Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 05:08

General

  • Target

    Exela-V2.0-main/README.html

  • Size

    7KB

  • MD5

    5a9c53cab4888a16488776dabaa8ffa0

  • SHA1

    819665cd8bf93032d177243a8c88a0414a5f67de

  • SHA256

    862c3d6ddfa842f83fc5106366c8e761edda554dcb6e1d8c54b7078995c49e31

  • SHA512

    f3cc668d6994c2877bb3ba86f1a49d2535656f030c25aae4a1ec101cf0ab7b4e78414ef00a0b0c820a9870145fc297ae4072c7711ccefcc1057435194a3ed274

  • SSDEEP

    192:vSWDPtBfIaR6kBxowZq3THlWmpBwBOXoslY705N:vSWDVBfIaRBxowZGTHlWmIUXTYAj

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\README.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0a346f8,0x7ffed0a34708,0x7ffed0a34718
      2⤵
        PID:3248
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:3496
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2756
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
          2⤵
            PID:1708
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
            2⤵
              PID:1132
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:3028
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
                2⤵
                  PID:5012
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4884
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                  2⤵
                    PID:4280
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                    2⤵
                      PID:1500
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
                      2⤵
                        PID:3632
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                        2⤵
                          PID:2332
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7774025358060181577,15441035263619531734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:424
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1952
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4984

