Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

05/11/2024, 04:41 UTC

241105-fa9m2axlfp 10

05/11/2024, 04:38 UTC

241105-e9f94avcnc 10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2024, 04:38 UTC

General

  • Target

    https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/

Malware Config

Signatures

  • Babuk Locker

    RaaS first seen in 2021 initially called Vasa Locker.

  • Babuk family
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Renames multiple (165) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 19 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Detects Pyinstaller 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Interacts with shadow copies 3 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4684
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb397546f8,0x7ffb39754708,0x7ffb39754718
      2⤵
        PID:4036
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:3880
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4908
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
          2⤵
            PID:1904
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
            2⤵
              PID:4364
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
              2⤵
                PID:4472
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                2⤵
                  PID:1732
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
                  2⤵
                    PID:2888
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 /prefetch:8
                    2⤵
                      PID:1044
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1444
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                      2⤵
                        PID:3260
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
                        2⤵
                          PID:816
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
                          2⤵
                            PID:5332
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                            2⤵
                              PID:5340
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6024 /prefetch:8
                              2⤵
                                PID:3240
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                                2⤵
                                  PID:1460
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2916
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,119346326213895314,17119318746897684376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3168 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3456
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2380
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4948
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:4488
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac\" -spe -an -ai#7zMap30289:190:7zEvent21667
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:1804
                                    • C:\Users\Admin\Downloads\79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac\79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac.exe
                                      "C:\Users\Admin\Downloads\79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac\79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac.exe"
                                      1⤵
                                      • Checks computer location settings
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:5756
                                      • C:\Users\Admin\AppData\Local\Temp\valorant-skin-cli.exe
                                        "C:\Users\Admin\AppData\Local\Temp\valorant-skin-cli.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        PID:3060
                                        • C:\Users\Admin\AppData\Local\Temp\valorant-skin-cli.exe
                                          "C:\Users\Admin\AppData\Local\Temp\valorant-skin-cli.exe"
                                          3⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:1164
                                      • C:\Users\Admin\AppData\Local\Temp\e_win.exe
                                        "C:\Users\Admin\AppData\Local\Temp\e_win.exe"
                                        2⤵
                                        • Checks computer location settings
                                        • Executes dropped EXE
                                        • Enumerates connected drives
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5024
                                        • C:\Windows\System32\cmd.exe
                                          "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
                                          3⤵
                                            PID:4372
                                            • C:\Windows\system32\vssadmin.exe
                                              vssadmin.exe delete shadows /all /quiet
                                              4⤵
                                              • Interacts with shadow copies
                                              PID:5268
                                          • C:\Windows\System32\cmd.exe
                                            "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
                                            3⤵
                                              PID:2348
                                              • C:\Windows\system32\vssadmin.exe
                                                vssadmin.exe delete shadows /all /quiet
                                                4⤵
                                                • Interacts with shadow copies
                                                PID:5540
                                        • C:\Windows\system32\vssvc.exe
                                          C:\Windows\system32\vssvc.exe
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:5660

