-addr.arpa

DNS Request

t-ring-s2.msedge.net

DNS Response

13.107.253.64

DNS Request

6.173.189.20.in-addr.arpa
8.8.8.8:53

184.183.67.172.in-addr.arpa

dns

656 B
1.5kB
9
9

DNS Request

184.183.67.172.in-addr.arpa

DNS Request

101.58.20.217.in-addr.arpa

DNS Request

215.156.26.20.in-addr.arpa

DNS Request

210.156.26.20.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

199.232.210.172

199.232.214.172

DNS Request

222.197.79.204.in-addr.arpa

DNS Request

t-ring-fallback-s2.msedge.net

DNS Response

13.107.226.254

DNS Request

browser.pipe.aria.microsoft.com

DNS Response

20.189.173.6

DNS Request

254.253.107.13.in-addr.arpa
224.0.0.251:5353

msedge.exe

537 B
8
8.8.8.8:53

64.253.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.253.107.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
04aa03c620b247326296a3c28c78cbe1

SHA1
d7ab710b70db42f03624c81d02c3242406ca44e1

SHA256
2e005cb24b0f712a44540cfac776d03f20f52e06b36fb9ae9398bdfd8bf1915a

SHA512
a7a5095fc4b52056f9073bb8ecd450489dcefdf2c774562494185d7846a59189d003c5415be1ac2d15e9558e22411c450fc868007891a28198973d05e4930b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
334B

MD5
d847f4b8953364b6aaf1a0dff6e2ed21

SHA1
f6848625961da76fa6b63764397268f8bba8fb22

SHA256
72238a6dc63ad93e59e1f734d9b040d83905dff13c42b2325ef336e763798e53

SHA512
eed7e21c7a020a062648964acc3c62ab0c24f7296082fc7ddc280ebf03c64d311cd0a5a17386fcc2c4b3356409dbd75735f2756171d658c029b476489eb0b38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c477080f9da20d382a13f3cd720d21f

SHA1
b12a932fd1ff26d0e3a8354363bfd7a69cf17052

SHA256
6d07f6b4c33d00ee7de20671272052289f67c5188bd4ea20eec3452cf7c78644

SHA512
fb0769945a4f3b23c31e762582e4355c5587905a5684b7e1022a0a49e68ad34e0f6b003ce4967daab159aa4cbc406b987fc79ff9faaffd0a9cead8e21ee6b79d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6eacaf0759f512d4b20060a6a327caed

SHA1
86997004e179ddaf6f70bcdb5a7fd168f3c2e04f

SHA256
038b2062bdfb191034595cf71525ebd516496b2fd342641209e97d8c7e687c16

SHA512
17b0bd4fcaf8a28b947a4f36b2f171ed53e09c9def6c6ee526b2e23ecd118ec75f4effcbc6c71288a230a1df6b3653cf216949e900c1abee2d7070cd2834b163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6597b579414a8deff2f99ed3a53177a

SHA1
eaafed1b03b3f80dbdb66880b653464c64186576

SHA256
d7257586bfd7c753b1da86aaddf43de68b04013cbd41814d764e324fc9414d24

SHA512
96b682a44dbc2854e567c8d81117eb428366834f44a5aefbc8e270e553f746eb09c0714ece4be36078e50243bf3c77d56f6089b62ce7179d14db67379465a853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a3b9ceb4c32c0b5af3d4315d117dd589

SHA1
a2df784ed7167886f9891d8cb424b33fd9c16f1a

SHA256
d5c7b1b27e4dfbaddadea0564cb1a935e34d9d81d6db1692944fdbdaf876e91c

SHA512
5e23331f4b5e49d69ba67eea2f655c8ca4dddc36b311aa6d1c021db9a2ab9b8ea41add0d029b84052b057bea76de91ecb616ca6bbdd11724d7f9d1c562ef6842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aec568cc95d7d5b69ced97fcb145e248

SHA1
8e9f851d26510dd38e77700e5e756aadfb1c6d21

SHA256
d6a17874a2c14cb13d047fcf40d9f492ac6f6873e2ac8c7fc0a5860c2df93552

SHA512
8167b0acafaa2fba9fdf143793d1c10f0df8645d1961f115b36896c4def24f2089d6c4f2489bdf00d56d667fff828875adac7a4cdfadf06ba5b7dcc35fdf7d2b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a73ea6e1db27acedbe4055c448f82ef7

SHA1
01769a266d26c4b4b374099606e86b8874ddd55f

SHA256
c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

SHA512
f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 897077.crdownload

Filesize
9.9MB

MD5
1b8ee61ddcfd1d425821d76ea54ca829

SHA1
f8daf2bea3d4a6bfc99455d69c3754054de3baa5

SHA256
dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871

SHA512
75ba16ddc75564e84f5d248326908065942ad50631ec30d7952069caee15b8c5411a8802d25d38e9d80e042f1dde97a0326f4ab4f1c90f8e4b81396ca69c229a

Download Submit
C:\Users\Admin\Downloads\VencordInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/944-139-0x00007FF760940000-0x00007FF761BB9000-memory.dmp

Filesize
18.5MB

Download
memory/1344-164-0x00007FF760940000-0x00007FF761BB9000-memory.dmp

Filesize
18.5MB

Download
memory/3848-175-0x00007FF760940000-0x00007FF761BB9000-memory.dmp

Filesize
18.5MB

Download
memory/4716-122-0x00007FF623410000-0x00007FF624689000-memory.dmp

Filesize
18.5MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request