                          Network

                          • flag-us
                            DNS
                            i.hizliresim.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            i.hizliresim.com
                            IN A
                            Response
                            i.hizliresim.com
                            IN A
                            172.67.154.131
                            i.hizliresim.com
                            IN A
                            104.21.82.74
                          • flag-us
                            GET
                            https://i.hizliresim.com/tlw310u.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /tlw310u.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 53968
                            cache-control: max-age=31556926
                            etag: "6169c95d2fb0a7adfa4d8988ff86de01"
                            last-modified: Sun, 13 Aug 2023 12:48:02 GMT
                            x-amz-id-2: mAVxi4/XnFbNItbALZXuKmWQ4OUE3COVvDLRjUIuuHJX/pRwxg4PJz9RP3pW+YmpWZPEXBBQ69Ub
                            x-amz-request-id: C0636E9D864D2714:A
                            x-wasabi-cm-reference-id: 1728600890365 38.27.106.123 ConID:1226995373/EngineConID:12000927/Core:42
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqs%2BsHyI8Gq4vzkQxWnHkGF%2B3ysoRcKZp7IvgH9b9PvAbdVqyTljxtnxag10tbFucfa7mqwvLGtFtvba5g9ILqv4gblKrWcHznPZG3SNVAFuCuC5SSPt5kS%2BrW6Lx1PRPO16"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492b998a3beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/lydcp4j.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /lydcp4j.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 39320
                            cache-control: max-age=31556926
                            etag: "0569a50c4421c7456a71f787310bb15b"
                            last-modified: Wed, 04 Oct 2023 14:20:39 GMT
                            x-amz-id-2: lTsjD9eTqki0xAxy54jVhre+oh3MkiAznM80Vmf9stF/rYaoJcCtkMLXDwBrdEl8npkw10U077Fx
                            x-amz-request-id: 72396FC010CB9AA9:A
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3hiADIJ0HABxCw5uPozUkX864DNW4Yb3ZhQ4e5vNZqR6hic9rlyOsl9ptukP%2FmtU5zZtpDYVY03GWGPs1thhfOhK%2Fjecdt9Ha4tkyxYPO0BMwQ1uRV3qXpMf4fUXwwkaTZph"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492b998a6beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/fkrwgnz.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /fkrwgnz.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 68556
                            cache-control: max-age=31556926
                            etag: "c5bc91c3e6801e6e25ddcd5dad2a1e88"
                            last-modified: Wed, 04 Oct 2023 14:19:07 GMT
                            x-amz-id-2: MYLkp5CviDB6wzxEz841TuqQ69yzyr1ypHiTyNTeCi87KMnuvDj3r7u1gEdxSed35/SUP0QMYk2o
                            x-amz-request-id: 0865690909B80854:B
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZAuZRxzh1VfPslS373BysyDvdhYb3aPRQKdTnYtuAARPwvSQy0NWcFSQsspM5wPxGJT6NREB2B2WEq0Pptf0nq8gUE1ZyCkvUCZrqOyvi50Fpc7WXWzTIVJUn3cwYN%2FGp5Yi"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492b998a2beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/p6g34k7.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /p6g34k7.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 45861
                            cache-control: max-age=31556926
                            etag: "29d3425c5fd10dc65b03eba24b668ef4"
                            last-modified: Wed, 04 Oct 2023 14:19:27 GMT
                            x-amz-id-2: 9wj1RAF4ejmftaDxTarBO+A490dwrVuWrI6DviCr1r9TmUQLCjyaMtvCQ06T1BdRAWnL/9dwUWC0
                            x-amz-request-id: 4CDE2D2DE3B45086:A
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FngPYTnZWPMrg9zgUsmhErxMAeJXCDGRlZBZ8pwaxXSZzmCns%2FdvpjyVi99sgRnHV9takQ9lCfPjuy3ju1S%2F1nYVrLSVRJmf9eCJtMqIaapaLaAUfhZq%2BbAnIMokUyTIS42q"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492b998a4beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/pwjcr7q.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /pwjcr7q.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 60327
                            cache-control: max-age=31556926
                            etag: "46d694d52c9ea9882459910086f18360"
                            last-modified: Sun, 12 Nov 2023 13:14:19 GMT
                            x-amz-id-2: iUGl553dN0G67MB/omeFb5S7Iv2DMoW8T2j4TpclF6KfIKutkveEhhqrgWtGJ3LFz6S70qk3SXTV
                            x-amz-request-id: 501232DA4208CCD3:B
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TVr1%2BRdYyuVqaz85XcuIUWutSYDeAPA%2BPNWiUAISQq2Z8SeqeCVXsObq6OF7SzZ3BQoJB16Lpuf7Gna8C9P9%2BFfL8C2dfsP8HrOj6GNWkWYyol8Q7PGVvo3%2BQeFXSc%2BlwA2B"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492b998a1beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/rq5f3aq.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /rq5f3aq.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 37004
                            cache-control: max-age=31556926
                            etag: "4936cc1dabbd55c2264343d039d91e08"
                            last-modified: Wed, 04 Oct 2023 14:19:18 GMT
                            x-amz-id-2: ByzvNB3uokyiNanphkdTcmg5VoDxXdKPIpc7GQM3Tlfv/VcVrDyMhQOLtAD4VRpWWA96lb1wzZaz
                            x-amz-request-id: B1F053A6A20E989D:A
                            x-wasabi-cm-reference-id: 1726245142775 38.27.106.102 ConID:610286164/EngineConID:7863401/Core:38
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4odkV239H2IvyFjRR4nopQ2uFdpiR4t47XK9%2BUOanLjGMOIKFyJsvyXl6CsxFNJVohLS8hwxT5hS5LZJpx5AmtzA5fWWuyXFzCKhp6QLZpmiGE8CSHjzicYixydo19JHBt4"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492b998a0beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/1tgq2pk.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /1tgq2pk.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 33379
                            cache-control: max-age=31556926
                            etag: "7644a0bdacf30aa5d9ef641554bc28b3"
                            last-modified: Sat, 19 Aug 2023 09:36:11 GMT
                            x-amz-id-2: SZYndJcPYkmxMbVSPbZdLiPA3H6rREv4I1EEQz7mXLvN9Z91miQr0RN6RvG0fKekwNHAdjy9RflU
                            x-amz-request-id: C7D21820F53EB9DD:A
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KM0VTU66gnWN1Ll96Ijp2J1ElonVsW8Ob2d8wn32YdSzGyz%2FrGVRXucaY0tjPP1BhEeWm46rnlrdETOOYvelTf%2Ban1RRXQNceo71b5AS8EJZmrUQ0VycowPd9gOCTG2FqA%2Bq"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492ba7964beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/q7fo0uh.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /q7fo0uh.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 33412
                            cache-control: max-age=31556926
                            etag: "90884d4859d09e90b3d11ee3faf93fda"
                            last-modified: Wed, 04 Oct 2023 14:19:49 GMT
                            x-amz-id-2: fl1Cbj5+ZGhQEUEAyGjQpuSnHWOTFwKOHq11Dd2fO/0popw9p7KBTm+vln1FxLWfXN1LlsX2xgLl
                            x-amz-request-id: 2C4222E817F2BAD0:A
                            x-wasabi-cm-reference-id: 1726245142874 38.27.106.106 ConID:233182867/EngineConID:2988443/Core:64
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xEsOCQ1oLRjyKUq6m6hUz5rsyHphpAG6YRorn2unBUCXYpTWxyE0VgOOdptA8vXpjrc9SeCxlmfG%2BxHohcf4gkCAsP2uAE1F2hps8IYz38KM4Fqo4vh0TyxviJFCVAs04U49"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492ba795ebeb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/6lq5j31.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /6lq5j31.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 32269
                            cache-control: max-age=31556926
                            etag: "44b81a6eef1b2b40251788231a7e006a"
                            last-modified: Sun, 12 Nov 2023 13:10:18 GMT
                            x-amz-id-2: ipy3OOiDQ86wPua7N7aKwrcw/raLFPDNzN+Pg6AexdCXlSQik7xf1jI7Uhkp3Kf3oBYD6Di0Ztzg
                            x-amz-request-id: 919A1506274A834B:B