                                        Network

                                        • flag-us
                                          DNS
                                          8.8.8.8.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          8.8.8.8.in-addr.arpa
                                          IN PTR
                                          Response
                                          8.8.8.8.in-addr.arpa
                                          IN PTR
                                          dnsgoogle
                                        • flag-us
                                          DNS
                                          bazaar.abuse.ch
                                          msedge.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          bazaar.abuse.ch
                                          IN A
                                          Response
                                          bazaar.abuse.ch
                                          IN CNAME
                                          p2.shared.global.fastly.net
                                          p2.shared.global.fastly.net
                                          IN A
                                          151.101.194.49
                                          p2.shared.global.fastly.net
                                          IN A
                                          151.101.66.49
                                          p2.shared.global.fastly.net
                                          IN A
                                          151.101.130.49
                                          p2.shared.global.fastly.net
                                          IN A
                                          151.101.2.49
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/ HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          sec-ch-ua-mobile: ?0
                                          dnt: 1
                                          upgrade-insecure-requests: 1
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                          sec-fetch-site: none
                                          sec-fetch-mode: navigate
                                          sec-fetch-user: ?1
                                          sec-fetch-dest: document
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          Response
                                          HTTP/2.0 307
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          set-cookie: BAZAAR=i8gmshgji40h95tljg28kash3c; path=/
                                          expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          cache-control: no-store, no-cache, must-revalidate
                                          pragma: no-cache
                                          location: https://bazaar.abuse.ch/verify-ua/
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/html; charset=UTF-8
                                          accept-ranges: bytes
                                          via: 1.1 varnish, 1.1 varnish
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams21050-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: MISS, MISS
                                          x-cache-hits: 0, 0
                                          x-timer: S1730781501.170374,VS0,VE72
                                          content-length: 0
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/verify-ua/
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /verify-ua/ HTTP/2.0
                                          host: bazaar.abuse.ch
                                          dnt: 1
                                          upgrade-insecure-requests: 1
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                          sec-fetch-site: none
                                          sec-fetch-mode: navigate
                                          sec-fetch-user: ?1
                                          sec-fetch-dest: document
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          sec-ch-ua-mobile: ?0
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          cache-control: no-store, no-cache, must-revalidate
                                          expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          pragma: no-cache
                                          content-encoding: gzip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/html; charset=UTF-8
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 0
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams2100085-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: MISS, MISS
                                          x-cache-hits: 0, 0
                                          x-timer: S1730781501.267542,VS0,VE65
                                          vary: Accept-Encoding
                                          content-length: 1723
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/css/bootstrap.min.css
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /css/bootstrap.min.css HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/css,*/*;q=0.1
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: style
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          last-modified: Tue, 31 Mar 2020 10:58:16 GMT
                                          etag: "2606e-5a22471e07c28-gzip"
                                          cache-control: max-age=15552000
                                          expires: Tue, 11 Mar 2025 03:32:57 GMT
                                          content-encoding: gzip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/css
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 1716271
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams2100127-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, HIT
                                          x-cache-hits: 5461, 0
                                          x-timer: S1730781501.419580,VS0,VE1
                                          vary: Accept-Encoding
                                          content-length: 23238
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/css/all.min.css
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /css/all.min.css HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/css,*/*;q=0.1
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: style
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          last-modified: Tue, 31 Mar 2020 10:58:18 GMT
                                          etag: "6b-5a22471fee1ff-gzip"
                                          cache-control: max-age=15552000
                                          expires: Sun, 25 Feb 2024 01:01:01 GMT
                                          content-encoding: gzip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/css
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 1119071
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams21048-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, HIT
                                          x-cache-hits: 2430, 0
                                          x-timer: S1730781501.420482,VS0,VE1
                                          vary: Accept-Encoding
                                          content-length: 114
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/css/jumbotron.css
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /css/jumbotron.css HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/css,*/*;q=0.1
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: style
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          last-modified: Sat, 31 Jul 2021 09:22:22 GMT
                                          etag: "15ee-5c867dfa1c874-gzip"
                                          cache-control: max-age=15552000
                                          expires: Tue, 11 Mar 2025 01:02:51 GMT
                                          content-encoding: gzip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/css
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 1802990
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams21079-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, HIT
                                          x-cache-hits: 11201, 0
                                          x-timer: S1730781501.420614,VS0,VE1
                                          vary: Accept-Encoding
                                          content-length: 1731
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/css/custom.css
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /css/custom.css HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/css,*/*;q=0.1
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: style
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          last-modified: Tue, 31 Mar 2020 10:58:13 GMT
                                          etag: "e4d2-5a22471b39eea-gzip"
                                          cache-control: max-age=15552000
                                          expires: Sun, 10 Mar 2024 02:29:57 GMT
                                          content-encoding: gzip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/css
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 167454
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams12727-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, HIT
                                          x-cache-hits: 1017, 0
                                          x-timer: S1730781501.420375,VS0,VE2
                                          vary: Accept-Encoding
                                          content-length: 12674
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/js/jquery-3.5.1.min.js
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /js/jquery-3.5.1.min.js HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: */*
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: script
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          last-modified: Tue, 31 Mar 2020 10:56:36 GMT
                                          etag: "ea6a-5a2246be52e25-gzip"
                                          content-encoding: gzip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/javascript
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 2313
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams21028-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, HIT
                                          x-cache-hits: 10, 0
                                          x-timer: S1730781501.467489,VS0,VE1
                                          vary: Accept-Encoding
                                          content-length: 15921
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/js/bootstrap.min.js
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /js/bootstrap.min.js HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: */*
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: script
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          last-modified: Sun, 11 Oct 2020 09:36:52 GMT
                                          etag: "1302-5b161ebf5e105"
                                          cache-control: max-age=31104000
                                          expires: Sun, 08 Jun 2025 23:13:33 GMT
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: image/png
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 1195614
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams2100108-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, HIT
                                          x-cache-hits: 276, 0
                                          x-timer: S1730781501.470930,VS0,VE1
                                          content-length: 4866
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/images/malwarebazaar_logo.png
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /images/malwarebazaar_logo.png HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: image
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          last-modified: Thu, 09 Sep 2021 15:21:40 GMT
                                          etag: "15d84-5cb918e3d752c-gzip"
                                          content-encoding: gzip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/javascript
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 0
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams2100088-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, MISS
                                          x-cache-hits: 6, 0
                                          x-timer: S1730781501.464920,VS0,VE9
                                          vary: Accept-Encoding
                                          content-length: 30910
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/webfonts/fa-solid-900.woff2
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /webfonts/fa-solid-900.woff2 HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          origin: https://bazaar.abuse.ch
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          dnt: 1
                                          accept: */*
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: cors
                                          sec-fetch-dest: font
                                          referer: https://bazaar.abuse.ch/css/all.min.css
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          cache-control: max-age=2628000, public
                                          last-modified: Tue, 31 Mar 2020 10:33:21 GMT
                                          etag: "13654-5a22418c97675"
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: font/woff2
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 770378
                                          date: Tue, 05 Nov 2024 04:38:21 GMT
                                          x-served-by: cache-ams12721-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, HIT
                                          x-cache-hits: 1030, 0
                                          x-timer: S1730781502.612275,VS0,VE1
                                          content-length: 79444
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/favicon.ico
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /favicon.ico HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: image
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          cookie: _ga=GA1.1.69002329.1730781501
                                          cookie: _ga_5GQV3CJ17N=GS1.1.1730781500.1.0.1730781500.0.0.0
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          last-modified: Tue, 17 Mar 2020 13:15:06 GMT
                                          etag: "208-5a10cb977cbc9"
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: image/vnd.microsoft.icon
                                          content-encoding: gzip
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 2313
                                          date: Tue, 05 Nov 2024 04:38:22 GMT
                                          x-served-by: cache-ams2100089-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: HIT, HIT
                                          x-cache-hits: 1476, 0
                                          x-timer: S1730781503.560128,VS0,VE3
                                          vary: Accept-Encoding
                                          content-length: 543
                                        • flag-us
                                          POST
                                          https://bazaar.abuse.ch/verify-ua/
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          POST /verify-ua/ HTTP/2.0
                                          host: bazaar.abuse.ch
                                          content-length: 910
                                          cache-control: max-age=0
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          sec-ch-ua-mobile: ?0
                                          origin: https://bazaar.abuse.ch
                                          upgrade-insecure-requests: 1
                                          dnt: 1
                                          content-type: application/x-www-form-urlencoded
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: navigate
                                          sec-fetch-user: ?1
                                          sec-fetch-dest: document
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          cookie: _ga=GA1.1.69002329.1730781501
                                          cookie: _ga_5GQV3CJ17N=GS1.1.1730781500.1.0.1730781500.0.0.0
                                          Response
                                          HTTP/2.0 302
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          cache-control: no-store, no-cache, must-revalidate
                                          expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          pragma: no-cache
                                          location: https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/html; charset=UTF-8
                                          accept-ranges: bytes
                                          via: 1.1 varnish, 1.1 varnish
                                          date: Tue, 05 Nov 2024 04:38:53 GMT
                                          x-served-by: cache-ams21023-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: MISS, MISS
                                          x-cache-hits: 0, 0
                                          x-timer: S1730781533.121609,VS0,VE99
                                          content-length: 0
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/ HTTP/2.0