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JMTQJ2PLi57Kc%2B65L9WmqUcecBMaVu9K3ZzmB7Nz1EtSAJPDaXVooMaShllt%2FyuukpG%2FRTOAw5HSq1AeM7FG50U6kxoHmv71vlLx4oPbXhdDFVZM9riBmT7%2F%2Br9u0MzvKMd2"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492ba7962beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/74f0h7v.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /74f0h7v.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 45405
                            cache-control: max-age=31556926
                            etag: "c870ddec1fd912b163673fa32ad13e7b"
                            last-modified: Wed, 04 Oct 2023 14:19:59 GMT
                            x-amz-id-2: TYmm9oKBbtNgAbEcvv2qTNlYeMY2vuqEg70dQibqQOJNCcwiL+Os+cQCSqTOhcPmjdkXR1yKohuA
                            x-amz-request-id: C80C17CF9F4B2188:B
                            x-wasabi-cm-reference-id: 1726245142434 38.27.106.126 ConID:1956460301/EngineConID:25413219/Core:15
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1WIWWuTstQCJE%2BNjZ%2BbQfh3NYJxRon01kj7PRWoi3eRpOce8PoFCw%2BMDP6w4cJBE8YzcdjMIO59wNt13hZPUcMpqQr4gjy9aJSuEAirqJuaqWplpa9LvsjYdCVNQFJ%2Fvtz%2Bx"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492ba7960beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/hoih3vl.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /hoih3vl.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 42576
                            cache-control: max-age=31556926
                            etag: "1c061d3a63919d39e4ccc177c259160c"
                            last-modified: Wed, 04 Oct 2023 14:20:21 GMT
                            x-amz-id-2: +03cfyKjeun5Q2sGdU1zDbwzww4ZYwsCrxk6EKro0abJ//4BZ1v08UPbhxHo66CQXEpxp8BoyzxT
                            x-amz-request-id: 2C3326F39F226B64:A
                            x-wasabi-cm-reference-id: 1726799109721 38.27.106.119 ConID:231949654/EngineConID:2944655/Core:10
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aGAQFxb0ghL4ZkLKU6Y2P7%2Bdq8jnO5K0fYIYUx779j%2FEBC8q15LPpS%2F3%2B5DKqV8ooE8zhlw8bCsd6zDiE4kKYRqkKvM6B3kGwxvFGZX%2FIIsPrtecrx%2BSkI3sm9bFVV6wdzDk"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492ba7958beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/d94lzcd.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /d94lzcd.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 25139
                            cache-control: max-age=31556926
                            etag: "188807eb36acb7278be3688419ae5700"
                            last-modified: Wed, 04 Oct 2023 14:20:11 GMT
                            x-amz-id-2: aIIESsR4YDjZ+8eSiNcLh3AkrrABxm2KZbcp+5FGMZ9PO3dF7iVbNc7yeU4jkzCjM1ixawbz5kxi
                            x-amz-request-id: 4D868B0A615D7A01:A
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wmX3cN4BdaNqEsYypd0TMrC5ts2mgH2xPPSKrMIVfZDpB1LAh687gnQ1L2FwhVSwcf3SdXFpyjsEaY%2B6jg6K6HCdeNR25KcjZ3%2BAffMSqPYjXhef%2BzWcm9%2BsLYpO9%2BY0rAXa"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492ba7961beb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/bpvju1g.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /bpvju1g.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 31560
                            cache-control: max-age=31556926
                            etag: "c5dbeddf8c848007d4d241e9c97f424a"
                            last-modified: Wed, 04 Oct 2023 14:20:30 GMT
                            x-amz-id-2: olZ+FXszeDmQl1+ljk06e8UolL5rg3IEWwureJDkod9fQOBOA9y5yrBqpM22RfoBLT2SOtijl6d3
                            x-amz-request-id: 2861861D369A14FA:B
                            x-wasabi-cm-reference-id: 1726245142807 38.27.106.101 ConID:2039907343/EngineConID:25857614/Core:71
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ipWZH7T%2ByYCOpVq6jXUG2bEgKGxmFuNTrtoRuo32%2BWDb82qKsMEd0LV9mWYRaMZ2AON%2FerAqyOZsqlVJeYmZtZf6H%2BV%2B9%2BM0SggDH28adBQidaC64w2dR8CA%2FgmgWmM5E3Rm"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492ba795bbeb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://i.hizliresim.com/2t4wk7a.png
                            msedge.exe
                            Remote address:
                            172.67.154.131:443
                            Request
                            GET /2t4wk7a.png HTTP/2.0
                            host: i.hizliresim.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 12 Oct 2024 05:08:38 GMT
                            content-type: image/jpeg
                            content-length: 40163
                            cache-control: max-age=31556926
                            etag: "6a9c984cef1fe05704ad1b071bff37a4"
                            last-modified: Wed, 04 Oct 2023 14:19:38 GMT
                            x-amz-id-2: CflwAUg+HNPcOT5opiyKzIWA8hjAF2K+uLsSlO5fNZ9NMLz48Z3RJTtV607fsQOHvcvNxb0rGD5H
                            x-amz-request-id: 943A6FF2B26F7CA4:B
                            x-wasabi-cm-reference-id: 1727439572335 38.27.106.126 ConID:302706842/EngineConID:2835853/Core:5
                            cf-cache-status: HIT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qx82tW4Nc%2BIgOrcdl8cC%2FahsHgHT7nBis4UqrMM%2FCaJHfxypoBMSyC6UFU9%2BUvBuXNmjeAnVCOhnpr7wYZtFAmo1T1bw5XBnKdqwJfOPrqrlq1FriHy2QgiKG9HNgzMlf5ay"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            expect-ct: max-age=86400, enforce
                            referrer-policy: same-origin
                            x-content-type-options: nosniff
                            x-frame-options: SAMEORIGIN
                            x-xss-protection: 1; mode=block
                            server: cloudflare
                            cf-ray: 8d1492ba795dbeb0-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            67.31.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            67.31.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            131.154.67.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            131.154.67.172.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            172.210.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.210.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            205.47.74.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            205.47.74.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            197.87.175.4.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            197.87.175.4.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            198.187.3.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            198.187.3.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            75.117.19.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            75.117.19.2.in-addr.arpa
                            IN PTR
                            Response
                            75.117.19.2.in-addr.arpa
                            IN PTR
                            a2-19-117-75deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            240.221.184.93.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            240.221.184.93.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            48.229.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            48.229.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • 172.67.154.131:443
                            i.hizliresim.com
                            tls, http2
                            msedge.exe
                            943 B
                            3.1kB
                            8
                            6
                          • 172.67.154.131:443
                            i.hizliresim.com
                            tls, http2
                            msedge.exe
                            943 B
                            3.1kB
                            8
                            6
                          • 172.67.154.131:443
                            https://i.hizliresim.com/2t4wk7a.png
                            tls, http2
                            msedge.exe
                            17.9kB
                            622.4kB
                            333
                            497

                            HTTP Request

                            GET https://i.hizliresim.com/tlw310u.png

                            HTTP Request

                            GET https://i.hizliresim.com/lydcp4j.png

                            HTTP Request

                            GET https://i.hizliresim.com/fkrwgnz.png

                            HTTP Request

                            GET https://i.hizliresim.com/p6g34k7.png

                            HTTP Request

                            GET https://i.hizliresim.com/pwjcr7q.png

                            HTTP Request

                            GET https://i.hizliresim.com/rq5f3aq.png

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Request

                            GET https://i.hizliresim.com/1tgq2pk.png

                            HTTP Request

                            GET https://i.hizliresim.com/q7fo0uh.png

                            HTTP Request

                            GET https://i.hizliresim.com/6lq5j31.png

                            HTTP Request

                            GET https://i.hizliresim.com/74f0h7v.png

                            HTTP Request

                            GET https://i.hizliresim.com/hoih3vl.png

                            HTTP Request

                            GET https://i.hizliresim.com/d94lzcd.png

                            HTTP Request

                            GET https://i.hizliresim.com/bpvju1g.png

                            HTTP Request

                            GET https://i.hizliresim.com/2t4wk7a.png

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200
                          • 172.67.154.131:443
                            i.hizliresim.com
                            tls, http2
                            msedge.exe
                            943 B
                            3.1kB
                            8
                            6
                          • 172.67.154.131:443
                            i.hizliresim.com
                            tls
                            msedge.exe
                            793 B
                            2.5kB
                            6
                            4
                          • 172.67.154.131:443
                            i.hizliresim.com
                            tls
                            msedge.exe
                            793 B
                            2.5kB
                            6
                            4
                          • 8.8.8.8:53
                            i.hizliresim.com
                            dns
                            msedge.exe
                            62 B
                            94 B
                            1
                            1