                                          host: bazaar.abuse.ch
                                          cache-control: max-age=0
                                          upgrade-insecure-requests: 1
                                          dnt: 1
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: navigate
                                          sec-fetch-user: ?1
                                          sec-fetch-dest: document
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          sec-ch-ua-mobile: ?0
                                          referer: https://bazaar.abuse.ch/verify-ua/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          cookie: _ga=GA1.1.69002329.1730781501
                                          cookie: _ga_5GQV3CJ17N=GS1.1.1730781500.1.0.1730781500.0.0.0
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          cache-control: no-store, no-cache, must-revalidate
                                          pragma: no-cache
                                          content-encoding: gzip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: text/html; charset=UTF-8
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 0
                                          date: Tue, 05 Nov 2024 04:38:53 GMT
                                          x-served-by: cache-ams21050-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: MISS, MISS
                                          x-cache-hits: 0, 0
                                          x-timer: S1730781533.252916,VS0,VE145
                                          vary: Accept-Encoding
                                          content-length: 1697
                                        • flag-us
                                          GET
                                          https://bazaar.abuse.ch/download/1c95d6cb1102b140b84c/
                                          msedge.exe
                                          Remote address:
                                          151.101.194.49:443
                                          Request
                                          GET /download/1c95d6cb1102b140b84c/ HTTP/2.0
                                          host: bazaar.abuse.ch
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          sec-ch-ua-mobile: ?0
                                          upgrade-insecure-requests: 1
                                          dnt: 1
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                          sec-fetch-site: same-origin
                                          sec-fetch-mode: navigate
                                          sec-fetch-user: ?1
                                          sec-fetch-dest: document
                                          referer: https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                          cookie: BAZAAR=i8gmshgji40h95tljg28kash3c
                                          cookie: _ga=GA1.1.69002329.1730781501
                                          cookie: _ga_5GQV3CJ17N=GS1.1.1730781500.1.1.1730781532.0.0.0
                                          Response
                                          HTTP/2.0 200
                                          server: Apache
                                          strict-transport-security: max-age=15768000 ; includeSubDomains
                                          permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
                                          referrer-policy: strict-origin-when-cross-origin
                                          expect-ct: enforce, max-age=86400
                                          content-security-policy: default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
                                          cross-origin-opener-policy: same-origin; report-to="default"
                                          cross-origin-resource-policy: same-site
                                          expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          cache-control: no-store, no-cache, must-revalidate
                                          pragma: no-cache
                                          content-disposition: attachment; filename=79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac.zip
                                          x-content-type-options: nosniff
                                          x-frame-options: sameorigin
                                          x-xss-protection: 1; mode=block
                                          content-type: application/zip
                                          via: 1.1 varnish, 1.1 varnish
                                          accept-ranges: bytes
                                          age: 0
                                          date: Tue, 05 Nov 2024 04:39:05 GMT
                                          x-served-by: cache-ams2100119-AMS, cache-lcy-eglc8600062-LCY
                                          x-cache: MISS, MISS
                                          x-cache-hits: 0, 0
                                          x-timer: S1730781544.139146,VS0,VE1075
                                          content-length: 12335968
                                        • flag-us
                                          DNS
                                          196.249.167.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          196.249.167.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          172.210.232.199.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          172.210.232.199.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          49.194.101.151.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          49.194.101.151.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          71.31.126.40.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          71.31.126.40.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          www.google.com
                                          msedge.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          www.google.com
                                          IN A
                                          Response
                                          www.google.com
                                          IN A
                                          142.250.180.4
                                        • flag-gb
                                          GET
                                          https://www.google.com/recaptcha/api.js
                                          msedge.exe
                                          Remote address:
                                          142.250.180.4:443
                                          Request
                                          GET /recaptcha/api.js HTTP/2.0
                                          host: www.google.com
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          dnt: 1
                                          sec-ch-ua-mobile: ?0
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: */*
                                          sec-fetch-site: cross-site
                                          sec-fetch-mode: no-cors
                                          sec-fetch-dest: script
                                          referer: https://bazaar.abuse.ch/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                        • flag-gb
                                          GET
                                          https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdYAEwiAAAAAByRYwW_lxPMZ2RAuk-VPAz1n8NR&co=aHR0cHM6Ly9iYXphYXIuYWJ1c2UuY2g6NDQz&hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&size=normal&cb=w6z4pjbszr3e
                                          msedge.exe
                                          Remote address:
                                          142.250.180.4:443
                                          Request
                                          GET /recaptcha/api2/anchor?ar=1&k=6LdYAEwiAAAAAByRYwW_lxPMZ2RAuk-VPAz1n8NR&co=aHR0cHM6Ly9iYXphYXIuYWJ1c2UuY2g6NDQz&hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&size=normal&cb=w6z4pjbszr3e HTTP/2.0
                                          host: www.google.com
                                          sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                          sec-ch-ua-mobile: ?0
                                          upgrade-insecure-requests: 1
                                          dnt: 1
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                          sec-fetch-site: cross-site
                                          sec-fetch-mode: navigate
                                          sec-fetch-dest: iframe
                                          referer: https://bazaar.abuse.ch/
                                          accept-encoding: gzip, deflate, br
                                          accept-language: en-US,en;q=0.9
                                        • flag-us
                                          DNS
                                          226.21.18.104.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          226.21.18.104.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          95.221.229.192.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          95.221.229.192.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          200.187.250.142.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          200.187.250.142.in-addr.arpa
                                          IN PTR
                                          Response
                                          200.187.250.142.in-addr.arpa
                                          IN PTR
                                          lhr25s33-in-f81e100net
                                        • flag-us
                                          DNS
                                          4.180.250.142.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          4.180.250.142.in-addr.arpa
                                          IN PTR
                                          Response
                                          4.180.250.142.in-addr.arpa
                                          IN PTR
                                          lhr25s32-in-f41e100net
                                        • flag-us
                                          DNS
                                          3.180.250.142.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          3.180.250.142.in-addr.arpa
                                          IN PTR
                                          Response
                                          3.180.250.142.in-addr.arpa
                                          IN PTR
                                          lhr25s32-in-f31e100net
                                        • flag-us
                                          DNS
                                          97.17.167.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          97.17.167.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          35.200.250.142.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          35.200.250.142.in-addr.arpa
                                          IN PTR
                                          Response
                                          35.200.250.142.in-addr.arpa
                                          IN PTR
                                          lhr48s30-in-f31e100net
                                        • flag-us
                                          DNS
                                          43.58.199.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          43.58.199.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          232.168.11.51.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          232.168.11.51.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          212.20.149.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          212.20.149.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          206.23.85.13.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          206.23.85.13.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          10.161.213.23.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          10.161.213.23.in-addr.arpa
                                          IN PTR
                                          Response
                                          10.161.213.23.in-addr.arpa
                                          IN PTR
                                          a23-213-161-10deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          83.210.23.2.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          83.210.23.2.in-addr.arpa
                                          IN PTR
                                          Response
                                          83.210.23.2.in-addr.arpa
                                          IN PTR
                                          a2-23-210-83deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          68.209.201.84.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          68.209.201.84.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          88.156.103.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          88.156.103.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          22.236.111.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          22.236.111.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          tse1.mm.bing.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          tse1.mm.bing.net
                                          IN A
                                          Response
                                          tse1.mm.bing.net
                                          IN CNAME
                                          mm-mm.bing.net.trafficmanager.net
                                          mm-mm.bing.net.trafficmanager.net
                                          IN CNAME
                                          ax-0001.ax-msedge.net
                                          ax-0001.ax-msedge.net
                                          IN A
                                          150.171.27.10
                                          ax-0001.ax-msedge.net
                                          IN A
                                          150.171.28.10
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317301657_1A2Y2HPL5GA07URZQ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /th?id=OADD2.10239317301657_1A2Y2HPL5GA07URZQ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 787151
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 6E8A6FC77ADE4FB4955309A86C05EBB1 Ref B: LON601060107036 Ref C: 2024-11-05T04:40:09Z
                                          date: Tue, 05 Nov 2024 04:40:09 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239340418595_19TRV8HP5YIGTZD3I&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /th?id=OADD2.10239340418595_19TRV8HP5YIGTZD3I&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 525337
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: AE2B331C4AB1458A80E6E99841A59805 Ref B: LON601060107036 Ref C: 2024-11-05T04:40:09Z
                                          date: Tue, 05 Nov 2024 04:40:09 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239339388111_1XGVGDXXGM4UED7TP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /th?id=OADD2.10239339388111_1XGVGDXXGM4UED7TP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 439986
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 78E532514C93428895FBD68BE88284E7 Ref B: LON601060107036 Ref C: 2024-11-05T04:40:09Z
                                          date: Tue, 05 Nov 2024 04:40:09 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239340418596_1ZW2YDLAK01V77NJD&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /th?id=OADD2.10239340418596_1ZW2YDLAK01V77NJD&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 604398
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 4E02D435EA5A48858CE5E5BE4AE953C7 Ref B: LON601060107036 Ref C: 2024-11-05T04:40:09Z
                                          date: Tue, 05 Nov 2024 04:40:09 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317301248_1XIEMIBBUMA1BDE5T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /th?id=OADD2.10239317301248_1XIEMIBBUMA1BDE5T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 674188
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 72C7A0BB30D6483C8DD2A2B1DDBF28AF Ref B: LON601060107036 Ref C: 2024-11-05T04:40:09Z
                                          date: Tue, 05 Nov 2024 04:40:09 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239339388112_1D9RCOGNLARU8ARO7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /th?id=OADD2.10239339388112_1D9RCOGNLARU8ARO7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 360094
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: C12ACAEA10394F448975910D0032C80A Ref B: LON601060107036 Ref C: 2024-11-05T04:40:09Z
                                          date: Tue, 05 Nov 2024 04:40:09 GMT
                                        • 151.101.194.49:443
                                          https://bazaar.abuse.ch/download/1c95d6cb1102b140b84c/
                                          tls, http2
                                          msedge.exe
                                          271.0kB
                                          13.0MB
                                          5414
                                          9333