                            DNS Request

                            i.hizliresim.com

                            DNS Response

                            172.67.154.131
                            104.21.82.74

                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                            90 B
                            1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            67.31.126.40.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            67.31.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            131.154.67.172.in-addr.arpa
                            dns
                            73 B
                            135 B
                            1
                            1

                            DNS Request

                            131.154.67.172.in-addr.arpa

                          • 8.8.8.8:53
                            172.210.232.199.in-addr.arpa
                            dns
                            74 B
                            128 B
                            1
                            1

                            DNS Request

                            172.210.232.199.in-addr.arpa

                          • 8.8.8.8:53
                            205.47.74.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            205.47.74.20.in-addr.arpa

                          • 224.0.0.251:5353
                            384 B
                            6
                          • 8.8.8.8:53
                            197.87.175.4.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            197.87.175.4.in-addr.arpa

                          • 8.8.8.8:53
                            198.187.3.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            198.187.3.20.in-addr.arpa

                          • 8.8.8.8:53
                            75.117.19.2.in-addr.arpa
                            dns
                            70 B
                            133 B
                            1
                            1

                            DNS Request

                            75.117.19.2.in-addr.arpa

                          • 8.8.8.8:53
                            240.221.184.93.in-addr.arpa
                            dns
                            73 B
                            144 B
                            1
                            1

                            DNS Request

                            240.221.184.93.in-addr.arpa

                          • 8.8.8.8:53
                            48.229.111.52.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            48.229.111.52.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            b8880802fc2bb880a7a869faa01315b0

                            SHA1

                            51d1a3fa2c272f094515675d82150bfce08ee8d3

                            SHA256

                            467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

                            SHA512

                            e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            ba6ef346187b40694d493da98d5da979

                            SHA1

                            643c15bec043f8673943885199bb06cd1652ee37

                            SHA256

                            d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

                            SHA512

                            2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            184B

                            MD5

                            ba8c04fc774f982147151c0bcfcdc522

                            SHA1

                            8d914e214ff4997c755f8359f9a3aaed8c6c0a1e

                            SHA256

                            0d7e4e9d535c38baf3e877a492ee1e547e7cf724dba5755516ec16083bb67117

                            SHA512

                            04f77280e86c66f5ed5132f34dc4a21f1a481297c0838459f72429ebdc2fc0ac7c348d033cee93d10dae8306e38ec6680fd296f757ef361dd2112a5b58918d7c

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            cd96f01e6bcb8bfce44f01550b9288ab

                            SHA1

                            34c21dc1fadd7ea2c491153acbc9ee271b0a3a86

                            SHA256

                            530fe1d1c792896f2f91d31cf12c71be1e531c56e1e9de1d62f8c6dfad6ec905

                            SHA512

                            861b911264fb3cc96426ae073b1c3dac3bd889ea87e7617b2eea83565711bd017f6f5f54f0fef761d91987fe69f3169f4ae683ea61a00280bcac8e63d70a2a35

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            3443761983fcff1f9c1076ca0c99b120

                            SHA1

                            5a0476ea3262718afcd5c1c59d7193ec91e87380

                            SHA256

                            3d88fbd319e984e30b04e689d443c293e7a8a12e523dc8838f1cfa430373d989

                            SHA512

                            7423f24c3e18b73df6760fb043b23cf5f28881dcc4e46bb290f9e16afeb5af03d5bb8eb49e75d19cbb1392fb2c4e935c17ed464588032cd4b73e12cd0d91b3b0

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            10KB

                            MD5

                            091b92c69916dec12912b718ef4aee0b

                            SHA1

                            267cb291a84b76a90f5b199327dd98a5693264ae

                            SHA256

                            4002f073b57c19468b0fc3399cfac64e7b4f118b680229a1dc570efa6777bd4a

                            SHA512

                            2a0c8c33179d756717ecd891a2f8c20bcfff80dd28f8d4cc71443679dc806eaaabf5d7c95bf26e1818a1b2234b312e9c8e107810d6a1242870c410c54121fbb9

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.