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/

                                          HTTP Response

                                          307

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/verify-ua/

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/css/bootstrap.min.css

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/css/all.min.css

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/css/jumbotron.css

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/css/custom.css

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/js/jquery-3.5.1.min.js

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/js/bootstrap.min.js

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/images/malwarebazaar_logo.png

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/webfonts/fa-solid-900.woff2

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/favicon.ico

                                          HTTP Response

                                          200

                                          HTTP Request

                                          POST https://bazaar.abuse.ch/verify-ua/

                                          HTTP Response

                                          302

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/download/79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac/

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET https://bazaar.abuse.ch/download/1c95d6cb1102b140b84c/

                                          HTTP Response

                                          200
                                        • 142.250.180.4:443
                                          https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdYAEwiAAAAAByRYwW_lxPMZ2RAuk-VPAz1n8NR&co=aHR0cHM6Ly9iYXphYXIuYWJ1c2UuY2g6NDQz&hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&size=normal&cb=w6z4pjbszr3e
                                          tls, http2
                                          msedge.exe
                                          2.7kB
                                          41.4kB
                                          28
                                          42

                                          HTTP Request

                                          GET https://www.google.com/recaptcha/api.js

                                          HTTP Request

                                          GET https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdYAEwiAAAAAByRYwW_lxPMZ2RAuk-VPAz1n8NR&co=aHR0cHM6Ly9iYXphYXIuYWJ1c2UuY2g6NDQz&hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&size=normal&cb=w6z4pjbszr3e
                                        • 150.171.27.10:443
                                          tse1.mm.bing.net
                                          tls, http2
                                          1.2kB
                                          6.9kB
                                          15
                                          13
                                        • 150.171.27.10:443
                                          tse1.mm.bing.net
                                          tls, http2
                                          1.2kB
                                          6.9kB
                                          15
                                          13
                                        • 150.171.27.10:443
                                          tse1.mm.bing.net
                                          tls, http2
                                          1.2kB
                                          6.9kB
                                          15
                                          13
                                        • 150.171.27.10:443
                                          tse1.mm.bing.net
                                          tls, http2
                                          1.2kB
                                          6.9kB
                                          15
                                          13
                                        • 150.171.27.10:443
                                          https://tse1.mm.bing.net/th?id=OADD2.10239339388112_1D9RCOGNLARU8ARO7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                          tls, http2
                                          122.9kB
                                          3.5MB
                                          2555
                                          2552

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301657_1A2Y2HPL5GA07URZQ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239340418595_19TRV8HP5YIGTZD3I&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239339388111_1XGVGDXXGM4UED7TP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239340418596_1ZW2YDLAK01V77NJD&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301248_1XIEMIBBUMA1BDE5T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239339388112_1D9RCOGNLARU8ARO7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                          HTTP Response

                                          200
                                        • 8.8.8.8:53
                                          8.8.8.8.in-addr.arpa
                                          dns
                                          66 B
                                          90 B
                                          1
                                          1

                                          DNS Request

                                          8.8.8.8.in-addr.arpa

                                        • 8.8.8.8:53
                                          bazaar.abuse.ch
                                          dns
                                          msedge.exe
                                          61 B
                                          166 B
                                          1
                                          1

                                          DNS Request

                                          bazaar.abuse.ch

                                          DNS Response

                                          151.101.194.49
                                          151.101.66.49
                                          151.101.130.49
                                          151.101.2.49

                                        • 8.8.8.8:53
                                          196.249.167.52.in-addr.arpa
                                          dns
                                          73 B
                                          147 B
                                          1
                                          1

                                          DNS Request

                                          196.249.167.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          172.210.232.199.in-addr.arpa
                                          dns
                                          74 B
                                          128 B
                                          1
                                          1

                                          DNS Request

                                          172.210.232.199.in-addr.arpa

                                        • 8.8.8.8:53
                                          49.194.101.151.in-addr.arpa
                                          dns
                                          73 B
                                          133 B
                                          1
                                          1

                                          DNS Request

                                          49.194.101.151.in-addr.arpa

                                        • 8.8.8.8:53
                                          71.31.126.40.in-addr.arpa
                                          dns
                                          71 B
                                          157 B
                                          1
                                          1

                                          DNS Request

                                          71.31.126.40.in-addr.arpa

                                        • 8.8.8.8:53
                                          www.google.com
                                          dns
                                          msedge.exe
                                          60 B
                                          76 B
                                          1
                                          1

                                          DNS Request

                                          www.google.com

                                          DNS Response

                                          142.250.180.4

                                        • 8.8.8.8:53
                                          226.21.18.104.in-addr.arpa
                                          dns
                                          72 B
                                          134 B
                                          1
                                          1

                                          DNS Request

                                          226.21.18.104.in-addr.arpa

                                        • 8.8.8.8:53
                                          95.221.229.192.in-addr.arpa
                                          dns
                                          73 B
                                          144 B
                                          1
                                          1

                                          DNS Request

                                          95.221.229.192.in-addr.arpa

                                        • 8.8.8.8:53
                                          200.187.250.142.in-addr.arpa
                                          dns
                                          74 B
                                          112 B
                                          1
                                          1

                                          DNS Request

                                          200.187.250.142.in-addr.arpa

                                        • 8.8.8.8:53
                                          4.180.250.142.in-addr.arpa
                                          dns
                                          72 B
                                          110 B
                                          1
                                          1

                                          DNS Request

                                          4.180.250.142.in-addr.arpa

                                        • 142.250.180.4:443
                                          www.google.com
                                          https
                                          msedge.exe
                                          43.8kB
                                          174.5kB
                                          109
                                          174
                                        • 142.250.180.4:443
                                          www.google.com
                                          https
                                          msedge.exe
                                          2.5kB
                                          16.0kB
                                          9
                                          16
                                        • 8.8.8.8:53
                                          3.180.250.142.in-addr.arpa
                                          dns
                                          72 B
                                          110 B
                                          1
                                          1

                                          DNS Request

                                          3.180.250.142.in-addr.arpa

                                        • 8.8.8.8:53
                                          97.17.167.52.in-addr.arpa
                                          dns
                                          71 B
                                          145 B
                                          1
                                          1

                                          DNS Request

                                          97.17.167.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          35.200.250.142.in-addr.arpa
                                          dns
                                          73 B
                                          111 B
                                          1
                                          1

                                          DNS Request

                                          35.200.250.142.in-addr.arpa

                                        • 224.0.0.251:5353
                                          521 B
                                          8
                                        • 8.8.8.8:53
                                          43.58.199.20.in-addr.arpa
                                          dns
                                          71 B
                                          157 B
                                          1
                                          1

                                          DNS Request

                                          43.58.199.20.in-addr.arpa

                                        • 8.8.8.8:53
                                          232.168.11.51.in-addr.arpa
                                          dns
                                          72 B
                                          158 B
                                          1
                                          1

                                          DNS Request

                                          232.168.11.51.in-addr.arpa

                                        • 8.8.8.8:53
                                          212.20.149.52.in-addr.arpa
                                          dns
                                          72 B
                                          146 B
                                          1
                                          1

                                          DNS Request

                                          212.20.149.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          206.23.85.13.in-addr.arpa
                                          dns
                                          71 B
                                          145 B
                                          1
                                          1

                                          DNS Request

                                          206.23.85.13.in-addr.arpa

                                        • 8.8.8.8:53
                                          10.161.213.23.in-addr.arpa
                                          dns
                                          72 B
                                          137 B
                                          1
                                          1

                                          DNS Request

                                          10.161.213.23.in-addr.arpa

                                        • 8.8.8.8:53
                                          83.210.23.2.in-addr.arpa
                                          dns
                                          70 B
                                          133 B
                                          1
                                          1

                                          DNS Request

                                          83.210.23.2.in-addr.arpa

                                        • 8.8.8.8:53
                                          68.209.201.84.in-addr.arpa
                                          dns
                                          72 B
                                          132 B
                                          1
                                          1

                                          DNS Request

                                          68.209.201.84.in-addr.arpa

                                        • 8.8.8.8:53
                                          88.156.103.20.in-addr.arpa
                                          dns
                                          72 B
                                          158 B
                                          1
                                          1

                                          DNS Request

                                          88.156.103.20.in-addr.arpa

                                        • 8.8.8.8:53
                                          22.236.111.52.in-addr.arpa
                                          dns
                                          72 B
                                          158 B
                                          1
                                          1

                                          DNS Request

                                          22.236.111.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          tse1.mm.bing.net
                                          dns
                                          62 B
                                          170 B
                                          1
                                          1

                                          DNS Request

                                          tse1.mm.bing.net

                                          DNS Response

                                          150.171.27.10
                                          150.171.28.10

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                          Filesize

                                          152B

                                          MD5

                                          56a4f78e21616a6e19da57228569489b

                                          SHA1

                                          21bfabbfc294d5f2aa1da825c5590d760483bc76

                                          SHA256

                                          d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

                                          SHA512

                                          c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                          Filesize

                                          152B

                                          MD5

                                          e443ee4336fcf13c698b8ab5f3c173d0

                                          SHA1

                                          9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

                                          SHA256

                                          79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

                                          SHA512

                                          cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                          Filesize

                                          215KB

                                          MD5

                                          e579aca9a74ae76669750d8879e16bf3

                                          SHA1

                                          0b8f462b46ec2b2dbaa728bea79d611411bae752

                                          SHA256

                                          6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

                                          SHA512

                                          df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          264B

                                          MD5

                                          f0b8cb648784f6a45c5f9cbb40a43926

                                          SHA1

                                          f4fee41f67013a42014ecb2209a3549d5d3d7b7c

                                          SHA256

                                          f7fcb7a8f74605fba090a04c9b6abba5c224ad9d821e0a3277dd3d7b0a6fa483

                                          SHA512

                                          eda48a85c6fb9dc69eb4f522af9b70297673e073353a347ef890cc8ca79cd90037cf7ebee8d13eb722e7559a9808fb83c6ceaecd29cc264292aed9c579a4c545

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          216B

                                          MD5

                                          6de5bd18bb13a6f0967bf5891c10902c

                                          SHA1

                                          ee09c1f562983126942cd12cf2ae694b496b7425

                                          SHA256

                                          9a66b0edd9386e247fceecd043306782ff806d98917c25e814d9b50bcadf6252

                                          SHA512

                                          230b7dba69711f408502ce092275abe9046da47d72f522e6a563651583efc1099e81f8b574f2d0b4dfd0526a572c6bc002f90df032fecedcffd668ef1acde6ed

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                          Filesize

                                          1KB

                                          MD5

                                          159eb5ea9822f3bc2d13425733fa7c72

                                          SHA1

                                          6fd8036a68968274d68db67dedbb5280bba17e67

                                          SHA256

                                          b96b0c643efd48917ce59d4e5b3971c6b147d1654e12ca89b6f163c43ad2c987

                                          SHA512

                                          3deab7dc35d37af5225d1c943f95a75bbc6e185765d796182dc3fe840a0e0c850624964c30c99ba17d7c324dd73c0eebce68e783076eca00fdd92e84f203587e

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                          Filesize

                                          5KB

                                          MD5

                                          9d51cd390b0fd6b9a96f1405f20572c2

                                          SHA1

                                          9a579157664ef49583322e1bfb418090a3bf07d8

                                          SHA256

                                          560736a4ca0da9c7755f17685729c6cc1ecf1ebef44b35b06748a766716f0451

                                          SHA512

                                          44479e992699ecbb85dc32afbdc904cb90977055ce98d70f69b03fdd24d7401da18e4e69e5c01c572cc842f1ebe0b0b35ee089da35271700a2f019cceba6546d

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          7e77dc22b3937d5518ec56320a732673

                                          SHA1

                                          24cb0bc98e768d1d38488fb82dfe36daa9a317bb

                                          SHA256

                                          42567071bef2dfd8678381590cd32ccd5372a4f85eb6ee95ffbcfa62cc773547

                                          SHA512

                                          02b6ded37f8e59d439eab27ec732980ed64e79e3e50342d5e014a0c2d81711f2e15e4c1cc824e694dd3c72342df547c0341ec3459b019ecd0f6d9082ab5ba5bc

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          90aaed2dd8d8b54d8b441b8d66d0944d

                                          SHA1

                                          2a2b2bfaf17210002f809bb5201613e81e50aa4d

                                          SHA256

                                          d46d375d810fb19d99098984983af081b00811855be3b8fe9f665c3c17131635

                                          SHA512

                                          784867c40028e7e11715b19a30711b0e9ff2a689d8e7c4a438f2336e4f39951af42118395a5b5a5f4ea3dd7ea134308c555cb3e4f2b0e14e92858afc14652770

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          5fef3b1f8f38fbba3bb7c15aa3a010aa

                                          SHA1

                                          018451f227e66af46057d170e303fd83f438b580

                                          SHA256

                                          32c7b8f87e0b7272451e240d6b6599bf6309f087bc328eec869ecfc36e9f8248

                                          SHA512

                                          df4ffd04ce7e8df436fa41ce12af467251f42968dd913bb01fe8eef035aedd951c91871abaf18ae759f583beac6955bdc840db9ba6fedf2f2d4ea283e1216f6b

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                          Filesize

                                          368B

                                          MD5

                                          9788e6ff6452a85e47d85ee9f55e4c4b

                                          SHA1

                                          163736ab117a9a7287dd8d9b3cd3c9f3e9afaa10

                                          SHA256

                                          ad001fa8b3e074fd895c708eceb6baea1e02d75573536c702a15167746547f49

                                          SHA512

                                          8ab07902699a5ee13616db44270e0aa9a6c9657720825f2d470df42b5d891bb8b0941cf35731cc87ec749687f6426b11ab9a67e7339bd53c5aa1e86040dcfdb3

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                          Filesize

                                          368B

                                          MD5

                                          921b494f844233350cbfb96a76fa1d6f

                                          SHA1

                                          04f7aeebce8aa0e3668cde9a729892dac9455061

                                          SHA256

                                          bfcb23fa612ab74621cb4b957e5ea641996cd82792065c9ae919e6587f23d8db

                                          SHA512

                                          a55e1d525146150bf7f59713d644a985ee717d70773be7f02747aeafcf8505d453872d80ce4e003047e42e3f3803636c778ce88f541383bb79cb48c3244fa925

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58491a.TMP

                                          Filesize

                                          368B

                                          MD5

                                          136f70194a2e11173e84ecf86c97a94a

                                          SHA1

                                          1dfc97165f3089729015178bc65b3a869fc7c99c

                                          SHA256

                                          d5c00eaf6df28f69d13fccf08a844e5ed6f054648f730ea6f115faf816cac770

                                          SHA512

                                          44f2ddd12012cb273ba6f335c0bce9897dfbf5b79398c9fd3fd13e9818645222f0815fc5f749e51c101ba35f138972516943406b6414a5833fbf10a5693b465f

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c806695a-b6ad-4873-9f59-cd15ed6979e5.tmp

                                          Filesize

                                          1KB

                                          MD5

                                          d2be9b37005c047769ad17270e670fca

                                          SHA1

                                          3b6f43b772c36ea5c8214f6a866869f7d2a9b4f7

                                          SHA256

                                          3c202e1f47b6668c90e87bcc48f27fb4f76bb046449cd89973d0461ff93bfa8b

                                          SHA512

                                          8c7f7cb805b4c6c26d95ca4c8476d13780931f07c0fef08b9808efb22ffaaf59141574f96994a62ae76a00aa1b2b2b54fae6f6715d558770a045fc6c202c8c37

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                          Filesize

                                          12KB

                                          MD5

                                          bd5fff167d91cfbbbde98605fb0179d5

                                          SHA1

                                          c17743985f2d165cb44b4b1129cd115ab1f10840

                                          SHA256

                                          b4d1f3b6942465afca55ebcd9a5217e41cffa8579f93e2c0b811735f0a9fffbc

                                          SHA512

                                          11b2ad195db408bfa99fe61aa84d36b87e89c997e4267783e9699036bb7b25b5cd9955ad2e5a0f99cc30fb3157a2a056ff579ca31db561b863dbae413b84215b

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                          Filesize

                                          11KB

                                          MD5

                                          4578a70db8df22f51dee80594bcd9ddd

                                          SHA1

                                          cf4d582947c38df7dc2e5fbf59289948a84fa9a1

                                          SHA256

                                          2a7e3d60d934947a35a45e1ab6c829c0a1ab2a313118ef25ae6dcedafa10f40a

                                          SHA512

                                          9a22988f9bf4cee529874fb9eb03ad772427b0f9fa3b6b765014b805b3140ed3d766e96e40262e8074a98bea35bb53f735d07eeab144fb82ab304e37c007d619

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\VCRUNTIME140.dll

                                          Filesize

                                          87KB

                                          MD5

                                          0e675d4a7a5b7ccd69013386793f68eb

                                          SHA1

                                          6e5821ddd8fea6681bda4448816f39984a33596b

                                          SHA256

                                          bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

                                          SHA512

                                          cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_asyncio.pyd

                                          Filesize

                                          70KB

                                          MD5

                                          45126a5a3995f890e5c942ba615a569c

                                          SHA1

                                          928aa2b9f2e2485dc835c6d0f92999f5d5581264

                                          SHA256

                                          490e3b87f7a570ee09e4d95a439c525883b4ab22b701cf89f68409a559e7bbf3

                                          SHA512

                                          dcc282bc6e6b524f1e9a66a042a10afb13aecc6a77f18414524d1e7db69aaa919b856a415e81acd79a58b069b2d5a8b12f61dc25f1f62c486805fab15f439232

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_bz2.pyd

                                          Filesize

                                          87KB

                                          MD5

                                          92075c2759ac8246953e6fa6323e43fe

                                          SHA1

                                          6818befe630c2656183ea7fe735db159804b7773

                                          SHA256

                                          e7af6119b56ddd47fd0a909710f7163d7ef4822405fc138d24e6ce9de7a5022f

                                          SHA512

                                          7f3a4409859695f53291c96dd487bca2649815bad5f4610c2c6f92777411d39210e293d962573a20dfe73ea15331de7e6c18b017ae1d6f226387eab1fc1f586c

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_ctypes.pyd

                                          Filesize

                                          131KB

                                          MD5

                                          2787764fe3056f37c79a3fc79e620172

                                          SHA1

                                          a64d1a047ba644d0588dc4288b74925ed72e6ed4

                                          SHA256

                                          41c593c960f3f89b1e1629c6b7bd6171fe306168f816bef02027332a263de117

                                          SHA512

                                          1dc5bb470be558c643a3f68e23423697384bc547b1192cd398dff640e28f7df85563bc87643cdcde9b8b4f880f272e13a673a018ae251e100bd99790f993afa0

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_hashlib.pyd

                                          Filesize

                                          38KB

                                          MD5

                                          7808b500fbfb17c968f10ee6d68461df

                                          SHA1

                                          2a8e54037e7d03d20244fefd8247cf218e1d668f

                                          SHA256

                                          e2701f4e4a7556adab7415e448070289ba4fe047227f48c3a049d7c3154aff0b

                                          SHA512

                                          b4239e792141bcf924f61bfd46033934337079b245f423b34820d36c6599ca35ab06bc525acfff4cafa75e31975fcd0409dedd203377d642fc5dc55ec2c1fa27

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_lzma.pyd

                                          Filesize

                                          251KB

                                          MD5

                                          ab582419629183e1615b76fc5d2c7704

                                          SHA1

                                          b78ee7e725a417bef50cca47590950e970eae200

                                          SHA256

                                          5a45f7cd517ad396a042bc2767ae73221dc68f934e828a9433249924a371ee5e

                                          SHA512

                                          3f38441dd0b88b486dafaa1e15d07f0ee467a362c1603071a2fa79de770fa061ced25ca790f0d3139f31178c719cc82ac88601262e2a0ca809708dfa3f6f76ca

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_overlapped.pyd

                                          Filesize

                                          43KB

                                          MD5

                                          73ed0ee50db2ea98118f704e78d5e95e

                                          SHA1

                                          93d6cf61c8848e70f2afffc698f9718a18ad74ce

                                          SHA256

                                          009cadfd046eee91e183489edf6b8ad8562e5c9e851ef4ad0034b5d88201c942

                                          SHA512

                                          efd98f373f2309bf50139b35fb17e0d1355bed421c827224d8eba093f3005c3325cc55ef2853cd2d55e2873c9a73e3867bbe4d267f52c6fab5cddc8f2d076a97

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_queue.pyd

                                          Filesize

                                          27KB

                                          MD5

                                          a48af48dd880c11673469c1ade525558

                                          SHA1

                                          01e9bbcd7eccaa6d5033544e875c7c20f8812124

                                          SHA256

                                          a98e9f330eeaf40ef516237ab5bc1efac1fc49ed321a128be78dd3fb8733e0a4

                                          SHA512

                                          a535dadb79c1ca10506858226442d1d1fb00e5d6f99afa6b539e2506a6627a7bd624a7ee2bc61f55c974113de80fd7a95e6c18e9402736d32d5099077ca1b913

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_socket.pyd

                                          Filesize

                                          74KB

                                          MD5

                                          10cd16bb63862536570c717ffc453da4

                                          SHA1

                                          b3ef50d7ac4652b5c35f1d86a0130fb43dd5a669

                                          SHA256

                                          e002a1bd6fba44681d557b64d439585dba9820226e1c3da5a62628bbaa930ae3

                                          SHA512

                                          55ee581c4005901661efaf9aad6ea39b2b2e265579539d464d62e4209638567b3b9fdd945d0bed0a1047f977d374a5707a970c621ca289077e2d6c5aeca491b1

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\_ssl.pyd

                                          Filesize

                                          121KB

                                          MD5

                                          8b5af5ac31b6bde9023a4adc3e7f0ce1

                                          SHA1

                                          c5d7eaaed9be784227a0854bfb8a983058410a35

                                          SHA256

                                          7040d3712f31b7d11882ce8c907452fa725678b646b900f6868f43ab3e4ddab6

                                          SHA512

                                          499aa2321a2e5492c700513d63cf08fc12d3a430a5e9f5d865279919f6d7b74385b6767bbee63616f84b52d02070b16b2d4c3921163c42864f33e7b5331b1444

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\base_library.zip

                                          Filesize

                                          759KB

                                          MD5

                                          5cb31103b8c5e6ceaaa78e4f3f961e2d

                                          SHA1

                                          cb14e1205c62cc3e8e808259f51731864724c541

                                          SHA256

                                          eff3e9c4b1a960c3cdc4f3a85d416b93c4d34ba1f76f3008eaba369f7fafeecd

                                          SHA512

                                          42b2776e7c20919805594d4fc1d6446eeecc27a60154577568fdb04fc811250cc5410dd1afdf25c61e22c8ef3f4f77670b01e586317b810a3365a877b5f6bdb7

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\certifi\cacert.pem

                                          Filesize

                                          253KB

                                          MD5

                                          3dcd08b803fbb28231e18b5d1eef4258

                                          SHA1

                                          b81ea40b943cd8a0c341f3a13e5bc05090b5a72a

                                          SHA256

                                          de2fa17c4d8ae68dc204a1b6b58b7a7a12569367cfeb8a3a4e1f377c73e83e9e

                                          SHA512

                                          9cc7106e921fbcf8c56745b38051a5a56154c600e3c553f2e64d93ec988c88b17f6d49698bdc18e3aa57ae96a79ee2c08c584c7c4c91cc6ea72db3dca6ccc2f5

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\libcrypto-1_1.dll

                                          Filesize

                                          3.2MB

                                          MD5

                                          bf83f8ad60cb9db462ce62c73208a30d

                                          SHA1

                                          f1bc7dbc1e5b00426a51878719196d78981674c4

                                          SHA256

                                          012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

                                          SHA512

                                          ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\libssl-1_1.dll

                                          Filesize

                                          670KB

                                          MD5

                                          fe1f3632af98e7b7a2799e3973ba03cf

                                          SHA1

                                          353c7382e2de3ccdd2a4911e9e158e7c78648496

                                          SHA256

                                          1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b

                                          SHA512

                                          a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\psutil\_psutil_windows.cp37-win_amd64.pyd

                                          Filesize

                                          72KB

                                          MD5

                                          eb2e7580f823b00576880cada4526092

                                          SHA1

                                          9195525a1e9cbac344171dd5333f2df0852c890f

                                          SHA256

                                          3ee35d8a42d5951c8498246aa6d302bbffecea65a2fcaa78a069011c6f543d59

                                          SHA512

                                          aaaef52e15a61490d87c2c1e49713590b3bfb65229c4318fa51bee92b9440e1fd546bfe8773440b559a55a9525f51ed2bfc9996fb4de50476533db3d6f284b77

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\pyexpat.pyd

                                          Filesize

                                          194KB

                                          MD5

                                          02d615171b805cc573b28e17611f663f

                                          SHA1

                                          2e63b78316b4eae6ee1c25f1f10fbbb84ecef054

                                          SHA256

                                          e60b5cbdf7480db1fc829e05ce45703d43d5ba25fdf7fba21cca1d38b1f3b3a4

                                          SHA512

                                          b61cd3d16d1a192016a50342ae71fee8f764c4c156e275a320f74cc4ec65755c91c022231d09a76b59d6225960f5a930f1887003b1d6984beeb5a9648b045427

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\python37.dll

                                          Filesize

                                          3.6MB

                                          MD5

                                          c4e99d7375888d873d2478769a8d844c

                                          SHA1

                                          881e42ad9b7da068ee7a6d133484f9d39519ca7e

                                          SHA256

                                          12f26beb439ddf8d56e7544b06a0675d5da6670c02f8f9cede7aad1de71eb116

                                          SHA512

                                          a5b79a919f15cda2c295c8da923ffe5dd30408376e459669e4e376b9d4d504d43671518d7085352bb90c4ce4efc6d81c91ac6cedbdaa896f916d80f7346a695b

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\select.pyd

                                          Filesize

                                          26KB

                                          MD5

                                          39b7c056bca546778690b9922315f9ff

                                          SHA1

                                          5f62169c8de1f72db601d30b37d157478723859b

                                          SHA256

                                          9514b4c40c35396b1952a8acf805e993a3875b37370f44ef36ed33c7151412ef

                                          SHA512

                                          229538131d83299ea90652818c99972c1ee692c070e7fea9599420c99dd8ae75fb2367e9509aad23984fe0a8d21221a59bd57493b5cd1d6c7391c3c55d714e94

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\ucrtbase.dll

                                          Filesize

                                          983KB

                                          MD5

                                          e3cbcb26ee85737e70ce55d498fcaa38

                                          SHA1

                                          8dcdcf5e8d9b621a149163cc3f12d01fde1ef4ac

                                          SHA256

                                          8ab85c80c5d9ad3618fd86aa45a878bb5a5d7e449528c317a8239c33876c75b5

                                          SHA512

                                          eb85a84f0d7e4f65ab67869e56b68f8da72a570b9b2fd0ee28e9d3ea9a80b4d35352261213b0e26d9d7592e750a0870e7b62df69e948bc060b0bfe6cea9fb12d

                                        • C:\Users\Admin\AppData\Local\Temp\_MEI30602\unicodedata.pyd

                                          Filesize

                                          1.0MB

                                          MD5

                                          d2ab7f9a441bb139feeb0e11eb600371

                                          SHA1

                                          467aeb881fccd4a43a16f319635da81f05279cc6

                                          SHA256

                                          465ab1b24c39a5a5da9415c96740dfdb4d071b25a7a87e275841e1d66a57e88f

                                          SHA512

                                          cf8eaae07c176fab5ca54a3935ec2fd6933e3f2d0ca107bf60f1389f2258865d101685918c7a04802da2a97980747935f1b56b0da3d1db3a1ea282f74db0b6a0

                                        • C:\Users\Admin\AppData\Local\Temp\e_win.exe

                                          Filesize

                                          79KB

                                          MD5

                                          2298d910b2d34e870e0f561eda4dcfc6

                                          SHA1

                                          078b2cace5161e34aaaaeba6bfbe3f6259651f34

                                          SHA256

                                          bb845cf9c1674452a995f58b3971c04fd67a0a8d256288e58cb4454bb80a5efe

                                          SHA512

                                          6465216a71c116321a6e7d9e1746247cfe1c29a5897422f13ed55cfb3a0daa42ba673a7cc308bf5440c6bf5fb084d065a6b4aab84c11ca1d81fdf23c09cbfe33

                                        • C:\Users\Admin\AppData\Local\Temp\valorant-skin-cli.exe

                                          Filesize

                                          11.8MB

                                          MD5

                                          618f14f157f325c42d4ee192d218e704

                                          SHA1

                                          d7889120eeeb8bab7fc45e0391afdffcae4d681a

                                          SHA256

                                          f19ea07dc1e91fc2a19bffad3e0e7a0b3b76d05cc617bae40a43289691b9a190

                                          SHA512

                                          fe8d79303670d593670c32b804ebcfe905f0ce2f85e346e6972ec95591bd66b3b77def5657f7bbae49310df1b4e94897722c3035721463da77ebdaa5b66d4ee6

                                        • C:\Users\Admin\AppData\Roaming\valorant-skin-cli\config.json

                                          Filesize

                                          297B

                                          MD5

                                          570b1fdf399f507290125437e06b77e6

                                          SHA1

                                          660c6cdd4d6a257e7219f970a73c7a81d7509adc

                                          SHA256

                                          2d33a0d437b652881cf68883f1fe44f779e17c13ef32348b3d224890d9779b7e

                                          SHA512

                                          9414c42919e718da6e5e1648feeb9398a51b759e0d4ad51cafeeea0f1180a32d15fb4528711cd26234adc197e552e0c21715eb360cc041c2d47105dd6516b4b6

                                        • C:\Users\Admin\Downloads\79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac.zip

                                          Filesize

                                          11.8MB

                                          MD5

                                          da3a6bc284b2a0843a871c1541bfe2c3

                                          SHA1

                                          a5e2d60f0c46cfa5ef92cce7d65096edc48dac5f

                                          SHA256

                                          afe20206fff25e8c8d79bdf0029ef187d1d173409556f9b2d14d7d23e8ada5e1

                                          SHA512

                                          47c6af9ec1c7f496a2ab78f8bf55f050814dc96251084867b4032b053f85826706fbea15435152205a75c204840ce989b88ee5955a73e5eb4005c3afc9d29e77

                                        • C:\Users\Admin\Downloads\79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac\79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac.exe

                                          Filesize

                                          12.0MB

                                          MD5

                                          59d018958d77ee68568eac6250a4224e

                                          SHA1

                                          a5ac1b794b33da74b7d587b04394721f7aa96d0f

                                          SHA256

                                          79a67070f0fbff66cb39f3dadd3e3565b1b1b98ed9e079562aabd90d10ad75ac

                                          SHA512

                                          5f285f3920463646a77487c9e0b1c46ebe950f779fafb524d6064aa280ba84c3119cd19c2b88f3011e20a7f7b70a1341103d42baca28f1781d8670bca8737881

                                        • C:\Users\Admin\How To Restore Your Files.txt

                                          Filesize

                                          259B

                                          MD5

                                          f026fb213f419a400ba83e1a69d26472

                                          SHA1

                                          821f1318d077065fe1a3fe2075f053f1191d5739

                                          SHA256

                                          b87c7d852c60b34e5986e2d41fb4f644df11f7350ef2272ad58a469e476d2bc1

                                          SHA512

                                          6929aa4dccef21718625513ab21c9e39599969d6350dadfa00747cc8bde302d2d7158df845686f1e607b2b05126697263982f6ab61e189781117c9329176e50e

                                        • memory/1164-618-0x000002AF1FA10000-0x000002AF1FD52000-memory.dmp

                                          Filesize

                                          3.3MB

                                        • memory/5756-267-0x0000000000400000-0x0000000001009000-memory.dmp

                                          Filesize

                                          12.0MB

                                        We care about your privacy.

                                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.